VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vir v pc

https://forum.viry.cz:443/viewtopic.php?t=160316

Stránka 1 z 1

Vir v pc

Napsal: 13 bře 2025 17:22
od Petr222
Zdravím, mám u sebe notebook rodičů, začalo jim tam z Chrome chodit jedno známení za druhým že mají v pc XY virů. Po smazání historie se to přestalo zobrazovat

Můžu poprosit o radu jak se toho viru zbavit?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2025
Ran by Michal & Věra (administrator) on LAPTOP-82AITCJV (HP HP 250 G8 Notebook PC) (13-03-2025 17:03:13)
Running from C:\Users\Michal & Věra\Downloads\FRST64.exe
Loaded Profiles: Michal & Věra
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5487 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_cb841b7c497d4503\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_cb841b7c497d4503\igfxEM.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <41>
(explorer.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6>
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\134.0.6998.89\Installer\setup.exe <2>
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Media Network\HPMediaNetwork.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(SECOMN64.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_cb841b7c497d4503\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_9196e89091d8bdbb\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_f94b71985382657d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9b53505f87f3498b\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9b53505f87f3498b\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_97f3cd9b850501f1\RtkAudUService64.exe <2>
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\backup\41660368-3756-411E-927C-E4988895E2D1\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\backup\E61D364D-FC3B-47A0-839D-45787D0E4411\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.5547_none_7e02b5467c95ffef\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_97f3cd9b850501f1\RtkAudUService64.exe [3453824 2022-06-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [iVMS-4200.Framework.S] => C:\Program Files (x86)\iVMS-4200 Site\iVMS-4200 Client\Server\iVMS-4200.Framework.S.exe [1085816 2023-07-13] (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
HKU\S-1-5-21-769662815-118642976-3592671742-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [539152 2024-04-23] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-769662815-118642976-3592671742-1001\...\Run: [MicrosoftEdgeAutoLaunch_D2F81673216FDB2F371E213C9CD8345B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4291152 2025-03-12] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MP550 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD9Z.DLL [28672 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP550 series: C:\windows\system32\CNMLM9Z.DLL [336896 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\134.0.6998.89\Installer\chrmstp.exe [2025-03-13] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4E7EB1F9-5A0E-438F-B908-5907EED3603C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {F0481F24-7E13-4676-AD87-9838AFE8A44C} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.0{2581DC25-5401-4374-9C2C-4809FFFDD019} => C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe [5745760 2025-02-19] (Google LLC -> Google LLC)
Task: {ACD5A029-A879-4049-A35D-4214EB2CE2AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [1003528 2025-02-18] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {3233E390-CF25-4919-A515-47A7249B4FE7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [479984 2025-02-18] (HP Inc. -> HP Inc.)
Task: {D03284D5-B3F4-4C4B-B95C-601454D1563A} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {55E758A0-A464-4DC3-8F95-F0DAEC50BDB1} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {590F405F-BE46-4EBE-895D-F05D45BDEDEE} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [314456 2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {D23D0D22-7B58-43AA-A5B3-03C453ECBA5E} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [314456 2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {5382D4C8-F8D8-4259-B32D-1C11B2204F97} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28895416 2025-03-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {050D0B92-7F20-48D5-A1FC-9A67C97D8D68} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28895416 2025-03-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {91A51E31-0389-4F86-B2C9-CB72F2DC4F30} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [314456 2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {D6DFFCD6-D0D3-42B5-A027-D00C1961A579} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [314456 2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {B39CE641-3EA6-4B82-98C5-B9A931AD8D42} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [197256 2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBA745B4-1DC0-4332-8F15-536CC5EC97E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2A596C23-775E-4F96-BA91-C67DDE604242} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF1021D9-CD4D-443A-A921-4A2CD452BD01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {49FBA738-A34B-4D73-BDC0-E0634273A201} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{354418f0-140b-4ada-a6b0-894897eb288f}: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{354418f0-140b-4ada-a6b0-894897eb288f}: [DhcpDomain] home
Tcpip\..\Interfaces\{354418f0-140b-4ada-a6b0-894897eb288f}\75966696F535472716E616B6F66796: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{354418f0-140b-4ada-a6b0-894897eb288f}\846756A7461613: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a3649b9d-cd70-4b69-b8eb-99a1667ba0aa}: [DhcpNameServer] 10.0.0.138

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Michal & Věra\AppData\Local\Microsoft\Edge\User Data\Default [2025-03-08]
Edge Extension: (Dokumenty Google offline) - C:\Users\Michal & Věra\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-20]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\Michal & Věra\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-06-04]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Michal & Věra\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2024-06-16]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-08] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Michal & Věra\AppData\Local\Google\Chrome\User Data\Default [2025-03-13]
CHR Notifications: Default -> hxxps://cipaineutti.com; hxxps://slovacky.denik.cz; hxxps://www.facebook.com; hxxps://www.lidl.cz
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Michal & Věra\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-03-11]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Dokumenty Google offline) - C:\Users\Michal & Věra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-25]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Michal & Věra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2025-03-07]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Michal & Věra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-07]hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-769662815-118642976-3592671742-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13768944 2025-03-01] (Microsoft Corporation -> Microsoft Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [891256 2020-07-30] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\AppHelperCap.exe [888416 2025-01-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\DiagsCap.exe [887392 2025-01-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\NetworkCap.exe [883808 2025-01-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c6d849cb3652cdf7\x64\SysInfoCap.exe [887904 2025-01-10] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpDefenderCoreService.exe [1926976 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SECOMNService; C:\windows\System32\SECOMN64.exe [741832 2022-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-11-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\NisSrv.exe [4352456 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe [270056 2025-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\windows\system32\drivers\AmUStorU.sys [135296 2020-10-22] (Alcorlink Corp. -> )
S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [279040 2020-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R3 KslD; C:\windows\System32\drivers\wd\KslD.sys [278944 2025-03-07] (Microsoft Windows -> Microsoft Corporation)
R2 NPF; C:\Program Files (x86)\iVMS-4200 Site\Drivers\npf64.sys [36600 2023-07-12] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [20016 2025-03-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [601520 2025-03-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [100768 2025-03-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-03-13 17:03 - 2025-03-13 17:05 - 000020559 _____ C:\Users\Michal & Věra\Downloads\FRST.txt
2025-03-13 17:02 - 2025-03-13 17:04 - 000000000 ____D C:\FRST
2025-03-13 17:00 - 2025-03-13 17:01 - 002404352 _____ (Farbar) C:\Users\Michal & Věra\Downloads\FRST64.exe
2025-03-13 16:26 - 2025-03-13 16:26 - 000001287 _____ C:\Users\Michal & Věra\Desktop\ESET Online Scanner.lnk
2025-03-13 16:25 - 2025-03-13 16:26 - 000001393 _____ C:\Users\Michal & Věra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-03-13 16:25 - 2025-03-13 16:25 - 000000000 ____D C:\Users\Michal & Věra\AppData\Local\ESET
2025-03-13 15:34 - 2025-03-13 15:34 - 000000000 ___HD C:\$WinREAgent
2025-03-09 13:55 - 2025-03-09 13:55 - 000000000 ____D C:\Program Files\Common Files\DESIGNER

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-03-13 17:05 - 2019-12-07 10:03 - 000000000 ____D C:\windows\CbsTemp
2025-03-13 17:02 - 2019-12-07 10:13 - 000000000 ____D C:\windows\INF
2025-03-13 16:58 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-03-13 16:58 - 2019-12-07 10:14 - 000000000 ____D C:\windows\AppReadiness
2025-03-13 16:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-03-13 16:19 - 2020-05-06 09:58 - 000000000 ____D C:\windows\system32\SleepStudy
2025-03-13 15:22 - 2022-09-07 17:43 - 000000000 ____D C:\windows\SystemTemp
2025-03-13 15:22 - 2022-09-07 16:39 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-03-13 15:22 - 2022-09-07 16:39 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-03-13 15:20 - 2022-09-07 16:32 - 000000000 __SHD C:\Users\Michal & Věra\IntelGraphicsProfiles
2025-03-12 15:36 - 2023-01-17 16:37 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-03-12 15:36 - 2020-12-07 02:57 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-03-11 17:04 - 2022-09-11 15:49 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2025-03-11 17:03 - 2022-10-12 14:10 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-03-11 17:03 - 2022-10-12 14:10 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2025-03-11 16:58 - 2022-09-07 16:32 - 000000000 ____D C:\Users\Michal & Věra\AppData\Local\D3DSCache
2025-03-09 13:53 - 2020-12-07 03:06 - 000000000 ____D C:\Program Files\Microsoft Office
2025-03-08 10:21 - 2020-12-07 02:57 - 000003640 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-03-08 10:21 - 2020-12-07 02:57 - 000003516 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-03-07 11:26 - 2022-09-07 19:06 - 000000000 ____D C:\windows\system32\Tasks\Hewlett-Packard
2025-03-07 10:38 - 2020-05-06 09:58 - 000000000 ____D C:\windows\system32\Drivers\wd
2025-03-04 15:40 - 2023-06-18 06:59 - 000002408 _____ C:\Users\Michal & Věra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-03-04 15:40 - 2022-09-07 16:35 - 000003584 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-769662815-118642976-3592671742-1001
2025-03-04 15:40 - 2022-09-07 16:34 - 000003400 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-769662815-118642976-3592671742-1001
2025-02-25 13:34 - 2022-09-11 15:00 - 000000000 ____D C:\Users\Michal & Věra\Desktop\fotky
2025-02-16 11:53 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-02-15 10:50 - 2020-12-07 11:39 - 000685078 _____ C:\windows\system32\perfh005.dat
2025-02-15 10:50 - 2020-12-07 11:39 - 000137842 _____ C:\windows\system32\perfc005.dat
2025-02-15 10:50 - 2020-05-06 10:03 - 001656144 _____ C:\windows\system32\PerfStringBackup.INI
2025-02-14 19:49 - 2020-12-07 02:57 - 000000000 ____D C:\Intel
2025-02-14 19:49 - 2020-05-06 09:58 - 000582824 _____ C:\windows\system32\FNTCACHE.DAT
2025-02-14 19:49 - 2020-05-06 09:58 - 000008192 ___SH C:\DumpStack.log.tmp
2025-02-14 19:49 - 2020-05-06 09:58 - 000000006 ____H C:\windows\Tasks\SA.DAT
2025-02-14 19:49 - 2019-12-07 10:14 - 000000000 ____D C:\windows\ServiceState
2025-02-14 19:48 - 2024-07-14 08:41 - 000000000 ____D C:\windows\system32\compatrel
2025-02-14 19:48 - 2023-12-14 20:03 - 000000000 ____D C:\windows\InboxApps
2025-02-14 19:48 - 2022-09-07 16:30 - 000000000 ____D C:\Users\Michal & Věra
2025-02-14 19:48 - 2019-12-07 10:14 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2025-02-14 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\windows\SysWOW64\setup
2025-02-14 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\windows\SystemResources
2025-02-14 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\windows\system32\setup
2025-02-14 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\windows\system32\oobe
2025-02-14 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\windows\ShellExperiences
2025-02-14 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\windows\bcastdvr
2025-02-14 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2025-02-14 19:48 - 2019-12-07 10:03 - 001048576 _____ C:\windows\system32\config\BBI
2025-02-14 19:48 - 2019-12-07 10:03 - 000000000 ____D C:\windows\servicing
2025-02-14 12:45 - 2020-05-06 10:01 - 003016192 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintConfig.dll
2025-02-14 12:26 - 2022-09-07 16:48 - 000000000 ____D C:\windows\system32\MRT
2025-02-14 12:23 - 2022-09-07 16:48 - 209365816 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2025
Ran by Michal & Věra (13-03-2025 17:08:25)
Running from C:\Users\Michal & Věra\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.5487 (X64) (2021-10-28 23:08:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-769662815-118642976-3592671742-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-769662815-118642976-3592671742-503 - Limited - Disabled)
Guest (S-1-5-21-769662815-118642976-3592671742-501 - Limited - Disabled)
Michal & Věra (S-1-5-21-769662815-118642976-3592671742-1001 - Administrator - Enabled) => C:\Users\Michal & Věra
WDAGUtilityAccount (S-1-5-21-769662815-118642976-3592671742-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 25.001.20432 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601108}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Advanced IP Scanner 2.5.1 (HKLM-x32\...\{A1264137-992D-4163-9158-FC398DD88DA4}) (Version: 2.5.4594.1 - Famatech)
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - Canon Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 134.0.6998.89 - Google LLC)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.19.0 - HP)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
iVMS-4200 (HKLM-x32\...\{CE2F96D0-63D2-4B9C-A8D6-0D1A60840BD8}) (Version: 3.10.0.6 - Hangzhou Hikvision Digital Technology Co., Ltd.)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.18526.20144 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18526.20144 - Microsoft Corporation)
Microsoft 365 - sk-sk (HKLM\...\O365HomePremRetail - sk-sk) (Version: 16.0.18526.20144 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 134.0.3124.66 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 133.0.3065.92 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-769662815-118642976-3592671742-1001\...\OneDriveSetup.exe) (Version: 25.020.0202.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM-x32\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29112 (HKLM\...\{1B4EDD59-90CE-4BDE-8520-630981088165}) (Version: 14.27.29112 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29112 (HKLM\...\{37BB1766-C587-49AE-B2DB-618FBDEAB88C}) (Version: 14.27.29112 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29112 (HKLM-x32\...\{526B224D-6B70-4A2A-9D03-CE304B5125D6}) (Version: 14.27.29112 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29112 (HKLM-x32\...\{42163859-095F-469B-A0B0-7748500570D1}) (Version: 14.27.29112 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18526.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18526.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
OpenOffice 4.1.13 (HKLM-x32\...\{D86F0E67-2C02-4DFF-A46A-6871BA809A51}) (Version: 4.113.9810 - Apache Software Foundation)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-12-13] ()
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.30.0_x64__xbfy0k16fey96 [2025-02-07] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2021-10-28] (HP Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.35.264.0_x64__v10z8vjag6ke6 [2022-12-11] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.7.2.0_x64__v10z8vjag6ke6 [2025-03-13] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2023-08-18] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2022-09-10] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_158.1.1131.0_x64__v10z8vjag6ke6 [2025-03-09] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.42.15.0_x64__v10z8vjag6ke6 [2025-03-07] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_3.1.4.0_x64__v10z8vjag6ke6 [2025-01-20] (HP Inc.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2502.5001.0_x64__8wekyb3d8bbwe [2025-02-14] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_54.20907.567.0_x64__8wekyb3d8bbwe [2024-09-09] (Microsoft Corporation)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-08] (INTEL CORP) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-769662815-118642976-3592671742-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-769662815-118642976-3592671742-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-769662815-118642976-3592671742-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-769662815-118642976-3592671742-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-769662815-118642976-3592671742-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-769662815-118642976-3592671742-1001_Classes\CLSID\{7d043d4e-4259-f459-3630-7b434fd7752c}\localserver32 -> C:\Program Files\HP\HP Media Network\HPMediaNetwork.exe (HP Inc. -> HP Inc.)
CustomCLSID: HKU\S-1-5-21-769662815-118642976-3592671742-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-769662815-118642976-3592671742-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=203&RedeemCode=UwScvEEhWJXUJZWdNqC9Fk64Mu9jio5DA2UAYDRWGHIQdlJqIGXQpiQQJYffjssHDc55N%2fAckIvyi7mbxkHupBtj5CY1Qu2BNMfO5FakQO7ADO5pu9r2CyrDdRjzNlnU9HPoXEzw7zdC9ttwY1mDZjT83h%2fXvcgVXyAVUY%2beZOw%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk -> C:\Program Files (x86)\Online Services\LastPass\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=lastpass&c=*&locale=*&pf=*&s=*&tp=edge

==================== Loaded Modules (Whitelisted) =============

2025-01-27 12:42 - 2025-01-27 12:42 - 000138240 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\9598ca96adcc0ca69c9aab02740285df\Interop.IWshRuntimeLibrary.ni.dll
2025-01-20 10:42 - 2025-01-20 10:42 - 000869376 _____ (.NET Foundation) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.T417b639d#\75490e8a5fa2a290f58c8ed742cd453b\Microsoft.Toolkit.Uwp.Notifications.ni.dll
2025-01-20 11:18 - 2025-01-20 11:18 - 000134656 _____ (hardcodet.net) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\add51fe13e040d509af3e30f25fdbfc0\Hardcodet.Wpf.TaskbarNotification.ni.dll
2025-01-20 10:43 - 2025-01-20 10:43 - 000432128 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\LauncherSDK\e429a0da8c01bbfb60111abb02574fc9\LauncherSDK.ni.dll
2025-01-20 10:43 - 2025-01-20 10:43 - 000037888 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Logging\f83258b406f7e0011032448137b9e628\Logging.ni.dll
2025-01-20 10:43 - 2025-01-20 10:43 - 000153088 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\RpcClient\5eb29205e8622c36ff2f873c925e0073\RpcClient.ni.dll
2025-01-20 10:43 - 2025-01-20 10:43 - 000118272 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\WMISDK\2f0514d286050fa258df463fe1ada8f9\WMISDK.ni.dll
2025-01-27 12:42 - 2025-01-27 12:42 - 001700864 _____ (Mark Heath & Contributors) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\NAudio\a880c9cde4bc51b3a2864ed9eacfcaf9\NAudio.ni.dll
2020-12-07 03:07 - 2020-12-07 03:07 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-12-07 03:07 - 2020-12-07 03:07 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2025-01-27 12:41 - 2025-01-27 12:41 - 003062272 _____ (Newtonsoft) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\bb25e6d0a1a36a36fe8b9a04b77bc1b7\Newtonsoft.Json.ni.dll
2025-01-20 10:42 - 2025-01-20 10:42 - 003884544 _____ (Newtonsoft) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\16b5644c5c2fc36401b8037787a12985\Newtonsoft.Json.ni.dll
2025-01-27 12:39 - 2025-01-27 12:39 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\log4net\14603f5c0b2f199021dbceffa2b4dbc7\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

SearchScopes: HKLM -> {275FDF76-136D-499F-9E8E-946F97617C7A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {275FDF76-136D-499F-9E8E-946F97617C7A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-769662815-118642976-3592671742-1001 -> {275FDF76-136D-499F-9E8E-946F97617C7A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2025-02-18] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2025-02-18] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-03-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-03-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-769662815-118642976-3592671742-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michal & Věra\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\10328334407399340210\133759826356660831.jpg
DNS Servers: 10.0.1.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Wi-Fi: Realtek RTL8821CE 802.11ac PCIe Adapter -> rtwlane.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-769662815-118642976-3592671742-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-769662815-118642976-3592671742-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D2F81673216FDB2F371E213C9CD8345B"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{6569013F-9D22-46B3-BDAA-443D1679EC65}C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
FirewallRules: [UDP Query User{9B7C3F2E-A44A-4E0C-B199-C31D60F4231C}C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
FirewallRules: [{AF7D6338-B457-46C6-97C3-FCE70DED74CF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{834F18B3-B4D9-4805-BEE4-CD6BE2C412C3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8AC44028-9775-4EF1-80BB-B7BB220E5DA6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C124CB1E-1C13-4631-AEAF-2E107BC4748E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B4691A9E-319B-4F5D-BAD9-DB8E5FD1861C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8D7CFD8D-50E8-4973-B068-BFBC45D5D07E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5A5ABB54-A022-408E-A0A7-7C5D70F54663}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.43 GB) (Free:38.58 GB) (33%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (02/25/2025 08:28:24 AM) (Source: MsiInstaller) (EventID: 1024) (User: LAPTOP-82AITCJV)
Description: Aktualizaci Adobe Acrobat Reader (24.005.20421) produktu Adobe Acrobat (64-bit) nebylo možné nainstalovat. Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (02/25/2025 08:28:19 AM) (Source: MsiInstaller) (EventID: 11719) (User: LAPTOP-82AITCJV)
Description: Produkt: Adobe Acrobat (64-bit) -- Chyba 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Error: (02/14/2025 07:51:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WpnService, verze: 10.0.19041.4355, časové razítko: 0x9ce47784
Název chybujícího modulu: wpnprv.dll, verze: 10.0.19041.4355, časové razítko: 0x0765ee3a
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000002abd2
ID chybujícího procesu: 0x1118
Čas spuštění chybující aplikace: 0x01db7f11252f3d77
Cesta k chybující aplikaci: C:\windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\windows\System32\wpnprv.dll
ID zprávy: 854937a5-9454-4422-8b0f-e3de61e30679
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/17/2025 05:30:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému..

Error: (01/17/2025 05:30:38 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]

Error: (12/30/2024 01:10:22 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {9E8536E4-B5FF-45CB-899C-E42F925C6A8B}

Error: (12/30/2024 01:09:40 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {04489302-4CD7-4758-BBEE-C9FC6A15976D}

Error: (12/30/2024 01:09:24 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {77A67D30-6133-49FF-AE23-97EA14B4286C}


System errors:
=============
Error: (03/13/2025 04:57:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9P4W8RFN9M2T-AD2F1837.HPSystemEventUtility.

Error: (03/11/2025 05:25:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (03/10/2025 03:47:34 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-82AITCJV)
Description: Server Microsoft.Windows.ContentDeliveryManager_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/09/2025 01:51:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070050): Aktualizace bezpečnostních informací pro Microsoft Defender Antivirus – KB2267602 (verze 1.423.306.0) – Aktuální kanál (široká distribuce).

Error: (03/07/2025 11:25:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (03/07/2025 10:39:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (03/04/2025 08:17:23 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-82AITCJV)
Description: Server microsoft.windowscommunicationsapps_16005.14326.22301.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/04/2025 08:17:23 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-82AITCJV)
Description: Server Microsoft.YourPhone_1.25012.100.0_x64__8wekyb3d8bbwe!App.AppX3vhsrrrr4az9vb3h5mjdzkhtshkg5v0x.mca se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2025-03-11 17:25:33
Description:
Antivirová ochrana v programu Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-03-10 18:00:34
Description:
Antivirová ochrana v programu Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-03-09 15:01:40
Description:
Antivirová ochrana v programu Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-03-04 16:18:38
Description:
Antivirová ochrana v programu Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalwarový program
Scan Parameters: Rychlé prohledávání

Date: 2025-03-03 15:53:00
Description:
Antivirová ochrana v programu Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalwarový program
Scan Parameters: Rychlé prohledávání
Event[0]:

Date: 2025-03-09 13:51:20
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.423.290.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.25010.7
Error code: 0x80070050
Error description: Soubor existuje.

Date: 2025-02-07 10:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1729.0
Update Source: Server Microsoft Update
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070102
Error description: Vypršel časový limit operace čekání.

Date: 2025-02-07 10:53:33
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1729.0
Update Source: Server Microsoft Update
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070102
Error description: Vypršel časový limit operace čekání.

Date: 2024-12-08 18:27:42
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.635.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2024-12-08 18:27:42
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.635.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antispywarový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

CodeIntegrity:
===============
Date: 2023-12-03 12:56:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-10-29 12:49:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-09-30 12:13:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Insyde F.63 08/24/2023
Motherboard: HP 85F5
Processor: Intel(R) Celeron(R) N4020 CPU @ 1.10GHz
Percentage of memory in use: 70%
Total physical RAM: 3907.01 MB
Available physical RAM: 1135.96 MB
Total Virtual: 6511.04 MB
Available Virtual: 2300.05 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:118.43 GB) (Free:38.58 GB) (Model: SSSTC CVB-8D128-HP) NTFS

\\?\Volume{8b25612a-0337-4df0-bf17-e871948f1b2a}\ (Windows RE tools) (Fixed) (Total:0.53 GB) (Free:0.06 GB) NTFS
\\?\Volume{5e91a7f4-a217-42c9-9c77-809c1dbcfc69}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 526F2C2C)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Vir v pc

Napsal: 13 bře 2025 18:02
od Rudy
Zdravím!
Spusťte nejprve tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Vir v pc

Napsal: 13 bře 2025 18:27
od Petr222
# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-13-2025
# Duration: 00:00:22
# OS: Windows 10 (Build 19045.5608)
# Scanned: 32109
# Detected: 18


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55E758A0-A464-4DC3-8F95-F0DAEC50BDB1}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Michal & Věra\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Re: Vir v pc

Napsal: 13 bře 2025 18:53
od Rudy
Tohle vypadá v pořádku, preinstalled jsou utility od HP. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
Task: {F0481F24-7E13-4676-AD87-9838AFE8A44C} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.0{2581DC25-5401-4374-9C2C-4809FFFDD019} => C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe [5745760 2025-02-19] (Google LLC -> Google LLC)
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

EmptyTemp:
End
Uložte do C:\Users\Michal & Věra\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Vir v pc

Napsal: 13 bře 2025 20:59
od Petr222
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-03-2025
Ran by Michal & Věra (13-03-2025 20:48:10) Run:1
Running from C:\Users\Michal & Věra\Downloads
Loaded Profiles: Michal & Věra
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
Task: {F0481F24-7E13-4676-AD87-9838AFE8A44C} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.0{2581DC25-5401-4374-9C2C-4809FFFDD019} => C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe [5745760 2025-02-19] (Google LLC -> Google LLC)
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0481F24-7E13-4676-AD87-9838AFE8A44C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0481F24-7E13-4676-AD87-9838AFE8A44C}" => removed successfully
C:\windows\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.0{2581DC25-5401-4374-9C2C-4809FFFDD019} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.0{2581DC25-5401-4374-9C2C-4809FFFDD019}" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 471562862 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 114972138 B
Edge => 0 B
Chrome => 61468243 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1101 B
systemprofile32 => 1101 B
LocalService => 9877 B
NetworkService => 807845 B
Michal & Věra => 7956568894 B

RecycleBin => 753211687 B
EmptyTemp: => 8.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:51:28 ====

Re: Vir v pc

Napsal: 14 bře 2025 12:51
od Rudy
Smazáno. Nastala nějaká změna?

Re: Vir v pc

Napsal: 14 bře 2025 14:06
od Petr222
Bohužel nedokážu odpovědět protože jak jsem psal, po smazání historie to přestalo dělat. Ale i tak moc děkuju. :) Jdu ještě otevřít nové téma v prevenci pro můj pc, pak Vám s radostí pošlu příspěvěk. :closed:

Re: Vir v pc

Napsal: 14 bře 2025 16:05
od Rudy
Petr222 píše: 14 bře 2025 14:06 Bohužel nedokážu odpovědět protože jak jsem psal, po smazání historie to přestalo dělat. Ale i tak moc děkuju. :) Jdu ještě otevřít nové téma v prevenci pro můj pc, pak Vám s radostí pošlu příspěvěk. :closed:
OK. Kdyby něco, ozvěte se. Máme tu na fóru interní dohodu, že já nebudu dělat posty v prevenci, pokud nebudou starší 24hod. Buď vám to udělá kolega, nebo já, ale až po 24hod. Omlouvám se.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz