VIRY.CZ

Dceři se po přihlášení do W10 zobrazí černá obrazovka anebo se načte plocha s funkčním kurzorem, ale nereaguje žádný program. Pak se musí provést několikrát tvrdý restart. Prosím o kontrolu logu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2025
Ran by Aneta (administrator) on DESKTOP-HMNR15R (Hewlett-Packard HP EliteBook Folio 1040 G2) (13-01-2025 13:16:57)
Running from C:\Users\aneva\Downloads\FRST64.exe
Loaded Profiles: Aneta
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe <2>
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HPHotkeyNotification.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\HP Hotkey Support\LanWlanSwitchingService.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\TPMProvisioningService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2410.8.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11236136 2020-05-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\Run: [MicrosoftEdgeAutoLaunch_DCAAE184D52CFB5612A19428B21B7D15] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911240 2024-12-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\MountPoints2: {96a21118-1aef-11ed-82b8-5ce0c5e4e2a1} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\131.0.6778.265\Installer\chrmstp.exe [2025-01-10] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {169AF887-3151-4647-A51F-454605F8C914} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {32195EE2-697C-4A7A-A040-85794CC98CD7} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{5C2944E1-3D8A-4F82-9751-04456646D141} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC)
Task: {7612F2FF-9B72-4A71-9CAF-B9EA5A5C890D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{BE74F3E3-244C-4580-AEBE-EA4F6BC9486C} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {78FB5039-7981-4325-B52E-A08744AACE90} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://ABO
Task: {68088461-864D-44C9-BEDB-8833F757EAA9} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BatteryStatusError
Task: {1D900FB0-154B-4718-94EB-389F6C9FFCE5} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BatteryStatusTest
Task: {47172E7D-42F3-4A4B-9AF5-6829FAB713A6} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BCF
Task: {056BA773-47B6-4AB7-9F55-3220A312EC4D} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BHM1
Task: {01C06693-E994-4E3F-9A79-6E057433181F} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BHM2
Task: {6B04F025-FA5A-430F-9490-44FDD2C841AD} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://LaunchUI
Task: {CDFCD9DC-1DA1-480D-9B4A-3E3FD8EB40CC} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags:
Task: {EC35FD99-B2C2-41C4-8185-F6294F59232A} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://SmartCheckError
Task: {D0974F12-9DCD-4A90-8A6D-1FEB9FAD19CC} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://SmartCheckTest
Task: {E1CF72DD-F2D1-425A-95A4-84B622BACAB7} - System32\Tasks\Hewlett-Packard\HP Diagnostics\Uninstall-BatteryStatusTest => c:\Windows\System32\schtasks.exe [235008 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> /Change /Disable /tn "\Hewlett-Packard\HP Diagnostics\BatteryStatusTest"
Task: {F1614F2E-FE38-40AD-A0D7-CD14D6DA2F20} - System32\Tasks\Hewlett-Packard\HP Diagnostics\Uninstall-SmartCheckTest => c:\Windows\System32\schtasks.exe [235008 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> /Change /Disable /tn "\Hewlett-Packard\HP Diagnostics\SmartCheckTest"
Task: {9DD67CED-F66B-43B0-98EF-6B99F347ACC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [1003528 2024-12-17] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {1C376014-ABC9-4E89-BDC8-49B8E51C554F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [479984 2024-12-17] (HP Inc. -> HP Inc.)
Task: {E25ACA2A-4EB9-4E22-9C02-68BBC15047F4} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe [891432 2018-08-31] (HP Inc. -> HP)
Task: {BEAE6A9D-016C-47F5-B972-E75FA43249B8} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1619189103-1846508061-1212913086-1006 => MessengerHelper.exe --lassie (No File)
Task: {7F083C83-9AAA-4BAB-9744-A978AC0E05E1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {464CDE51-42B6-4C7C-8685-88D6A448979D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D8C60E0-140D-4C6E-9210-202E0DECD6B4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222352 2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {139263E4-7743-41AE-875E-C6C4D7B2F20E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222352 2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E129013A-5BBD-4ECA-ABFE-57FCE5EC4813} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {685E149C-91F7-402C-92EB-A15F97836910} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0EDC8FA7-6881-475B-ACC1-9A8E424823E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9DAB4CE7-A45C-4C9F-BE90-EE4C4AFD7AD3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bbadcc78-b82f-4750-8e5e-cb628a69de38}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{be51ade1-bd10-4777-8b52-e9721e26dc34}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{be51ade1-bd10-4777-8b52-e9721e26dc34}\845514755494D224331303D254345464: [DhcpNameServer] 192.168.8.1 192.168.8.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\aneva\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-10]
Edge Notifications: Default -> hxxps://131.gofenews.com; hxxps://bestfaustcaptcha.top; hxxps://secure-access-fd1319l37lphe03a2.gate31.xyz; hxxps://www1.push-news.org
Edge Extension: (Dokumenty Google offline) - C:\Users\aneva\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-10]
Edge Extension: (Edge relevant text changes) - C:\Users\aneva\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-25]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.351.2 -> C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\npDeployJava1.dll [2022-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.351.2 -> C:\Program Files\Java\jre1.8.0_351\bin\plugin2\npjp2.dll [2022-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default [2025-01-13]
CHR Notifications: Default -> hxxps://fastshare.cz; hxxps://meet.google.com; hxxps://sdilej.cz; hxxps://smallseotools.com
CHR Extension: (Video Downloader for Vimeo) - C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmcdpfpkoildicgacgldinemhgmcbgp [2022-08-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-03]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2025-01-10]
CHR Extension: (HLS Downloader) - C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkbifmjmkohpemgdkknlbgmnpocooogp [2024-12-07]
CHR Extension: (Stahovač videa) - C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default\Extensions\mldaiedoebimcgkokmknonjefkionldi [2023-04-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-01-14]
CHR Profile: C:\Users\aneva\AppData\Local\Google\Chrome\User Data\System Profile [2022-01-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [47000 2024-11-25] (Intel Corporation -> Intel)
R2 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [330136 2024-11-25] (Intel Corporation -> Intel)
S4 fpCsEvtSvc; C:\WINDOWS\system32\fpCSEvtSvc.exe [13824 2022-02-16] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 HotKeyServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe [819856 2019-05-14] (HP Inc. -> HP Inc.)
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [969256 2018-08-31] (HP Inc. -> HP)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [887904 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [886368 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [882296 2024-12-17] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [887392 2024-12-17] (HP Inc. -> HP Inc.)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [14280 2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
R2 LanWlanSwitchingService; C:\Program Files (x86)\HP\HP Hotkey Support\LanWlanSwitchingService.exe [618536 2018-08-31] (HP Inc. -> HP)
R2 LanWlanWwanSwitchingServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe [731072 2019-05-14] (HP Inc. -> HP Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-11-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [20802872 2023-09-08] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [85400 2022-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [651216 2023-09-11] (Lespeed Technology Co., Ltd -> WiseCleaner.com)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d.inf_amd64_4476f5fd93c02299\e1d.sys [613072 2024-02-27] (Intel Corporation -> Intel Corporation)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18816 2022-01-14] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 scsiscan; C:\WINDOWS\System32\drivers\scsiscan.sys [21504 2023-11-19] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [39736 2019-12-06] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-12-03] (HP Inc. -> HP)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [33864 2022-02-02] (Beijing Lang Xingda Network Technology Co., Ltd -> wisecleaner.com)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\ProgramData\Desktop\TeamViewer.lnk"
Error Reading file: "C:\ProgramData\Desktop\Recuva.lnk"
Error Reading file: "C:\ProgramData\Desktop\Microsoft Edge.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP Support Assistant.lnk"
Error Reading file: "C:\ProgramData\Desktop\desktop.ini"
Error Reading file: "C:\ProgramData\Desktop\Audacity.lnk"
Error Reading file: "C:\ProgramData\Desktop\Adobe Acrobat.lnk"
2025-01-13 13:16 - 2025-01-13 13:18 - 000022712 _____ C:\Users\aneva\Downloads\FRST.txt
2025-01-13 13:16 - 2025-01-13 13:17 - 000000000 ____D C:\FRST
2025-01-13 13:14 - 2025-01-13 13:14 - 008790880 _____ (Malwarebytes) C:\Users\aneva\Downloads\AdwCleaner.exe
2025-01-13 13:13 - 2025-01-13 13:13 - 002403328 _____ (Farbar) C:\Users\aneva\Downloads\FRST64.exe
2025-01-13 13:10 - 2025-01-13 13:10 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2025-01-13 07:31 - 2025-01-13 07:31 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2025-01-10 14:46 - 2025-01-10 16:48 - 000000000 ____D C:\KVRT2020_Data
2025-01-10 14:45 - 2025-01-10 09:06 - 112211816 _____ (AO Kaspersky Lab) C:\Users\aneva\Desktop\KVRT.exe
2025-01-10 14:42 - 2025-01-10 14:42 - 000001357 _____ C:\Users\aneva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2025-01-10 14:42 - 2025-01-10 14:42 - 000000000 ____D C:\Users\aneva\AppData\Local\PCHealthCheck
2025-01-03 11:27 - 2025-01-03 11:27 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1619189103-1846508061-1212913086-1006
2025-01-03 11:26 - 2025-01-03 11:27 - 000002381 _____ C:\Users\aneva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-01-03 11:07 - 2025-01-13 13:10 - 000008192 ___SH C:\DumpStack.log.tmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-01-13 13:18 - 2023-01-18 15:56 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-01-13 13:18 - 2020-06-08 16:24 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-01-13 13:18 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-01-13 13:18 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-01-13 13:14 - 2020-11-17 11:37 - 000005922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-01-13 13:14 - 2019-12-07 15:43 - 005969044 _____ C:\WINDOWS\system32\perfh005.dat
2025-01-13 13:14 - 2019-12-07 15:43 - 001706968 _____ C:\WINDOWS\system32\perfc005.dat
2025-01-13 13:10 - 2020-11-17 11:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-01-13 13:10 - 2020-11-17 11:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-01-13 13:10 - 2020-04-07 17:12 - 000000000 ____D C:\ProgramData\Synaptics
2025-01-13 13:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2025-01-13 13:10 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-13 07:46 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-01-13 07:41 - 2020-04-07 18:18 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2025-01-13 07:37 - 2021-04-24 09:15 - 000000000 ____D C:\Users\aneva\AppData\Local\D3DSCache
2025-01-13 07:36 - 2024-11-25 17:57 - 000521628 _____ C:\WINDOWS\ntbtlog.txt
2025-01-13 07:32 - 2020-04-07 19:33 - 000000000 ____D C:\Users\aneva\AppData\Local\ElevatedDiagnostics
2025-01-10 20:06 - 2020-04-07 14:40 - 000000000 ____D C:\Users\aneva\AppData\Local\Packages
2025-01-10 14:34 - 2021-12-15 17:54 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-01-10 14:34 - 2020-11-17 11:20 - 000000000 ____D C:\Users\aneva
2025-01-10 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-01-10 14:33 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-01-10 14:31 - 2022-08-14 11:36 - 000000000 ____D C:\Users\aneva\AppData\Roaming\VitySoft
2025-01-10 14:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration
2025-01-10 14:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2025-01-08 15:24 - 2020-04-07 14:40 - 000000000 ____D C:\Users\aneva\AppData\Local\SYNTP
2025-01-06 17:58 - 2020-04-07 16:04 - 000000000 ____D C:\Users\aneva\AppData\Roaming\Microsoft\Word
2025-01-06 17:33 - 2020-04-07 14:40 - 000000000 ____D C:\Users\aneva\AppData\Roaming\hpqLog
2025-01-03 20:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2025-01-03 12:14 - 2021-06-27 12:43 - 000000000 ____D C:\Program Files\HP
2025-01-03 11:52 - 2020-04-07 14:53 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2025-01-03 11:27 - 2021-12-12 19:35 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1619189103-1846508061-1212913086-1006
2025-01-03 11:25 - 2020-11-17 11:37 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-01-03 11:25 - 2020-11-17 11:37 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2021-01-12 11:10 - 2021-01-12 11:10 - 000000110 _____ () C:\Users\aneva\AppData\Roaming\debug.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2025
Ran by Aneta (13-01-2025 13:19:31)
Running from C:\Users\aneva\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) (2020-11-17 10:38:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1619189103-1846508061-1212913086-500 - Administrator - Disabled)
Aneta (S-1-5-21-1619189103-1846508061-1212913086-1006 - Administrator - Enabled) => C:\Users\aneva
DefaultAccount (S-1-5-21-1619189103-1846508061-1212913086-503 - Limited - Disabled)
Guest (S-1-5-21-1619189103-1846508061-1212913086-501 - Limited - Disabled)
maria (S-1-5-21-1619189103-1846508061-1212913086-1007 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1619189103-1846508061-1212913086-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Application Compatibility Toolkit (HKLM\...\{3BD6A529-0C2A-1EE9-A123-3EF4D804A1D1}) (Version: 10.1.19041.1 - Microsoft) Hidden
Appman Auto Sequencer (HKLM-x32\...\{2942F2D5-2A6D-2061-A152-A736B3277068}) (Version: 10.1.19041.1 - Microsoft) Hidden
Appman Sequencer on amd64 (HKLM\...\{7A394A81-957E-FA00-5F3F-46CF5DDEAA4A}) (Version: 10.1.19041.1 - Microsoft) Hidden
Audacity 3.1.0 (HKLM\...\Audacity_is1) (Version: 3.1.0 - Audacity Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 131.0.6778.265 - Google LLC)
HP Hotkey Support (HKLM-x32\...\{5CA104DB-9884-4CDB-B31B-B977EACC7B3D}) (Version: 6.2.50.1 - HP Inc.)
Imaging And Configuration Designer (HKLM-x32\...\{8072F2F3-C269-A639-4626-9209FFF6DEDB}) (Version: 10.1.19041.1 - Microsoft) Hidden
Imaging Designer (HKLM-x32\...\{2852AE0C-1EEB-72F9-1C5D-FACF6C9304DE}) (Version: 10.1.19041.1 - Microsoft) Hidden
Imaging Tools Support (HKLM-x32\...\{30C24881-949F-D09C-5376-9F0DC6B412CD}) (Version: 10.1.19041.1 - Microsoft) Hidden
Intel Driver && Support Assistant (HKLM-x32\...\{E2412D7F-3FB3-4638-819A-953908EA116E}) (Version: 24.6.49.8 - Intel) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 29.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{E5FB0A2C-49A5-41B5-B5AB-249A3A05405E}) (Version: 24.6.49.8 - Intel)
Java 8 Update 351 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180351F0}) (Version: 8.0.3510.10 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{8867E8B9-1539-18F3-54AB-B1F1E641AC14}) (Version: 10.1.19041.1 - Microsoft) Hidden
Kontrola stavu osobního počítače s Windows (HKLM\...\{7DED818B-F556-4115-9CC0-ACE3F614CE63}) (Version: 4.0.2410.23001 - Microsoft Corporation)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32\...\{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.146 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\Teams) (Version: 1.7.00.15969 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.31301 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
OEM Test Certificates (HKLM-x32\...\{DAF67B85-47AE-B13B-5C22-3A7149E46EB8}) (Version: 10.1.19041.1 - Microsoft) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.70 - Synaptics Incorporated)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.45.4 - TeamViewer)
Toolkit Documentation (HKLM-x32\...\{1978CD82-5D9C-F9BD-4FA3-17AFA5AE12B2}) (Version: 10.1.19041.1 - Microsoft) Hidden
UEV Tools on amd64 (HKLM\...\{91339917-AF30-9EC7-D5AA-05919BB21DB9}) (Version: 10.1.19041.1 - Microsoft) Hidden
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
User State Migration Tool (HKLM-x32\...\{2AD80B8E-9213-FEA7-BA85-0EFED76D6F11}) (Version: 10.1.19041.1 - Microsoft) Hidden
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{9346016b-6620-4841-8ea4-ad91d3ea02b5}) (Version: 10.1.19041.1 - Microsoft Corporation)
Windows Deployment Customizations (HKLM-x32\...\{2C4DAAC8-4CD1-9CFC-EBD1-E6A17C8199E4}) (Version: 10.1.19041.1 - Microsoft) Hidden
Windows Deployment Tools (HKLM-x32\...\{FE728B5E-3753-0F68-EC2D-66ABE2DEC1C1}) (Version: 10.1.19041.1 - Microsoft) Hidden
Windows IP Over USB (HKLM-x32\...\{31F47324-5E87-946A-78F5-55BB06744389}) (Version: 10.1.19041.1 - Microsoft Corporation) Hidden
Windows System Image Manager on amd64 (HKLM-x32\...\{D5CE010A-37F1-27CD-D6A1-61FB1F206892}) (Version: 10.1.19041.1 - Microsoft) Hidden
Wise Care 365 (HKLM-x32\...\Wise Care 365_is1) (Version: 6.6.4 - Lespeed Technology Co., Ltd.)
WPT Redistributables (HKLM-x32\...\{AE00264D-F001-A1D3-F3B8-74A9D2193E7F}) (Version: 10.1.19041.1 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{FD439F85-AD64-B3E5-9FC5-444AE8C8AF7B}) (Version: 10.1.19041.1 - Microsoft) Hidden
Zoom (HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\ZoomUMX) (Version: 5.3.2 (53291.1011) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-12-12] ()
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2025-01-10] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2025-01-10] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2025-01-10] (Meta)
Facebook -> C:\Program Files\WindowsApps\www.facebook.com-1C2D851A_2023.531.1.1_neutral__n468xs7erp6tc [2025-01-10] (www.facebook.com)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.6.4.0_x64__v10z8vjag6ke6 [2025-01-10] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.41.29.0_x64__v10z8vjag6ke6 [2025-01-10] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.44.0_x64__v10z8vjag6ke6 [2025-01-10] (HP Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2025-01-10] (Instagram)
Instagram -> C:\Program Files\WindowsApps\www.instagram.com-E4B7766F_42.0.21.1_neutral__ysfa6mcnwr1rw [2025-01-10] (www.instagram.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2025-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2025-01-10] (Microsoft Corporation) [MS Ad]
Spotify – hudba a podcasty -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0 [2025-01-10] (Spotify AB) [Startup Task]
WinDbg -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe [2025-01-10] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1619189103-1846508061-1212913086-1006_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\aneva\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.31301\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1619189103-1846508061-1212913086-1006_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel)
CustomCLSID: HKU\S-1-5-21-1619189103-1846508061-1212913086-1006_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1619189103-1846508061-1212913086-1006_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\aneva\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-12-06 19:37 - 2019-12-06 19:37 - 000262144 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_351\bin\ssv.dll [2022-11-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_351\bin\jp2ssv.dll [2022-11-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-12-17] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-12-17] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\sharepoint.com -> hxxps://szsopava-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer\;C:\Program Files\dotnet\
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Intel(R) Dual Band Wireless-AC 7265 -> Netwtw02.sys
Ethernet: Intel(R) Ethernet Connection (3) I218-LM -> e1d.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: fpCsEvtSvc => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: GoogleUpdaterInternalService124.0.6315.0 => 2
MSCONFIG\Services: GoogleUpdaterService124.0.6315.0 => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: WiseBootAssistant => 3
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_DCAAE184D52CFB5612A19428B21B7D15"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{162E65B5-EFF1-4242-9ADC-ED2D8EDF359A}C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{63EE0D53-5170-4895-8513-7560EFE8CB8E}C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{15D9C5C6-576D-43E5-A8DF-09C0EB466322}C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1A3609AC-97E6-4774-9F5D-9086A045B99C}C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9A0D1B02-AD24-4835-8150-A30D21912719}] => (Allow) C:\Users\aneva\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{C093911B-004D-4C08-B8AB-E8C2ADFE897D}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{9A9B3A4D-0EFB-4343-8029-A3D2E76EC63B}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{07616710-9E37-4E37-B0B1-CF32565107EE}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{102854D4-EFEC-4ED7-B83B-AFF1E2DE7F38}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{5E3DE6E7-0ECC-4625-817C-9BFA10F07E47}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57978E56-7C42-46A2-BE68-7A44AFF42D5F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2351DCA2-312A-4F89-B0E8-689F46A89C0D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2F6F92B7-44A2-417E-BE53-3271E6F1AE64}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5D47BBA0-6F04-4FBB-9706-F929DA588743}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DD5838FC-F6F0-4C46-899B-39274C5FCA86}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{E8D5C9AF-F02C-42EA-9EFF-7CC2DCCE07B6}C:\program files\java\jre1.8.0_351\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_351\bin\javaw.exe
FirewallRules: [UDP Query User{666B4327-CEB4-4CDA-A8C5-0C5FEC8378B8}C:\program files\java\jre1.8.0_351\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_351\bin\javaw.exe
FirewallRules: [TCP Query User{E8365E2D-5CEA-44A7-8A57-F12742DCAD93}C:\program files\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_351\bin\javaw.exe
FirewallRules: [UDP Query User{6E5A8B9C-495F-45F0-A5D6-04844517E023}C:\program files\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_351\bin\javaw.exe
FirewallRules: [{259B176D-9AD7-4004-91AB-4D0A66A495A6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CF3B5517-0B89-43F1-B2F7-5612EBD525E5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{784B24AE-CC2F-491D-BF7D-845011A278C0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E66FF481-441B-4CC9-9664-4657870664FD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{216ED71D-DDAE-4AAF-9086-39EE16799D17}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{376BB26D-DF7F-4191-A761-A067106BB394}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{28C6B1A6-0CFD-47C4-A7B5-7A26AD4BD343}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BE582944-65D7-4648-B13C-8BFA483D03BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C6448054-79A2-4EE6-AD62-838009AC4D09}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AF7180B9-B762-4854-8BF6-E8B4E074733D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4B1378DF-E72D-4B61-8F90-B9B0E194DCF6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{67112AF8-F439-4C9F-BE4D-F74BF2F2C125}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{53231F30-A279-4225-A7B5-3EEE6B871425}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E3B4DB8C-7453-4D7A-B836-073A5F65B790}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{99B456AD-90BA-412A-A7A9-D23DCC2141A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5FBAF00E-B6F8-44F3-8439-A9141194A151}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F6D4B10A-BBCD-4EA2-AE32-AD0B3E97629B}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{47A25814-DBBB-4C71-BDB9-A4B956BE210D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{08B4C8DF-F84F-46DE-B02B-96FF2E0F5F2B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4B5FAED3-653E-4A49-8488-F6EDC2DC0741}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{61A32174-7390-4752-B6EF-6F9A486ABDB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EBDBE066-74AF-4770-A329-10D47F6EE812}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{610ACE41-7EE5-4A91-98CB-BD46611E3F56}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0A9C6A56-8705-4159-B6E5-5449346E32BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2B6F02F0-D1BD-4EF1-AA56-EAA54C61372C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E09FB73B-424B-41C9-A843-F8129B4E62F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3AEC218E-E037-40AB-85B0-882B843F9E3C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

==================== Restore Points =========================

03-01-2025 12:14:36 Naplánovaný kontrolní bod
10-01-2025 14:42:22 Installed Windows PC Health Check

==================== Faulty Device Manager Devices ============
Name: Intel(R) Ethernet Connection (3) I218-LM
Description: Intel(R) Ethernet Connection (3) I218-LM
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1dexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:
==================
Error: (01/13/2025 01:15:37 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,19) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:37 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,19) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:37 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,18) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:09 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,19) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:09 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,19) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:09 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,18) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:00 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,19) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:00 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,19) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

System errors:
=============
Error: (01/13/2025 01:10:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (13:02:24, ‎13.‎01.‎2025) bylo neočekávané.

Error: (01/13/2025 07:41:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SASDIFSV neuspěla při spuštění v důsledku následující chyby:
V systému Windows nelze ověřit digitální podpis tohoto souboru. Při nedávné změně hardwaru nebo softwaru mohl být nainstalován nesprávně podepsaný nebo poškozený soubor nebo soubor škodlivého softwaru z neznámého zdroje.

Error: (01/13/2025 07:37:33 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-HMNR15R)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby dps s argumenty Není k dispozici za účelem spuštění serveru:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (01/13/2025 07:37:32 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-HMNR15R)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/13/2025 07:37:26 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-HMNR15R)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/13/2025 07:37:25 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-HMNR15R)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby camsvc s argumenty Není k dispozici za účelem spuštění serveru:
Windows.Internal.CapabilityAccess.CapabilityAccess

Error: (01/13/2025 07:36:45 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-HMNR15R)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby WpnUserService_42ec8 s argumenty Není k dispozici za účelem spuštění serveru:
{1FFE4FFD-25B1-40B1-A1EA-EF633353BB4E}

Error: (01/13/2025 07:36:45 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-HMNR15R)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}

Windows Defender:
================
Date: 2025-01-10 18:37:50
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {8E2AF6F2-E708-43F3-978B-41B807A1F49C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2025-01-08 18:35:20
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {98311EDC-28E9-48B5-BD23-B6D4255EFEC3}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2025-01-06 19:25:58
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {2B013A39-BA17-4000-913D-0ABBCE688BD1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2025-01-03 18:38:18
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6E1CED94-70A9-4446-903B-F9EC1ADF0A38}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2024-12-07 11:54:12
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B7D19513-8C64-4ECB-B94B-8C1EBD142529}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2025-01-13 07:31:50
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2025-01-10 14:34:22
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2025-01-09 19:49:47
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2025-01-09 17:52:20
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2025-01-08 16:07:02
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.421.1219.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24090.11
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

CodeIntegrity:
===============
Date: 2025-01-13 07:41:13
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Hewlett-Packard M76 Ver. 01.19 02/18/2020
Motherboard: Hewlett-Packard 2270
Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 38%
Total physical RAM: 8067.11 MB
Available physical RAM: 4925.71 MB
Total Virtual: 9347.11 MB
Available Virtual: 6393.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:158.55 GB) (Free:24.87 GB) (Model: SanDisk SD7SN3Q-512G-1006) NTFS
Drive d: (Data) (Fixed) (Total:315.81 GB) (Free:28.18 GB) (Model: SanDisk SD7SN3Q-512G-1006) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:2 GB) (Free:1.98 GB) (Model: SanDisk SD7SN3Q-512G-1006) FAT32

\\?\Volume{d9dce7f8-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.57 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: D9DCE7F8)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=158.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=FAT32)

==================== End of Addition.txt =======================

Zdfravím!
Nejdříve spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-10-23.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-13-2025
# Duration: 00:00:06
# OS: Windows 10 (Build 19045.5247)
# Scanned: 32094
# Detected: 27

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.OutbytePCRepair C:\Program Files (x86)\Outbyte
PUP.Optional.OutbytePCRepair C:\Windows\System32\Tasks\Outbyte

***** [ Files ] *****

PUP.Optional.Restoro C:\Windows\restoro.ini

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Restoro HKCU\Software\Restoro
PUP.Optional.Restoro HKCU\Software\Restoro Key
PUP.Optional.Restoro HKLM\Software\Classes\CLSID\{AE198C69-7358-4856-9029-F4C0FAD524C1}
PUP.Optional.Restoro HKLM\Software\Classes\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}
PUP.Optional.Restoro HKLM\Software\Classes\Restoro.Engine
PUP.Optional.Restoro HKLM\Software\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}
PUP.Optional.Restoro HKLM\Software\Restoro
PUP.Optional.Restoro HKLM\Software\Wow6432Node\\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\aneva\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}

AdwCleaner[S00].txt - [3968 octets] - [13/01/2025 14:14:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-10-23.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-13-2025
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.5247)
# Cleaned: 19
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Outbyte
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Windows\System32\Tasks\Outbyte

***** [ Files ] *****

Deleted C:\Windows\restoro.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Restoro
Deleted HKCU\Software\Restoro Key
Deleted HKLM\Software\Classes\CLSID\{AE198C69-7358-4856-9029-F4C0FAD524C1}
Deleted HKLM\Software\Classes\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\Restoro.Engine
Deleted HKLM\Software\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}
Deleted HKLM\Software\Restoro
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3968 octets] - [13/01/2025 14:14:02]
AdwCleaner[S01].txt - [4029 octets] - [13/01/2025 14:15:52]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

OK. Poprosím o nové logy FRST+Addition.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2025
Ran by Aneta (administrator) on DESKTOP-HMNR15R (Hewlett-Packard HP EliteBook Folio 1040 G2) (13-01-2025 15:24:09)
Running from C:\Users\aneva\Downloads\FRST64.exe
Loaded Profiles: Aneta
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HPHotkeyNotification.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2410.8.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11236136 2020-05-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\Run: [MicrosoftEdgeAutoLaunch_DCAAE184D52CFB5612A19428B21B7D15] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911208 2025-01-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\MountPoints2: {96a21118-1aef-11ed-82b8-5ce0c5e4e2a1} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\131.0.6778.265\Installer\chrmstp.exe [2025-01-10] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {169AF887-3151-4647-A51F-454605F8C914} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {32195EE2-697C-4A7A-A040-85794CC98CD7} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{5C2944E1-3D8A-4F82-9751-04456646D141} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC)
Task: {7612F2FF-9B72-4A71-9CAF-B9EA5A5C890D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{BE74F3E3-244C-4580-AEBE-EA4F6BC9486C} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {78FB5039-7981-4325-B52E-A08744AACE90} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://ABO
Task: {68088461-864D-44C9-BEDB-8833F757EAA9} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BatteryStatusError
Task: {1D900FB0-154B-4718-94EB-389F6C9FFCE5} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BatteryStatusTest
Task: {47172E7D-42F3-4A4B-9AF5-6829FAB713A6} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BCF
Task: {056BA773-47B6-4AB7-9F55-3220A312EC4D} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BHM1
Task: {01C06693-E994-4E3F-9A79-6E057433181F} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BHM2
Task: {6B04F025-FA5A-430F-9490-44FDD2C841AD} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://LaunchUI
Task: {CDFCD9DC-1DA1-480D-9B4A-3E3FD8EB40CC} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags:
Task: {EC35FD99-B2C2-41C4-8185-F6294F59232A} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://SmartCheckError
Task: {D0974F12-9DCD-4A90-8A6D-1FEB9FAD19CC} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => C:\WINDOWS\system32\cmd.exe [289792 2024-06-13] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://SmartCheckTest
Task: {E1CF72DD-F2D1-425A-95A4-84B622BACAB7} - System32\Tasks\Hewlett-Packard\HP Diagnostics\Uninstall-BatteryStatusTest => c:\Windows\System32\schtasks.exe [235008 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> /Change /Disable /tn "\Hewlett-Packard\HP Diagnostics\BatteryStatusTest"
Task: {F1614F2E-FE38-40AD-A0D7-CD14D6DA2F20} - System32\Tasks\Hewlett-Packard\HP Diagnostics\Uninstall-SmartCheckTest => c:\Windows\System32\schtasks.exe [235008 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> /Change /Disable /tn "\Hewlett-Packard\HP Diagnostics\SmartCheckTest"
Task: {9DD67CED-F66B-43B0-98EF-6B99F347ACC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [1003528 2024-12-17] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {1C376014-ABC9-4E89-BDC8-49B8E51C554F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [479984 2024-12-17] (HP Inc. -> HP Inc.)
Task: {E25ACA2A-4EB9-4E22-9C02-68BBC15047F4} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe [891432 2018-08-31] (HP Inc. -> HP)
Task: {BEAE6A9D-016C-47F5-B972-E75FA43249B8} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1619189103-1846508061-1212913086-1006 => MessengerHelper.exe --lassie (No File)
Task: {7F083C83-9AAA-4BAB-9744-A978AC0E05E1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {464CDE51-42B6-4C7C-8685-88D6A448979D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D8C60E0-140D-4C6E-9210-202E0DECD6B4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222352 2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {139263E4-7743-41AE-875E-C6C4D7B2F20E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222352 2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E129013A-5BBD-4ECA-ABFE-57FCE5EC4813} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {685E149C-91F7-402C-92EB-A15F97836910} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0EDC8FA7-6881-475B-ACC1-9A8E424823E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9DAB4CE7-A45C-4C9F-BE90-EE4C4AFD7AD3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bbadcc78-b82f-4750-8e5e-cb628a69de38}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{be51ade1-bd10-4777-8b52-e9721e26dc34}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{be51ade1-bd10-4777-8b52-e9721e26dc34}\845514755494D224331303D254345464: [DhcpNameServer] 192.168.8.1 192.168.8.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\aneva\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-10]
Edge Notifications: Default -> hxxps://131.gofenews.com; hxxps://bestfaustcaptcha.top; hxxps://secure-access-fd1319l37lphe03a2.gate31.xyz; hxxps://www1.push-news.org
Edge Extension: (Dokumenty Google offline) - C:\Users\aneva\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-10]
Edge Extension: (Edge relevant text changes) - C:\Users\aneva\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-25]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.351.2 -> C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\npDeployJava1.dll [2022-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.351.2 -> C:\Program Files\Java\jre1.8.0_351\bin\plugin2\npjp2.dll [2022-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default [2025-01-13]
CHR Notifications: Default -> hxxps://fastshare.cz; hxxps://meet.google.com; hxxps://sdilej.cz; hxxps://smallseotools.com
CHR Extension: (Video Downloader for Vimeo) - C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmcdpfpkoildicgacgldinemhgmcbgp [2022-08-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-03]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2025-01-10]
CHR Extension: (HLS Downloader) - C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkbifmjmkohpemgdkknlbgmnpocooogp [2024-12-07]
CHR Extension: (Stahovač videa) - C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default\Extensions\mldaiedoebimcgkokmknonjefkionldi [2023-04-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\aneva\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-01-14]
CHR Profile: C:\Users\aneva\AppData\Local\Google\Chrome\User Data\System Profile [2022-01-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
S2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [47000 2024-11-25] (Intel Corporation -> Intel)
S2 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [330136 2024-11-25] (Intel Corporation -> Intel)
S4 fpCsEvtSvc; C:\WINDOWS\system32\fpCSEvtSvc.exe [13824 2022-02-16] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 HotKeyServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe [819856 2019-05-14] (HP Inc. -> HP Inc.)
S2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [969256 2018-08-31] (HP Inc. -> HP)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [887904 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [886368 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [882296 2024-12-17] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [887392 2024-12-17] (HP Inc. -> HP Inc.)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [14280 2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
S2 LanWlanSwitchingService; C:\Program Files (x86)\HP\HP Hotkey Support\LanWlanSwitchingService.exe [618536 2018-08-31] (HP Inc. -> HP)
R2 LanWlanWwanSwitchingServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe [731072 2019-05-14] (HP Inc. -> HP Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-11-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [20802872 2023-09-08] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [85400 2022-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [651216 2023-09-11] (Lespeed Technology Co., Ltd -> WiseCleaner.com)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d.inf_amd64_4476f5fd93c02299\e1d.sys [613072 2024-02-27] (Intel Corporation -> Intel Corporation)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18816 2022-01-14] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 MpKsleeb892e2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{70AD1B1A-1E09-460A-9EFE-113F0E47D927}\MpKslDrv.sys [267552 2025-01-13] (Microsoft Windows -> Microsoft Corporation)
S3 scsiscan; C:\WINDOWS\System32\drivers\scsiscan.sys [21504 2023-11-19] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WIMMount; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [39736 2019-12-06] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-12-03] (HP Inc. -> HP)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [33864 2022-02-02] (Beijing Lang Xingda Network Technology Co., Ltd -> wisecleaner.com)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\ProgramData\Desktop\TeamViewer.lnk"
Error Reading file: "C:\ProgramData\Desktop\Recuva.lnk"
Error Reading file: "C:\ProgramData\Desktop\Microsoft Edge.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP Support Assistant.lnk"
Error Reading file: "C:\ProgramData\Desktop\desktop.ini"
Error Reading file: "C:\ProgramData\Desktop\Audacity.lnk"
Error Reading file: "C:\ProgramData\Desktop\Adobe Acrobat.lnk"
2025-01-13 15:24 - 2025-01-13 15:25 - 000020573 _____ C:\Users\aneva\Downloads\FRST.txt
2025-01-13 14:13 - 2025-01-13 14:16 - 000000000 ____D C:\AdwCleaner
2025-01-13 13:36 - 2025-01-13 13:37 - 000000000 ___HD C:\$WinREAgent
2025-01-13 13:30 - 2025-01-13 13:30 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2025-01-13 13:16 - 2025-01-13 15:24 - 000000000 ____D C:\FRST
2025-01-13 13:14 - 2025-01-13 13:14 - 008790880 _____ (Malwarebytes) C:\Users\aneva\Downloads\AdwCleaner.exe
2025-01-13 13:13 - 2025-01-13 13:13 - 002403328 _____ (Farbar) C:\Users\aneva\Downloads\FRST64.exe
2025-01-13 07:31 - 2025-01-13 07:31 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2025-01-10 14:46 - 2025-01-10 16:48 - 000000000 ____D C:\KVRT2020_Data
2025-01-10 14:45 - 2025-01-10 09:06 - 112211816 _____ (AO Kaspersky Lab) C:\Users\aneva\Desktop\KVRT.exe
2025-01-10 14:42 - 2025-01-10 14:42 - 000001357 _____ C:\Users\aneva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2025-01-10 14:42 - 2025-01-10 14:42 - 000000000 ____D C:\Users\aneva\AppData\Local\PCHealthCheck
2025-01-03 11:27 - 2025-01-03 11:27 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1619189103-1846508061-1212913086-1006
2025-01-03 11:26 - 2025-01-03 11:27 - 000002381 _____ C:\Users\aneva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-01-03 11:07 - 2025-01-13 13:30 - 000008192 ___SH C:\DumpStack.log.tmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-01-13 15:22 - 2020-11-17 11:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-01-13 15:00 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-13 13:38 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-01-13 13:37 - 2023-10-13 17:31 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2025-01-13 13:34 - 2020-11-17 11:37 - 000005922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-01-13 13:34 - 2019-12-07 15:43 - 005983842 _____ C:\WINDOWS\system32\perfh005.dat
2025-01-13 13:34 - 2019-12-07 15:43 - 001711368 _____ C:\WINDOWS\system32\perfc005.dat
2025-01-13 13:30 - 2020-11-17 11:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-01-13 13:30 - 2020-11-17 11:20 - 000000000 ____D C:\Users\aneva
2025-01-13 13:30 - 2020-04-07 17:12 - 000000000 ____D C:\ProgramData\Synaptics
2025-01-13 13:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2025-01-13 13:18 - 2023-01-18 15:56 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-01-13 13:18 - 2020-06-08 16:24 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-01-13 13:18 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-01-13 13:18 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-01-13 07:46 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-01-13 07:41 - 2020-04-07 18:18 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2025-01-13 07:37 - 2021-04-24 09:15 - 000000000 ____D C:\Users\aneva\AppData\Local\D3DSCache
2025-01-13 07:36 - 2024-11-25 17:57 - 000521628 _____ C:\WINDOWS\ntbtlog.txt
2025-01-13 07:32 - 2020-04-07 19:33 - 000000000 ____D C:\Users\aneva\AppData\Local\ElevatedDiagnostics
2025-01-10 20:06 - 2020-04-07 14:40 - 000000000 ____D C:\Users\aneva\AppData\Local\Packages
2025-01-10 14:34 - 2021-12-15 17:54 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-01-10 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-01-10 14:33 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-01-10 14:31 - 2022-08-14 11:36 - 000000000 ____D C:\Users\aneva\AppData\Roaming\VitySoft
2025-01-10 14:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration
2025-01-10 14:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2025-01-08 15:24 - 2020-04-07 14:40 - 000000000 ____D C:\Users\aneva\AppData\Local\SYNTP
2025-01-06 17:58 - 2020-04-07 16:04 - 000000000 ____D C:\Users\aneva\AppData\Roaming\Microsoft\Word
2025-01-06 17:33 - 2020-04-07 14:40 - 000000000 ____D C:\Users\aneva\AppData\Roaming\hpqLog
2025-01-03 20:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2025-01-03 12:14 - 2021-06-27 12:43 - 000000000 ____D C:\Program Files\HP
2025-01-03 11:52 - 2020-04-07 14:53 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2025-01-03 11:27 - 2021-12-12 19:35 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1619189103-1846508061-1212913086-1006
2025-01-03 11:25 - 2020-11-17 11:37 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-01-03 11:25 - 2020-11-17 11:37 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2021-01-12 11:10 - 2021-01-12 11:10 - 000000110 _____ () C:\Users\aneva\AppData\Roaming\debug.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2025
Ran by Aneta (13-01-2025 15:25:56)
Running from C:\Users\aneva\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) (2020-11-17 10:38:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1619189103-1846508061-1212913086-500 - Administrator - Disabled)
Aneta (S-1-5-21-1619189103-1846508061-1212913086-1006 - Administrator - Enabled) => C:\Users\aneva
DefaultAccount (S-1-5-21-1619189103-1846508061-1212913086-503 - Limited - Disabled)
Guest (S-1-5-21-1619189103-1846508061-1212913086-501 - Limited - Disabled)
maria (S-1-5-21-1619189103-1846508061-1212913086-1007 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1619189103-1846508061-1212913086-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Application Compatibility Toolkit (HKLM\...\{3BD6A529-0C2A-1EE9-A123-3EF4D804A1D1}) (Version: 10.1.19041.1 - Microsoft) Hidden
Appman Auto Sequencer (HKLM-x32\...\{2942F2D5-2A6D-2061-A152-A736B3277068}) (Version: 10.1.19041.1 - Microsoft) Hidden
Appman Sequencer on amd64 (HKLM\...\{7A394A81-957E-FA00-5F3F-46CF5DDEAA4A}) (Version: 10.1.19041.1 - Microsoft) Hidden
Audacity 3.1.0 (HKLM\...\Audacity_is1) (Version: 3.1.0 - Audacity Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 131.0.6778.265 - Google LLC)
HP Hotkey Support (HKLM-x32\...\{5CA104DB-9884-4CDB-B31B-B977EACC7B3D}) (Version: 6.2.50.1 - HP Inc.)
Imaging And Configuration Designer (HKLM-x32\...\{8072F2F3-C269-A639-4626-9209FFF6DEDB}) (Version: 10.1.19041.1 - Microsoft) Hidden
Imaging Designer (HKLM-x32\...\{2852AE0C-1EEB-72F9-1C5D-FACF6C9304DE}) (Version: 10.1.19041.1 - Microsoft) Hidden
Imaging Tools Support (HKLM-x32\...\{30C24881-949F-D09C-5376-9F0DC6B412CD}) (Version: 10.1.19041.1 - Microsoft) Hidden
Intel Driver && Support Assistant (HKLM-x32\...\{E2412D7F-3FB3-4638-819A-953908EA116E}) (Version: 24.6.49.8 - Intel) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 29.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{E5FB0A2C-49A5-41B5-B5AB-249A3A05405E}) (Version: 24.6.49.8 - Intel)
Java 8 Update 351 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180351F0}) (Version: 8.0.3510.10 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{8867E8B9-1539-18F3-54AB-B1F1E641AC14}) (Version: 10.1.19041.1 - Microsoft) Hidden
Kontrola stavu osobního počítače s Windows (HKLM\...\{7DED818B-F556-4115-9CC0-ACE3F614CE63}) (Version: 4.0.2410.23001 - Microsoft Corporation)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32\...\{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.146 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\Teams) (Version: 1.7.00.15969 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.31301 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
OEM Test Certificates (HKLM-x32\...\{DAF67B85-47AE-B13B-5C22-3A7149E46EB8}) (Version: 10.1.19041.1 - Microsoft) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.70 - Synaptics Incorporated)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.45.4 - TeamViewer)
Toolkit Documentation (HKLM-x32\...\{1978CD82-5D9C-F9BD-4FA3-17AFA5AE12B2}) (Version: 10.1.19041.1 - Microsoft) Hidden
UEV Tools on amd64 (HKLM\...\{91339917-AF30-9EC7-D5AA-05919BB21DB9}) (Version: 10.1.19041.1 - Microsoft) Hidden
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
User State Migration Tool (HKLM-x32\...\{2AD80B8E-9213-FEA7-BA85-0EFED76D6F11}) (Version: 10.1.19041.1 - Microsoft) Hidden
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{9346016b-6620-4841-8ea4-ad91d3ea02b5}) (Version: 10.1.19041.1 - Microsoft Corporation)
Windows Deployment Customizations (HKLM-x32\...\{2C4DAAC8-4CD1-9CFC-EBD1-E6A17C8199E4}) (Version: 10.1.19041.1 - Microsoft) Hidden
Windows Deployment Tools (HKLM-x32\...\{FE728B5E-3753-0F68-EC2D-66ABE2DEC1C1}) (Version: 10.1.19041.1 - Microsoft) Hidden
Windows IP Over USB (HKLM-x32\...\{31F47324-5E87-946A-78F5-55BB06744389}) (Version: 10.1.19041.1 - Microsoft Corporation) Hidden
Windows System Image Manager on amd64 (HKLM-x32\...\{D5CE010A-37F1-27CD-D6A1-61FB1F206892}) (Version: 10.1.19041.1 - Microsoft) Hidden
Wise Care 365 (HKLM-x32\...\Wise Care 365_is1) (Version: 6.6.4 - Lespeed Technology Co., Ltd.)
WPT Redistributables (HKLM-x32\...\{AE00264D-F001-A1D3-F3B8-74A9D2193E7F}) (Version: 10.1.19041.1 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{FD439F85-AD64-B3E5-9FC5-444AE8C8AF7B}) (Version: 10.1.19041.1 - Microsoft) Hidden
Zoom (HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\ZoomUMX) (Version: 5.3.2 (53291.1011) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-12-12] ()
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2025-01-10] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2025-01-10] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2025-01-10] (Meta)
Facebook -> C:\Program Files\WindowsApps\www.facebook.com-1C2D851A_2023.531.1.1_neutral__n468xs7erp6tc [2025-01-10] (www.facebook.com)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.6.4.0_x64__v10z8vjag6ke6 [2025-01-10] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.41.29.0_x64__v10z8vjag6ke6 [2025-01-10] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.44.0_x64__v10z8vjag6ke6 [2025-01-10] (HP Inc.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2025-01-10] (Instagram)
Instagram -> C:\Program Files\WindowsApps\www.instagram.com-E4B7766F_42.0.21.1_neutral__ysfa6mcnwr1rw [2025-01-10] (www.instagram.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2025-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2025-01-10] (Microsoft Corporation) [MS Ad]
Spotify – hudba a podcasty -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0 [2025-01-10] (Spotify AB) [Startup Task]
WinDbg -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe [2025-01-10] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1619189103-1846508061-1212913086-1006_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\aneva\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.31301\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1619189103-1846508061-1212913086-1006_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel)
CustomCLSID: HKU\S-1-5-21-1619189103-1846508061-1212913086-1006_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1619189103-1846508061-1212913086-1006_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\aneva\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_351\bin\ssv.dll [2022-11-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_351\bin\jp2ssv.dll [2022-11-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-12-17] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-12-17] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-01-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\sharepoint.com -> hxxps://szsopava-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer\;C:\Program Files\dotnet\
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Intel(R) Dual Band Wireless-AC 7265 -> Netwtw02.sys
Ethernet: Intel(R) Ethernet Connection (3) I218-LM -> e1d.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: fpCsEvtSvc => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: GoogleUpdaterInternalService124.0.6315.0 => 2
MSCONFIG\Services: GoogleUpdaterService124.0.6315.0 => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: WiseBootAssistant => 3
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_DCAAE184D52CFB5612A19428B21B7D15"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{162E65B5-EFF1-4242-9ADC-ED2D8EDF359A}C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{63EE0D53-5170-4895-8513-7560EFE8CB8E}C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{15D9C5C6-576D-43E5-A8DF-09C0EB466322}C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1A3609AC-97E6-4774-9F5D-9086A045B99C}C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\aneva\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9A0D1B02-AD24-4835-8150-A30D21912719}] => (Allow) C:\Users\aneva\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{C093911B-004D-4C08-B8AB-E8C2ADFE897D}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{9A9B3A4D-0EFB-4343-8029-A3D2E76EC63B}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{07616710-9E37-4E37-B0B1-CF32565107EE}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{102854D4-EFEC-4ED7-B83B-AFF1E2DE7F38}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{5E3DE6E7-0ECC-4625-817C-9BFA10F07E47}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57978E56-7C42-46A2-BE68-7A44AFF42D5F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2351DCA2-312A-4F89-B0E8-689F46A89C0D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2F6F92B7-44A2-417E-BE53-3271E6F1AE64}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5D47BBA0-6F04-4FBB-9706-F929DA588743}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DD5838FC-F6F0-4C46-899B-39274C5FCA86}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{E8D5C9AF-F02C-42EA-9EFF-7CC2DCCE07B6}C:\program files\java\jre1.8.0_351\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_351\bin\javaw.exe
FirewallRules: [UDP Query User{666B4327-CEB4-4CDA-A8C5-0C5FEC8378B8}C:\program files\java\jre1.8.0_351\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_351\bin\javaw.exe
FirewallRules: [TCP Query User{E8365E2D-5CEA-44A7-8A57-F12742DCAD93}C:\program files\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_351\bin\javaw.exe
FirewallRules: [UDP Query User{6E5A8B9C-495F-45F0-A5D6-04844517E023}C:\program files\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_351\bin\javaw.exe
FirewallRules: [{259B176D-9AD7-4004-91AB-4D0A66A495A6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CF3B5517-0B89-43F1-B2F7-5612EBD525E5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{784B24AE-CC2F-491D-BF7D-845011A278C0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E66FF481-441B-4CC9-9664-4657870664FD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{216ED71D-DDAE-4AAF-9086-39EE16799D17}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{376BB26D-DF7F-4191-A761-A067106BB394}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{28C6B1A6-0CFD-47C4-A7B5-7A26AD4BD343}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BE582944-65D7-4648-B13C-8BFA483D03BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C6448054-79A2-4EE6-AD62-838009AC4D09}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AF7180B9-B762-4854-8BF6-E8B4E074733D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4B1378DF-E72D-4B61-8F90-B9B0E194DCF6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{67112AF8-F439-4C9F-BE4D-F74BF2F2C125}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{53231F30-A279-4225-A7B5-3EEE6B871425}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E3B4DB8C-7453-4D7A-B836-073A5F65B790}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{99B456AD-90BA-412A-A7A9-D23DCC2141A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5FBAF00E-B6F8-44F3-8439-A9141194A151}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F6D4B10A-BBCD-4EA2-AE32-AD0B3E97629B}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{47A25814-DBBB-4C71-BDB9-A4B956BE210D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{08B4C8DF-F84F-46DE-B02B-96FF2E0F5F2B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4B5FAED3-653E-4A49-8488-F6EDC2DC0741}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{61A32174-7390-4752-B6EF-6F9A486ABDB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EBDBE066-74AF-4770-A329-10D47F6EE812}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{610ACE41-7EE5-4A91-98CB-BD46611E3F56}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0A9C6A56-8705-4159-B6E5-5449346E32BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2B6F02F0-D1BD-4EF1-AA56-EAA54C61372C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E09FB73B-424B-41C9-A843-F8129B4E62F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3AEC218E-E037-40AB-85B0-882B843F9E3C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.253.440.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

==================== Restore Points =========================

13-01-2025 13:37:56 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============
Name: Intel(R) Ethernet Connection (3) I218-LM
Description: Intel(R) Ethernet Connection (3) I218-LM
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1dexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:
==================
Error: (01/13/2025 01:40:44 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (4996,D,23) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:20:33 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,23) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:37 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,19) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:37 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,19) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:37 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,18) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:09 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,19) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:09 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,19) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

Error: (01/13/2025 01:15:09 PM) (Source: ESENT) (EventID: 448) (User: )
Description: taskhostw (7088,D,18) WebCacheLocal: V tabulce BlobEntry_189 databáze C:\Users\aneva\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (713, 0x8000000080000035) se zjistila nekonzistence dat.

System errors:
=============
Error: (01/13/2025 02:16:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (01/13/2025 02:16:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Hotkey UWP Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/13/2025 02:16:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Driver & Support Assistant Updater byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/13/2025 02:16:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba LAN/WLAN/WWAN Switching Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/13/2025 02:16:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP LAN/WLAN/WWAN Switching UWP Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/13/2025 02:16:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Driver & Support Assistant byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/13/2025 02:16:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP CASL Framework Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/13/2025 02:16:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Management Engine WMI Provider Registration byla neočekávaně ukončena. Tento stav nastal již 1krát.

Windows Defender:
================
Date: 2025-01-10 18:37:50
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {8E2AF6F2-E708-43F3-978B-41B807A1F49C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2025-01-08 18:35:20
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {98311EDC-28E9-48B5-BD23-B6D4255EFEC3}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2025-01-06 19:25:58
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {2B013A39-BA17-4000-913D-0ABBCE688BD1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2025-01-03 18:38:18
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6E1CED94-70A9-4446-903B-F9EC1ADF0A38}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2024-12-07 11:54:12
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B7D19513-8C64-4ECB-B94B-8C1EBD142529}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2025-01-13 07:31:50
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2025-01-10 14:34:22
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2025-01-09 19:49:47
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2025-01-09 17:52:20
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2025-01-08 16:07:02
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.421.1219.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24090.11
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

CodeIntegrity:
===============
Date: 2025-01-13 07:41:13
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Hewlett-Packard M76 Ver. 01.19 02/18/2020
Motherboard: Hewlett-Packard 2270
Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 36%
Total physical RAM: 8067.11 MB
Available physical RAM: 5122.67 MB
Total Virtual: 9347.11 MB
Available Virtual: 6576.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:158.55 GB) (Free:27.15 GB) (Model: SanDisk SD7SN3Q-512G-1006) NTFS
Drive d: (Data) (Fixed) (Total:315.81 GB) (Free:28.18 GB) (Model: SanDisk SD7SN3Q-512G-1006) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:2 GB) (Free:1.98 GB) (Model: SanDisk SD7SN3Q-512G-1006) FAT32

\\?\Volume{d9dce7f8-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.57 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: D9DCE7F8)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=158.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=FAT32)

==================== End of Addition.txt =======================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\MountPoints2: {96a21118-1aef-11ed-82b8-5ce0c5e4e2a1} - "F:\HiSuiteDownLoader.exe"
Task: {32195EE2-697C-4A7A-A040-85794CC98CD7} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{5C2944E1-3D8A-4F82-9751-04456646D141} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC)
Task: {7612F2FF-9B72-4A71-9CAF-B9EA5A5C890D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{BE74F3E3-244C-4580-AEBE-EA4F6BC9486C} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

EmptyTemp:
End

Uložte do C:\Users\aneva\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-01-2025
Ran by Aneta (13-01-2025 16:01:22) Run:1
Running from C:\Users\aneva\Downloads
Loaded Profiles: Aneta
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\...\MountPoints2: {96a21118-1aef-11ed-82b8-5ce0c5e4e2a1} - "F:\HiSuiteDownLoader.exe"
Task: {32195EE2-697C-4A7A-A040-85794CC98CD7} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{5C2944E1-3D8A-4F82-9751-04456646D141} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC)
Task: {7612F2FF-9B72-4A71-9CAF-B9EA5A5C890D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{BE74F3E3-244C-4580-AEBE-EA4F6BC9486C} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-1619189103-1846508061-1212913086-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96a21118-1aef-11ed-82b8-5ce0c5e4e2a1} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32195EE2-697C-4A7A-A040-85794CC98CD7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32195EE2-697C-4A7A-A040-85794CC98CD7}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{5C2944E1-3D8A-4F82-9751-04456646D141} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{5C2944E1-3D8A-4F82-9751-04456646D141}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7612F2FF-9B72-4A71-9CAF-B9EA5A5C890D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7612F2FF-9B72-4A71-9CAF-B9EA5A5C890D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{BE74F3E3-244C-4580-AEBE-EA4F6BC9486C} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{BE74F3E3-244C-4580-AEBE-EA4F6BC9486C}" => removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 81935268 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 29508395 B
Edge => 0 B
Chrome => 126972983 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 111 B
systemprofile32 => 111 B
LocalService => 7019 B
NetworkService => 88933603 B
aneva => 559032676 B

RecycleBin => 0 B
EmptyTemp: => 845.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:02:07 ====

Smazáno. Nastala změna k lepšímu?

Tak zatím po restartu nb naběhl. Tak snad byl problém vyřešen. Děkuji.

To jsem rád a nemáte zač!

VIRY.CZ

Černá obrazovka

Černá obrazovka

Re: Černá obrazovka

Re: Černá obrazovka

Re: Černá obrazovka

Re: Černá obrazovka

Re: Černá obrazovka

Re: Černá obrazovka

Re: Černá obrazovka

Re: Černá obrazovka

Re: Černá obrazovka