VIRY.CZ

PC má v sobě parazita, blokuje antivirové programy a stránky odkazující na software s antiviry a malware detektory..
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2025
Ran by Jaroslav Reichel (30-04-2025 19:41:38)
Running from C:\Users\Jaroslav Reichel\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.5737 (X64) (2021-03-27 16:21:29)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2966077403-802055689-1139997306-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2966077403-802055689-1139997306-503 - Limited - Disabled)
Guest (S-1-5-21-2966077403-802055689-1139997306-501 - Limited - Disabled)
Jaroslav Reichel (S-1-5-21-2966077403-802055689-1139997306-1001 - Administrator - Enabled) => C:\Users\Jaroslav Reichel
WDAGUtilityAccount (S-1-5-21-2966077403-802055689-1139997306-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 25.001.20474 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 1.8.0.0 - GIGABYTE Technology Co.,Inc.)
Call of Duty 4 - Modern Warfare verze 1.7 (HKLM-x32\...\{826D7727-6105-4C5D-A049-E4BADBC8BAAB}_is1) (Version: 1.7 - tomi2k9)
Call Of Duty(R) 2 (HKLM-x32\...\{DBECFA83-42DC-4585-A970-A764AB01A956}) (Version: 1.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 6.11 - Piriform)
CPUID CPU-Z 1.91 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.91 - CPUID, Inc.)
Dream Aquarium (HKLM-x32\...\Dream Aquarium_is1) (Version: 1.0700 - )
Driver Booster 9 (HKLM-x32\...\Driver Booster_is1) (Version: 9.1.0 - IObit)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 135.0.7049.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.165 - Google Inc.) Hidden
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Deskjet 3540 series Nápověda (HKLM-x32\...\{13EFEB9B-FB50-40C6-9F18-C3F38AAE81D1}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel(R) Chipset Device Software (HKLM\...\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}) (Version: 10.1.1.13 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5063 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
IrfanView 4.52 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.52 - Irfan Skiljan)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
K-Lite Mega Codec Pack 14.5.2 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.2 - KLCP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 135.0.3179.98 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 135.0.3179.98 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.18623.20208 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\OneDriveSetup.exe) (Version: 23.214.1015.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.10.25017 (HKLM\...\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.10.25017 (HKLM\...\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.10.25017 (HKLM-x32\...\{68306422-7C57-373F-8860-D26CE4BA2A15}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.10.25017 (HKLM-x32\...\{582EA838-9199-3518-A05C-DB09462F68EC}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421029}) (Version: 7.02.9752 - Nero AG)
neroxml (HKLM-x32\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 560.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 560.94 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20208 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.5 - Power Software Ltd)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.0 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Skype verze 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
Studie vylepšování produktu HP Deskjet 3540 series (HKLM\...\{377A8182-90CD-4AD8-BF1C-B757EC83724E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.65.4 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0 - Ghisler Software GmbH)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.1022 - McAfee, LLC)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Základní software zařízení HP Deskjet 3540 series (HKLM\...\{4CCA7410-4D72-4720-87C2-DBB75486E991}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC [2024-12-12] ()
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.3011.1.0_x64__kgqvnymyfvs32 [2025-04-30] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.26.3000.0_x64__rz1tebttyb220 [2025-03-21] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2024-12-31] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_158.2.1134.0_x64__v10z8vjag6ke6 [2025-04-05] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-27] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-07-27] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-26] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-04-29] ()

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\nvshext.dll [2024-09-15] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2025-04-30 18:46 - 2025-04-30 18:46 - 000029480 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2020-04-19 01:53 - 2020-04-19 01:53 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-04-19 01:53 - 2020-04-19 01:53 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 09:31 - 2023-11-12 20:56 - 000001633 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 get-seeders.com
127.0.0.1 tracker.cgpeers.to
127.0.0.1 proxy.siambit.me
127.0.0.1 tracker.iptorrent.com
127.0.0.1 zb-ann.com
127.0.0.1 www.eset.com
127.0.0.1 iploc.eset.com
127.0.0.1 repository.eset.com
127.0.0.1 www.avast.com
127.0.0.1 www.malwarebytes.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.edf.eset.com
127.0.0.1 www.update.eset.com
127.0.0.1 www.kaspersky.co.th
127.0.0.1 www.kaspersky.com.br
127.0.0.1 usa.kaspersky.com
127.0.0.1 ark.mwbsys.com
127.0.0.1 settings-win.data.microsoft.com
127.0.0.1 telemetry.malwarebytes.com
127.0.0.1 keystone.mwbsys.com
127.0.0.1 iavs9x.avg.u.avcdn.net
127.0.0.1 shepherd.ff.avast.com
127.0.0.1 iavs9x.u.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 www.avg.com
127.0.0.1 www.bitdefender.com
127.0.0.1 www.avira.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Wi-Fi 2: Qualcomm Atheros 11G USB Wireless Network Adapter -> athuwbx.sys
Síťové připojení Bluetooth: Bluetooth Device (Personal Area Network) -> bthpan.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_41D030032786FFC48599CF981922C637"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8C447807-E6DE-4380-B43C-A3A9E3A1726C}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{49151329-B8F7-434B-85B1-F8AEA937E7DD}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{750646EF-A8BC-4465-BB8D-DF2AFBFE95FA}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{B6980FE1-78D0-402B-BB96-E57B3DBE2F6A}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{7956B952-3647-434E-8890-BC82644C2401}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{CDE04448-1F89-40E0-BDFE-9ED00B5E930B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E91A13F7-2221-44A1-BE72-55DAD6F6FD0B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CEFBB698-D78B-4EAD-8B4B-EECCE4138A28}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1016C69-7560-41A5-8AC6-76D7816AC948}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0257DE4B-7CE9-4C7C-AB95-60FBDB8BABB4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9B08EAC9-03CC-43AC-A3F4-58341A1CB7DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6AAC02CA-E53E-40B7-9BE3-9C9E7A0A5088}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\135.0.3179.98\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{60173047-D48D-4FA6-9866-136AAA29C233}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C86E6DE4-B2B5-4F87-8B35-3EDE19C1DD9C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0B3CF8EA-EBA8-4D3F-82EB-6569649941D2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{278E5BF7-B6BE-48DD-9EF2-6413FCFEE6BD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{35F69948-16BC-42A8-8BED-3F5C6B639C86}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

12-04-2025 09:03:48 Instalační služba modulů systému Windows
23-04-2025 19:38:42 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (04/30/2025 07:10:09 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_perf.dll (kód chyby Win32 126).

Error: (04/30/2025 07:10:09 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll (kód chyby Win32 126).

Error: (04/30/2025 06:47:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/30/2025 06:47:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/30/2025 06:47:32 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Získání licence koncového uživatele se nezdařilo. hr=0xC004C060
ID SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Error: (04/30/2025 06:47:32 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Podrobnosti chyby získávání licence
hr=0xC004C060

Error: (04/30/2025 06:37:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TeamViewer_Service.exe, verze: 15.1.3937.0, časové razítko: 0x5df7a8c5
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.5737, časové razítko: 0x2f8c0a5c
Kód výjimky: 0xc0000005
Posun chyby: 0x0005fb03
ID chybujícího procesu: 0x115c
Čas spuštění chybující aplikace: 0x01dbb914d2425e72
Cesta k chybující aplikaci: C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 436eff6c-5f98-42e4-bd37-279dbbd7d9bf
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/30/2025 06:25:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

System errors:
=============
Error: (04/30/2025 06:48:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime byla ukončena s následující chybou:
%%3489660935

Error: (04/30/2025 06:48:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (04/30/2025 06:48:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (04/30/2025 06:45:59 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: not terminated, too long or invalid number of separators

Error: (04/30/2025 01:50:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7ROS5EQ)
Description: Server {7E203817-236D-4E25-B5C9-EC22048B2B6D} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/29/2025 04:43:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime byla ukončena s následující chybou:
%%3489660935

Error: (04/29/2025 04:43:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (04/29/2025 04:43:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Windows Defender:
================
Date: 2025-04-25 13:17:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-04-19 19:35:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-04-17 15:24:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-04-15 08:57:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-04-12 16:34:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antispywarový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2023-11-17 10:27:20
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.654.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2023-11-17 10:27:20
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.654.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antispywarový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

CodeIntegrity:
===============
Date: 2024-11-12 16:38:19
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.

Date: 2024-11-12 16:38:18
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2023-11-25 18:48:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-11-05 12:33:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 3602 03/26/2018
Motherboard: ASUSTeK COMPUTER INC. H81M-C
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 64%
Total physical RAM: 8127.95 MB
Available physical RAM: 2863.74 MB
Total Virtual: 9407.95 MB
Available Virtual: 2856.63 MB

==================== Drives ================================

Drive c: (Systém) (Fixed) (Total:360.27 GB) (Free:289.56 GB) (Model: ST2000DX001-1CM164) NTFS
Drive d: (Data) (Fixed) (Total:1501.69 GB) (Free:414.36 GB) (Model: ST2000DX001-1CM164) NTFS

\\?\Volume{50fb8be9-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{50fb8be9-0000-0000-0000-d0335a000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 50FB8BE9)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=360.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=527 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1501.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2025
Ran by Jaroslav Reichel (administrator) on DESKTOP-7ROS5EQ (ASUS All Series) (30-04-2025 19:44:39)
Running from C:\Users\Jaroslav Reichel\Downloads\FRST64.exe
Loaded Profiles: Jaroslav Reichel
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5737 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> ) C:\Program Files\TeamViewer\crashpad_handler.exe <3>
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(C:\Program Files\WinRAR\WinRAR.exe ->) (NoVirusThanks Company Srl) [File not signed] C:\Users\Jaroslav Reichel\AppData\Local\Temp\Rar$EXa1492.49584\PORTABLE\NMR.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(explorer.exe ->) (win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(wscript.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2019-09-15] (Power Software Limited -> Power Software Ltd)
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG -> Nero AG)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [112191904 2021-12-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40412984 2023-04-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [HP Deskjet 3540 series (NET)] => C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [MicrosoftEdgeAutoLaunch_41D030032786FFC48599CF981922C637] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4419624 2025-04-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [RKWETEJG4L] => C:\Users\Jaroslav Reichel\AppData\Local\Temp\dll.js [86058 2023-11-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Print\Monitors\HP C711 Status Monitor: C:\Windows\system32\hpinkstsC711LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3540 series): C:\Windows\system32\HPDiscoPMC711.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb] -> IIS Express Application Compatibility Database for x64
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb] -> IIS Express Application Compatibility Database for x86
HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb [2012-05-29]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\135.0.7049.116\Installer\chrmstp.exe [2025-04-29] (Google LLC -> Google LLC)
Startup: C:\Users\Jaroslav Reichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dll.js [2023-11-12] () [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {C576CEB8-EBF8-4D65-BEAF-9EBFDCCF8C77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {DEB9035E-9EE5-4AA4-B5EF-F2F72381D302} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7129.0{CAA1991C-8AC8-4790-964E-C3F5B310679E} => C:\Program Files (x86)\Google\GoogleUpdater\137.0.7129.0\updater.exe [7375968 2025-04-17] (Google LLC -> Google LLC)
Task: {F56ED2D2-0B90-4379-9E3E-1599DDB05BF4} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B003309-CEC0-4813-8320-08884F1744FF} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {699D5652-4FEC-4F9A-A7DF-60D2CC330FB0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {988443E6-BD3C-4AAB-84DD-75D4D8C2AF5A} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68360 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A236DBA4-9CF6-4D6A-9D24-D2D3B4175981} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {9132D345-36F8-4440-88B2-61CDCE2870EA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C075B164-567A-474D-B8AB-57906650AEDC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {522A0C3D-D05E-40D1-B102-6D8BA5F5C15F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [204400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {58D3CC20-4144-4B93-A146-3739A9CEE889} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6863381B-68B9-42CD-8115-37BC23B70964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D6ACC3C9-4186-40A3-9CD0-0EA7FC7BAF01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8C96F53B-234A-4430-937D-44BD2AA81262} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CC56957F-56E9-45EB-ABE6-1253BF559853} - System32\Tasks\Skype => C:\Users\Jaroslav [1726 2023-11-17] () [File not signed] <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1 172.16.0.1
Tcpip\..\Interfaces\{551d8299-2908-416b-a8bc-aa9d7e86b015}: [DhcpNameServer] 172.16.0.1 172.16.0.1
Tcpip\..\Interfaces\{551d8299-2908-416b-a8bc-aa9d7e86b015}\255696368656C6F546F6D616F5B6C696D6E6564713: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{950c552e-0b41-4321-a994-df8bd6290d1d}: [DhcpNameServer] 192.168.255.1 192.168.255.101 172.16.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default [2025-04-30]
Edge Extension: (DualSafe Password Manager & Digital Vault) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bobgdmjpamhpbiobbklajbdkgmmmbcja [2024-05-16]
Edge Extension: (Dokumenty Google offline) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-06]
Edge Extension: (Edge relevant text changes) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]
Edge HKLM\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
Edge HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
Edge HKLM-x32\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2025-04-30] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default [2025-04-30]
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-04-25]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-04-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-21]
CHR Extension: (DualSafe Password Manager & Digital Vault) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbjhdkjmpgjgcbcdlhkokkckpjmedgc [2025-04-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2019-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13863152 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [943216 2025-04-30] (McAfee, LLC -> McAfee, LLC)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-09-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2025-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [23743792 2025-04-16] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\WINDOWS\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [109504 2019-01-10] (Alcorlink Corp. -> )
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2019-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2020-01-11] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-01-10] (Martin Malik - REALiX -> REALiX(tm))
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
U5 rtp_filesystem_filter; C:\Windows\System32\Drivers\rtp_filesystem_filter.sys [219448 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
U5 rtp_process_monitor; C:\Windows\System32\Drivers\rtp_process_monitor.sys [199992 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20016 2025-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [605576 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
S3 IUProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [X]
S3 IURegistryFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Zkuste spustit tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Pokud by to nešlo v normálním režimu, vyzkoušejte nouzový.

# -------------------------------
# Malwarebytes AdwCleaner 8.5.1.601
# -------------------------------
# Build: 03-26-2025
# Database: 2025-04-04.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-01-2025
# Duration: 00:00:06
# OS: Windows 10 (Build 19045.5737)
# Cleaned: 12
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Users\Jaroslav Reichel\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Jaroslav Reichel\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 12
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2405 octets] - [01/05/2025 10:39:23]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

OK, něco bylo smazáno. Teď dejte nové logy FRST+Addition.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05-2025
Ran by Jaroslav Reichel (administrator) on DESKTOP-7ROS5EQ (ASUS All Series) (02-05-2025 19:42:53)
Running from C:\Users\Jaroslav Reichel\Downloads\FRST64.exe
Loaded Profiles: Jaroslav Reichel
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5737 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(C:\Program Files\TeamViewer\TeamViewer.exe ->) (TeamViewer Germany GmbH -> ) C:\Program Files\TeamViewer\crashpad_handler.exe <2>
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(explorer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(wscript.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2019-09-15] (Power Software Limited -> Power Software Ltd)
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG -> Nero AG)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [112191904 2021-12-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40412984 2023-04-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [HP Deskjet 3540 series (NET)] => C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [MicrosoftEdgeAutoLaunch_41D030032786FFC48599CF981922C637] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4419624 2025-04-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [RKWETEJG4L] => C:\Users\Jaroslav Reichel\AppData\Local\Temp\dll.js [86058 2023-11-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Print\Monitors\HP C711 Status Monitor: C:\Windows\system32\hpinkstsC711LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3540 series): C:\Windows\system32\HPDiscoPMC711.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb] -> IIS Express Application Compatibility Database for x64
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb] -> IIS Express Application Compatibility Database for x86
HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb [2012-05-29]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\135.0.7049.116\Installer\chrmstp.exe [2025-04-29] (Google LLC -> Google LLC)
Startup: C:\Users\Jaroslav Reichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dll.js [2023-11-12] () [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {C576CEB8-EBF8-4D65-BEAF-9EBFDCCF8C77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {DEB9035E-9EE5-4AA4-B5EF-F2F72381D302} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7129.0{CAA1991C-8AC8-4790-964E-C3F5B310679E} => C:\Program Files (x86)\Google\GoogleUpdater\137.0.7129.0\updater.exe [7375968 2025-04-17] (Google LLC -> Google LLC)
Task: {F56ED2D2-0B90-4379-9E3E-1599DDB05BF4} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B003309-CEC0-4813-8320-08884F1744FF} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {699D5652-4FEC-4F9A-A7DF-60D2CC330FB0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {988443E6-BD3C-4AAB-84DD-75D4D8C2AF5A} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68360 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A236DBA4-9CF6-4D6A-9D24-D2D3B4175981} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {9132D345-36F8-4440-88B2-61CDCE2870EA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C075B164-567A-474D-B8AB-57906650AEDC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {522A0C3D-D05E-40D1-B102-6D8BA5F5C15F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [204400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {58D3CC20-4144-4B93-A146-3739A9CEE889} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6863381B-68B9-42CD-8115-37BC23B70964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D6ACC3C9-4186-40A3-9CD0-0EA7FC7BAF01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8C96F53B-234A-4430-937D-44BD2AA81262} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CC56957F-56E9-45EB-ABE6-1253BF559853} - System32\Tasks\Skype => C:\Users\Jaroslav [1726 2023-11-17] () [File not signed] <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1 172.16.0.1
Tcpip\..\Interfaces\{551d8299-2908-416b-a8bc-aa9d7e86b015}: [DhcpNameServer] 172.16.0.1 172.16.0.1
Tcpip\..\Interfaces\{551d8299-2908-416b-a8bc-aa9d7e86b015}\255696368656C6F546F6D616F5B6C696D6E6564713: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{950c552e-0b41-4321-a994-df8bd6290d1d}: [DhcpNameServer] 192.168.255.1 192.168.255.101 172.16.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default [2025-05-01]
Edge Extension: (DualSafe Password Manager & Digital Vault) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bobgdmjpamhpbiobbklajbdkgmmmbcja [2024-05-16]
Edge Extension: (Dokumenty Google offline) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-06]
Edge Extension: (Edge relevant text changes) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]
Edge HKLM\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
Edge HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
Edge HKLM-x32\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2025-04-30] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default [2025-05-02]
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-05-02]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-04-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-21]
CHR Extension: (DualSafe Password Manager & Digital Vault) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbjhdkjmpgjgcbcdlhkokkckpjmedgc [2025-04-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2019-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13863152 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [943216 2025-04-30] (McAfee, LLC -> McAfee, LLC)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-09-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2025-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [23743792 2025-04-16] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\WINDOWS\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [109504 2019-01-10] (Alcorlink Corp. -> )
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2019-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2020-01-11] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-01-10] (Martin Malik - REALiX -> REALiX(tm))
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
U5 rtp_filesystem_filter; C:\Windows\System32\Drivers\rtp_filesystem_filter.sys [219448 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
U5 rtp_process_monitor; C:\Windows\System32\Drivers\rtp_process_monitor.sys [199992 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20016 2025-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [605576 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
S3 IUProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [X]
S3 IURegistryFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-05-02 19:42 - 2025-05-02 19:42 - 002405376 _____ (Farbar) C:\Users\Jaroslav Reichel\Downloads\FRST64.exe
2025-05-02 19:42 - 2025-05-02 19:42 - 000000000 ____D C:\Users\Jaroslav Reichel\Downloads\FRST-OlderVersion
2025-05-01 10:40 - 2025-05-01 10:40 - 000002373 _____ C:\Users\Jaroslav Reichel\Desktop\AdwCleaner[C00].txt
2025-05-01 10:38 - 2025-05-01 10:39 - 000000000 ____D C:\AdwCleaner
2025-05-01 10:32 - 2025-05-01 10:32 - 009568256 _____ (Malwarebytes) C:\Users\Jaroslav Reichel\Desktop\adwcleaner.exe
2025-04-30 19:35 - 2025-04-30 19:52 - 000039439 _____ C:\Users\Jaroslav Reichel\Downloads\Addition.txt
2025-04-30 19:30 - 2025-05-02 19:45 - 000021844 _____ C:\Users\Jaroslav Reichel\Downloads\FRST.txt
2025-04-30 19:28 - 2025-05-02 19:44 - 000000000 ____D C:\FRST
2025-04-30 19:20 - 2025-04-30 19:20 - 000000000 ____D C:\Users\Jaroslav Reichel\Desktop\HijackThisPortable
2025-04-30 19:18 - 2025-04-30 19:18 - 002092160 _____ (PortableApps.com) C:\Users\Jaroslav Reichel\Desktop\HijackThisPortable_2.10.0.10.paf.exe
2025-04-30 19:11 - 2025-04-30 19:11 - 001549314 _____ C:\Users\Jaroslav Reichel\Desktop\nmr_portable.zip
2025-04-30 19:09 - 2025-04-30 19:09 - 000000000 ____D C:\Program Files\Malwarebytes
2025-04-30 19:08 - 2025-04-30 19:08 - 002834160 _____ (Malwarebytes) C:\Users\Jaroslav Reichel\Desktop\MBSetup.exe
2025-04-30 18:56 - 2025-04-30 18:56 - 010687344 _____ (ESET) C:\Users\Jaroslav Reichel\Desktop\eset_smart_security_premium_live_installer.exe
2025-04-30 18:43 - 2025-04-30 18:43 - 000000899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2025-04-30 18:43 - 2025-04-30 18:43 - 000000887 _____ C:\Users\Public\Desktop\TeamViewer.lnk
2025-04-30 18:42 - 2025-05-01 10:35 - 000000000 ____D C:\Program Files\TeamViewer
2025-04-30 18:38 - 2025-04-30 18:42 - 076670760 _____ (TeamViewer Germany GmbH) C:\Users\Jaroslav Reichel\Downloads\TeamViewer_Setup_x64.exe
2025-04-29 11:29 - 2025-04-29 11:29 - 003182665 _____ C:\Users\Jaroslav Reichel\Downloads\PFG_Komis._s_Kněževes_Reichel_podepsaná.pdf
2025-04-29 11:27 - 2025-04-29 11:27 - 003873861 _____ C:\Users\Jaroslav Reichel\Downloads\Kupní_smlouva_Košut_Kněževes-konverze.pdf
2025-04-29 11:27 - 2025-04-29 11:27 - 003068472 _____ C:\Users\Jaroslav Reichel\Downloads\ZP_Kněževes_u_Prahy.pdf
2025-04-29 11:26 - 2025-04-29 11:26 - 001576096 _____ C:\Users\Jaroslav Reichel\Downloads\PFG_invest_A4.pdf
2025-04-29 09:55 - 2025-04-29 09:55 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-04-29 09:53 - 2025-04-29 09:53 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2025-04-29 09:53 - 2025-04-29 09:53 - 000002130 _____ C:\Users\Public\Desktop\Acrobat Reader.lnk
2025-04-12 16:45 - 2025-04-12 16:50 - 046304064 _____ (Samsung Electronics) C:\Users\Jaroslav Reichel\Downloads\Smart.Switch.PC_Setup.exe
2025-04-12 16:19 - 2022-09-30 05:24 - 000174112 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2025-04-12 16:19 - 2022-09-30 05:23 - 000167440 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2025-04-12 16:18 - 2025-04-12 16:18 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2025-04-12 09:08 - 2025-04-12 09:08 - 000000000 ___HD C:\$WinREAgent
2025-04-05 09:24 - 2025-04-05 09:24 - 000000000 ____D C:\Program Files\Common Files\DESIGNER

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-05-02 19:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-05-02 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-05-02 19:39 - 2020-01-18 16:11 - 000000000 ____D C:\ProgramData\NVIDIA
2025-05-02 12:11 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-05-01 10:41 - 2021-03-27 18:13 - 001619426 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-05-01 10:41 - 2019-12-07 16:43 - 000686884 _____ C:\WINDOWS\system32\perfh005.dat
2025-05-01 10:41 - 2019-12-07 16:43 - 000139312 _____ C:\WINDOWS\system32\perfc005.dat
2025-05-01 10:41 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2025-05-01 10:39 - 2019-01-10 18:41 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\Roaming\IObit
2025-05-01 10:39 - 2019-01-10 18:41 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\LocalLow\IObit
2025-05-01 10:39 - 2019-01-10 18:41 - 000000000 ____D C:\ProgramData\IObit
2025-05-01 10:39 - 2019-01-10 18:41 - 000000000 ____D C:\Program Files (x86)\IObit
2025-05-01 10:34 - 2024-09-11 20:16 - 000008192 ___SH C:\DumpStack.log.tmp
2025-05-01 10:34 - 2021-03-27 18:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-05-01 10:34 - 2021-03-27 17:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-04-30 18:46 - 2021-03-27 17:55 - 000288656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-04-30 18:46 - 2019-11-15 14:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2025-04-30 18:44 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-04-30 18:43 - 2019-11-15 14:59 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\Local\TeamViewer
2025-04-30 18:37 - 2019-11-15 14:59 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\Roaming\TeamViewer
2025-04-29 21:31 - 2021-12-18 10:12 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-04-29 21:31 - 2019-01-10 19:38 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-04-29 16:42 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-04-29 16:42 - 2018-12-13 19:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2025-04-27 02:58 - 2020-07-16 07:42 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-04-27 02:58 - 2020-07-16 07:42 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-04-23 19:41 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-04-23 09:40 - 2019-01-10 18:30 - 000000000 ____D C:\Program Files\Microsoft Office
2025-04-12 17:55 - 2024-07-13 14:49 - 000000000 ____D C:\WINDOWS\system32\compatrel
2025-04-12 17:55 - 2019-12-07 16:44 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-04-12 17:54 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-04-12 09:47 - 2021-03-27 17:58 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-04-10 03:25 - 2018-12-14 02:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-04-07 11:34 - 2020-01-26 20:24 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\Local\CrashDumps
2025-04-06 09:52 - 2023-11-17 16:26 - 000003716 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{5DF12039-6AFC-40B9-BE36-B40A6306EFE6}
2025-04-06 09:52 - 2023-11-17 16:26 - 000003592 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{B7D08817-B02B-43EF-9C91-D4017A77167F}

==================== Files in the root of some directories ========

2020-01-18 16:20 - 2020-01-18 16:20 - 000280796 _____ () C:\Users\Jaroslav Reichel\AppData\Roaming\we8_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2019-11-15 14:21 - 2019-11-15 14:21 - 000007605 _____ () C:\Users\Jaroslav Reichel\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05-2025
Ran by Jaroslav Reichel (02-05-2025 19:46:49)
Running from C:\Users\Jaroslav Reichel\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.5737 (X64) (2021-03-27 16:21:29)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2966077403-802055689-1139997306-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2966077403-802055689-1139997306-503 - Limited - Disabled)
Guest (S-1-5-21-2966077403-802055689-1139997306-501 - Limited - Disabled)
Jaroslav Reichel (S-1-5-21-2966077403-802055689-1139997306-1001 - Administrator - Enabled) => C:\Users\Jaroslav Reichel
WDAGUtilityAccount (S-1-5-21-2966077403-802055689-1139997306-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 25.001.20474 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 1.8.0.0 - GIGABYTE Technology Co.,Inc.)
Call of Duty 4 - Modern Warfare verze 1.7 (HKLM-x32\...\{826D7727-6105-4C5D-A049-E4BADBC8BAAB}_is1) (Version: 1.7 - tomi2k9)
Call Of Duty(R) 2 (HKLM-x32\...\{DBECFA83-42DC-4585-A970-A764AB01A956}) (Version: 1.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 6.11 - Piriform)
CPUID CPU-Z 1.91 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.91 - CPUID, Inc.)
Dream Aquarium (HKLM-x32\...\Dream Aquarium_is1) (Version: 1.0700 - )
Driver Booster 9 (HKLM-x32\...\Driver Booster_is1) (Version: 9.1.0 - IObit)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 135.0.7049.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.165 - Google Inc.) Hidden
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Deskjet 3540 series Nápověda (HKLM-x32\...\{13EFEB9B-FB50-40C6-9F18-C3F38AAE81D1}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel(R) Chipset Device Software (HKLM\...\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}) (Version: 10.1.1.13 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5063 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
IrfanView 4.52 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.52 - Irfan Skiljan)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
K-Lite Mega Codec Pack 14.5.2 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.2 - KLCP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 135.0.3179.98 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 135.0.3179.98 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.18623.20208 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\OneDriveSetup.exe) (Version: 23.214.1015.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.10.25017 (HKLM\...\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.10.25017 (HKLM\...\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.10.25017 (HKLM-x32\...\{68306422-7C57-373F-8860-D26CE4BA2A15}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.10.25017 (HKLM-x32\...\{582EA838-9199-3518-A05C-DB09462F68EC}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421029}) (Version: 7.02.9752 - Nero AG)
neroxml (HKLM-x32\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 560.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 560.94 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20208 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.5 - Power Software Ltd)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.0 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Skype verze 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
Studie vylepšování produktu HP Deskjet 3540 series (HKLM\...\{377A8182-90CD-4AD8-BF1C-B757EC83724E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.65.4 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0 - Ghisler Software GmbH)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.1022 - McAfee, LLC)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Základní software zařízení HP Deskjet 3540 series (HKLM\...\{4CCA7410-4D72-4720-87C2-DBB75486E991}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC [2024-12-12] ()
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.3011.1.0_x64__kgqvnymyfvs32 [2025-04-30] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.26.3000.0_x64__rz1tebttyb220 [2025-03-21] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2024-12-31] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_158.2.1134.0_x64__v10z8vjag6ke6 [2025-04-05] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-27] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-07-27] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-26] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-04-29] ()

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\nvshext.dll [2024-09-15] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 09:31 - 2023-11-12 20:56 - 000001633 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 get-seeders.com
127.0.0.1 tracker.cgpeers.to
127.0.0.1 proxy.siambit.me
127.0.0.1 tracker.iptorrent.com
127.0.0.1 zb-ann.com
127.0.0.1 www.eset.com
127.0.0.1 iploc.eset.com
127.0.0.1 repository.eset.com
127.0.0.1 www.avast.com
127.0.0.1 www.malwarebytes.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.edf.eset.com
127.0.0.1 www.update.eset.com
127.0.0.1 www.kaspersky.co.th
127.0.0.1 www.kaspersky.com.br
127.0.0.1 usa.kaspersky.com
127.0.0.1 ark.mwbsys.com
127.0.0.1 settings-win.data.microsoft.com
127.0.0.1 telemetry.malwarebytes.com
127.0.0.1 keystone.mwbsys.com
127.0.0.1 iavs9x.avg.u.avcdn.net
127.0.0.1 shepherd.ff.avast.com
127.0.0.1 iavs9x.u.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 www.avg.com
127.0.0.1 www.bitdefender.com
127.0.0.1 www.avira.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Wi-Fi 2: Qualcomm Atheros 11G USB Wireless Network Adapter -> athuwbx.sys
Síťové připojení Bluetooth: Bluetooth Device (Personal Area Network) -> bthpan.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_41D030032786FFC48599CF981922C637"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8C447807-E6DE-4380-B43C-A3A9E3A1726C}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{49151329-B8F7-434B-85B1-F8AEA937E7DD}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{750646EF-A8BC-4465-BB8D-DF2AFBFE95FA}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{B6980FE1-78D0-402B-BB96-E57B3DBE2F6A}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{7956B952-3647-434E-8890-BC82644C2401}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{CDE04448-1F89-40E0-BDFE-9ED00B5E930B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E91A13F7-2221-44A1-BE72-55DAD6F6FD0B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CEFBB698-D78B-4EAD-8B4B-EECCE4138A28}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1016C69-7560-41A5-8AC6-76D7816AC948}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0257DE4B-7CE9-4C7C-AB95-60FBDB8BABB4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9B08EAC9-03CC-43AC-A3F4-58341A1CB7DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6AAC02CA-E53E-40B7-9BE3-9C9E7A0A5088}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\135.0.3179.98\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{60173047-D48D-4FA6-9866-136AAA29C233}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C86E6DE4-B2B5-4F87-8B35-3EDE19C1DD9C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0B3CF8EA-EBA8-4D3F-82EB-6569649941D2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{278E5BF7-B6BE-48DD-9EF2-6413FCFEE6BD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{35F69948-16BC-42A8-8BED-3F5C6B639C86}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

12-04-2025 09:03:48 Instalační služba modulů systému Windows
23-04-2025 19:38:42 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (05/02/2025 07:40:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/02/2025 07:40:42 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Získání licence koncového uživatele se nezdařilo. hr=0xC004C060
ID SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Error: (05/02/2025 07:40:42 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Podrobnosti chyby získávání licence
hr=0xC004C060

Error: (05/02/2025 07:40:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/02/2025 07:40:32 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Získání licence koncového uživatele se nezdařilo. hr=0xC004C060
ID SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c

Error: (05/02/2025 07:40:32 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Podrobnosti chyby získávání licence
hr=0xC004C060

Error: (05/02/2025 07:40:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=5

Error: (05/02/2025 12:11:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

System errors:
=============
Error: (05/01/2025 08:16:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7ROS5EQ)
Description: Server {7E203817-236D-4E25-B5C9-EC22048B2B6D} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba McAfee WebAdvisor byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1 milisekund: Restartovat službu.

Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ASUS Com Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ICEsound Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Windows Defender:
================
Date: 2025-04-25 13:17:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-04-19 19:35:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-04-17 15:24:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-04-15 08:57:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-04-12 16:34:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antispywarový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2023-11-17 10:27:20
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.654.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2023-11-17 10:27:20
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.654.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antispywarový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

CodeIntegrity:
===============
Date: 2024-11-12 16:38:19
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.

Date: 2024-11-12 16:38:18
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2023-11-25 18:48:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-11-05 12:33:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 3602 03/26/2018
Motherboard: ASUSTeK COMPUTER INC. H81M-C
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 51%
Total physical RAM: 8127.95 MB
Available physical RAM: 3980 MB
Total Virtual: 9407.95 MB
Available Virtual: 4594.32 MB

==================== Drives ================================

Drive c: (Systém) (Fixed) (Total:360.27 GB) (Free:288.32 GB) (Model: ST2000DX001-1CM164) NTFS
Drive d: (Data) (Fixed) (Total:1501.69 GB) (Free:414.36 GB) (Model: ST2000DX001-1CM164) NTFS

\\?\Volume{50fb8be9-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{50fb8be9-0000-0000-0000-d0335a000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 50FB8BE9)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=360.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=527 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1501.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [RKWETEJG4L] => C:\Users\Jaroslav Reichel\AppData\Local\Temp\dll.js [86058 2023-11-12] () [File not signed] <==== ATTENTION
Task: {CC56957F-56E9-45EB-ABE6-1253BF559853} - System32\Tasks\Skype => C:\Users\Jaroslav [1726 2023-11-17] () [File not signed] <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\Program Files (x86)\IObit
C:\DumpStack.log.tmp
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File

EmptyTemp:
Hosts:
End

Uložte do C:\Users\Jaroslav Reichel\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-05-2025
Ran by Jaroslav Reichel (04-05-2025 14:46:15) Run:1
Running from C:\Users\Jaroslav Reichel\Downloads
Loaded Profiles: Jaroslav Reichel
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [RKWETEJG4L] => C:\Users\Jaroslav Reichel\AppData\Local\Temp\dll.js [86058 2023-11-12] () [File not signed] <==== ATTENTION
Task: {CC56957F-56E9-45EB-ABE6-1253BF559853} - System32\Tasks\Skype => C:\Users\Jaroslav [1726 2023-11-17] () [File not signed] <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\Program Files (x86)\IObit
C:\DumpStack.log.tmp
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKU\S-1-5-21-2966077403-802055689-1139997306-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RKWETEJG4L" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC56957F-56E9-45EB-ABE6-1253BF559853}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC56957F-56E9-45EB-ABE6-1253BF559853}" => removed successfully
C:\WINDOWS\System32\Tasks\Skype => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Skype" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully

"C:\Program Files (x86)\IObit" Folder move:

C:\Program Files (x86)\IObit => moved successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{ee10d625-cc60-30a4-b3df-4b349785be6b} => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\ContextMenu => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 918775160 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 452183198 B
Edge => 0 B
Chrome => 108511003 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 198 B
LocalService => 1709650 B
NetworkService => 12260894 B
Jaroslav Reichel => 76697791 B

RecycleBin => 198870836 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-05-2025 14:53:40)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 14:53:40 ====

Smazáno. Změnilo se něcvo k lepšímu?

VIRY.CZ

PC napaden, nejde spustit avast, ESET, ani ONLINE ESET

PC napaden, nejde spustit avast, ESET, ani ONLINE ESET

Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET

Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET

Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET

Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET

Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET

Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET

Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET