Po restartu NTB vždy se vždy smaže komplet nastavení prohlížeče
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-06-2025
Ran by Ctibor (administrator) on DESKTOP-6V5B74G (Dell Inc. Inspiron 5570) (22-06-2025 20:04:41)
Running from C:\Users\Ctibor\Desktop\FRST64.exe
Loaded Profiles: Ctibor
Platform: Microsoft Windows 11 Home Version 24H2 26100.4351 (X64) Language: Čeština (Česko)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.Update.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.CoreServices.Client.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\ProgramData\windows-systempro\WPK.exe ->) () [File not signed] C:\ProgramData\windows-systempro\WPK64.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxEM.exe
(explorer.exe ->) () [File not signed] C:\ProgramData\windows-systempro\WPK.exe
(explorer.exe ->) (Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sidebar.exe
(explorer.exe ->) (Nenad Hrg -> Nenad Hrg SoftwareOK) C:\Users\Ctibor\AppData\Roaming\DesktopOK\DesktopOK_x64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(services.exe ->) (Dell Technologies Inc. -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Technologies Inc. -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c34fd594e40bf436\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c34fd594e40bf436\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_9c788f1d162b1224\RstMwService.exe
(services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RTUWPSrvcMain.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Program Files\WiFi6\WifiAutoInstall\WifiAutoInstallSrv.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25042.38.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-01-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1236688 2020-12-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [779000 2025-06-03] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752208 2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [iSafe] => C:\ProgramData\windows-systempro\WPK.exe [6162944 2014-12-13] () [File not signed]
HKLM\...\Policies\Explorer\Run: [] =>
HKLM\...\Policies\Explorer\Run: [LoginDat] => C:\ProgramData\windows-systempro\Microsoft2021.bat [301 2022-09-16] () [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [350032 2022-07-21] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\Run: [MicrosoftEdgeAutoLaunch_722402FE564A17466FA1FB51F8563678] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4141624 2025-06-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45381424 2024-12-27] (Gen Digital Inc. -> Piriform Software Ltd) [File not signed]
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\Run: [Advanced SystemCare] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [5858144 2025-04-11] (IObit CO., LTD -> IObit)
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\Run: [DesktopOK] => C:\Users\Ctibor\AppData\Roaming\DesktopOK\DesktopOK_x64.exe [1135880 2024-10-23] (Nenad Hrg -> Nenad Hrg SoftwareOK)
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\Run: [EPSON Stylus DX5000 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBVE.EXE [213504 2007-10-05] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) <==== ATTENTION
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\Policies\Explorer: [DisallowRun] 0
HKLM\...\Windows x64\Print Processors\sxj2mPC: C:\Windows\System32\spool\prtprocs\x64\sxj2mpc.dll [53136 2022-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2024-12-05] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON Stylus DX5000 Series 64MonitorBE: C:\Windows\system32\E_ILMBVE.DLL [108032 2007-12-07] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\sxj2m Langmon: C:\Windows\system32\sxj2mlm.dll [43920 2022-03-23] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\137.1.79.126\Installer\chrmstp.exe [2025-06-18] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\Users\Ctibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar259.lnk [2024-10-23]
ShortcutTarget: Sidebar259.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {021600F6-39FF-4C68-9576-C8DE75E971DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {297A00A2-D731-416D-A0CC-603DC38A5B59} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [5543264 2025-04-11] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/Task
Task: {88A22745-2CBD-4095-869A-BFA8B4C43A0F} - System32\Tasks\ASC_SkipUac_Ctibor => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [11147616 2025-04-11] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac
Task: {F77EA4F8-82E2-4A45-93B0-248FDC93DA70} - System32\Tasks\Avast Software\Avast Antivirus Patcher => C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus.exe [8839472 2025-05-20] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {13237922-A708-4F5C-93B2-A60ECEE3CC97} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5372152 2025-06-03] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {EC80A4DA-9A6E-4F20-A19C-2714747159A7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2564904 2024-11-19] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {23081700-7EE0-4FCB-9195-A22569A38A44} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{84867FDD-FCDB-4B7F-8107-4DBD4AF164CC} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-10-22] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {5A561CDB-80F9-4FAE-BCEB-A60E2D12A025} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{782E5D79-C369-4AF0-BCA2-29E29BB3576C} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-10-22] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {3A04B2B3-DF6F-40E7-B7A6-DC5848C86398} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [829408 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {4E12B08D-CD2B-4C9A-A9EA-E2F873F9DB13} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "217d6452-5167-45cb-94e0-b071ad80e3b4" --version "6.31.11415" --silent
Task: {618E2109-4386-48EA-94B5-552CD82D9732} - System32\Tasks\CCleanerSkipUAC - Ctibor => C:\Program Files\CCleaner\CCleaner.exe [39151920 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
Task: {95282D62-87E2-4FA2-90AF-350D02C233A3} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => c:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [1256104 2025-04-04] (Dell Technologies Inc. -> Dell Inc.) -> c:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate
Task: {CD0F1236-D5F4-474C-BD84-1FCC9C63D12E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [30992 2025-03-24] (Garmin International, Inc. -> )
Task: {0A51B696-692C-4611-BA9C-2CA3D10883E2} - System32\Tasks\IObit ANNI2025Sale (One-time) => C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\annien.exe [2770008 2025-06-06] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\\/rpop
Task: {60FC1CC9-9071-4B61-9A77-F407BA89D4C0} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2401792 2025-04-19] () [File not signed]
Task: {19042501-4267-49A7-A0E8-E586B18DAEB7} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ActionsServer\ActionsServer.exe [10454400 2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB073D69-AD22-4BC4-AE46-09EB0C7BA1EB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28583344 2025-06-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4A8A7D1-D417-42F4-95DD-C3DBE0F95379} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28583344 2025-06-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE443B29-EF03-4BEA-BC53-BEC0FE3345DD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [223096 2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {94081C98-EC5E-4E95-BED8-50D7BAF6453B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [223096 2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {9EDC88E8-483F-4062-A249-0532C02CBA58} - System32\Tasks\Microsoft\Office\Office Startup Boost => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [223096 2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3B5CC6A-FC51-42BB-9531-218A51CEB2B7} - System32\Tasks\Microsoft\Office\Office Startup Boost Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [223096 2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE0A2CFE-911D-45DD-B0D7-040FE4459250} - System32\Tasks\Microsoft\Windows\Hotpatch\Monitoring => C:\Windows\system32\cmd.exe [376832 2025-06-11] (Microsoft Windows -> Microsoft Corporation) -> /d /c %systemroot%\system32\hpatchmonTask.cmd
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {7DC8B6E0-61EC-44CC-BC24-5B664CD8C4B4} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-715329362-3617590162-3774514967-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695872 2025-06-09] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {B054C724-63DF-4613-BC79-63469184292F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-06-09] (Mozilla Corporation -> Mozilla Foundation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.0 account.zoner.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 8.8.8.8
Tcpip\..\Interfaces\{22d810aa-a38f-49ed-b074-8e5749a5c541}: [DhcpNameServer] 192.168.0.1 8.8.8.8
Tcpip\..\Interfaces\{22d810aa-a38f-49ed-b074-8e5749a5c541}: [DhcpDomain] www.tendawifi.com
Tcpip\..\Interfaces\{96cd14ff-1467-43d1-bb3a-f17de1b87267}: [DhcpNameServer] 192.168.0.1 8.8.8.8
Tcpip\..\Interfaces\{96cd14ff-1467-43d1-bb3a-f17de1b87267}: [DhcpDomain] www.tendawifi.com
Edge:
=======
Edge HomeButtonPage: HKU\S-1-5-21-715329362-3617590162-3774514967-1001 -> hxxps://www.ya.ru/?win=690&clid=9183479-678
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
FireFox:
========
FF DefaultProfile: 449va12t.default
FF ProfilePath: C:\Users\Ctibor\AppData\Roaming\Mozilla\Firefox\Profiles\449va12t.default [2025-06-22]
FF ProfilePath: C:\Users\Ctibor\AppData\Roaming\Mozilla\Firefox\Profiles\ufjr6i2g.default-release [2025-06-22]
FF Homepage: Mozilla\Firefox\Profiles\ufjr6i2g.default-release -> hxxps://www.seznam.cz/
FF Extension: (Google Translator for Firefox) - C:\Users\Ctibor\AppData\Roaming\Mozilla\Firefox\Profiles\ufjr6i2g.default-release\Extensions\translator@zoli.bod.xpi [2025-06-22]
FF Extension: (Live Stream Downloader) - C:\Users\Ctibor\AppData\Roaming\Mozilla\Firefox\Profiles\ufjr6i2g.default-release\Extensions\{2ea2bfef-af69-4427-909c-34e1f3f5a418}.xpi [2025-06-22]
FF Extension: (Video DownloadHelper) - C:\Users\Ctibor\AppData\Roaming\Mozilla\Firefox\Profiles\ufjr6i2g.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2025-06-22]
FF Extension: (600% Hlasitost zvuku) - C:\Users\Ctibor\AppData\Roaming\Mozilla\Firefox\Profiles\ufjr6i2g.default-release\Extensions\{c4b582ec-4343-438c-bda2-2f691c16c262}.xpi [2025-06-22]
FF Extension: (No Name) - C:\Users\Ctibor\AppData\Roaming\Mozilla\Firefox\Profiles\ufjr6i2g.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2025-06-22]
FF Extension: (Hlídač Shopů) - C:\Users\Ctibor\AppData\Roaming\Mozilla\Firefox\Profiles\ufjr6i2g.default-release\Extensions\{d6f0f975-91a3-4d78-96f7-5f1859ad18b6}.xpi [2025-06-22]
FF Extension: (Aliexpress SuperStar česky, Historie cen) - C:\Users\Ctibor\AppData\Roaming\Mozilla\Firefox\Profiles\ufjr6i2g.default-release\Extensions\{ea692a27-4873-406e-bbc6-010c2dd9e9b5}.xpi [2025-06-22]
FF Extension: (YouTube Video and Audio Downloader (Dev Edt.)) - C:\Users\Ctibor\AppData\Roaming\Mozilla\Firefox\Profiles\ufjr6i2g.default-release\Extensions\{f73df109-8fb4-453e-8373-f59e61ca4da3}.xpi [2025-06-22]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @java.com/DTPlugin,version=11.451.0 -> C:\Program Files\Java\jre1.8.0_451\bin\dtplugin\npDeployJava1.dll [2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.451.0 -> C:\Program Files\Java\jre1.8.0_451\bin\plugin2\npjp2.dll [2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-715329362-3617590162-3774514967-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-715329362-3617590162-3774514967-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ibknafobnmndicojahlppolcaaibngjf]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2025-06-22]
BRA HomePage: Default -> hxxps://www.seznam.cz/
BRA Extension: (Překladač Google) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2024-10-22]
BRA Extension: (Tipli: Cashback odměny a slevové kupóny) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2025-06-11]
BRA Extension: (Video Downloader PLUS) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\njgehaondchbmjmajphnhlojfnbfokng [2025-03-19]
BRA Profile: C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 1 [2025-06-22]
BRA Profile: C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 2 [2025-06-22]
BRA Profile: C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 3 [2025-06-22]
BRA Profile: C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 4 [2025-06-22]
BRA Profile: C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\Profile 5 [2025-06-22]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2025-06-19]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2025-06-20]
BRA Extension: (Brave NTP background images) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2025-04-19]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2025-06-22]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2025-06-22]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2025-05-09]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\efkihffiamafhbhefjaljejgdpkelpal [2025-06-22]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2025-05-14]
BRA Extension: (Brave Ads Resources) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\iejekkikpddbbockoldagmfcdbffomfc [2025-03-25]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2025-06-22]
BRA Extension: (Brave Ad Block Updater (EasyList Germany (plaintext))) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfmefmifdjlfneapckmpkinmlofjehbp [2025-06-22]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2025-03-25]
BRA Extension: (Brave Ad Block Updater (EasyList Czech and Slovak (plaintext))) - C:\Users\Ctibor\AppData\Local\BraveSoftware\Brave-Browser\User Data\oegebjahecghlckbhkmojgnpcgdeajdi [2025-06-04]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService18; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1851760 2024-08-13] (IObit CO., LTD -> IObit)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7378736 2025-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [1032440 2025-06-03] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2569464 2025-06-03] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1085176 2025-06-03] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2024-10-23] (Avast Software s.r.o. -> AVAST Software)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-10-22] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\137.1.79.126\elevation_service.exe [3195472 2025-06-18] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-10-22] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1087792 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13046648 2025-06-16] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [459456 2025-02-14] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [153792 2025-02-14] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [481984 2025-02-14] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22240 2024-09-26] (Dell Technologies Inc. -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [51648 2024-11-14] (Dell Technologies Inc. -> )
R2 DellTechHub; c:\Program Files\Dell\TechHub\Dell.TechHub.exe [153288 2025-02-20] (Dell Technologies Inc. -> Dell)
S3 hpatchmon; C:\Windows\system32\hpatchmon.dll [173472 2025-06-11] (Microsoft Windows -> Microsoft Corporation)
S4 LibreOfficeMaintenance; C:\Program Files\LibreOffice\program\update_service.exe [123304 2025-04-28] (The Document Foundation -> The Document Foundation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9577376 2025-06-21] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2024-12-27] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 QcomWlanSrv; C:\Windows\System32\drivers\QcomWlanSrvx64.exe [189800 2023-04-28] (Qualcomm Atheros, Inc. -> )
R2 RTUsbSwSrvc; C:\Windows\RTUWPSrvcMain.exe [947064 2023-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R2 SupportAssistAgent; c:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [148648 2025-04-04] (Dell Technologies Inc. -> Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WifiAutoInstallSrv; C:\Program Files\WiFi6\WifiAutoInstall\WifiAutoInstallSrv.exe [139672 2023-06-14] (Realtek Semiconductor Corp. -> Realtek)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2024-07-02] (IObit CO., LTD -> IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [30296 2025-03-18] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [21088 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [244320 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [390744 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [297568 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [85088 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [28280 2024-11-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [29792 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [281184 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [570976 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [92256 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72288 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [881760 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [1272896 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 aswStm; C:\Windows\System32\drivers\aswStm.sys [202312 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [392264 2025-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [110592 2024-11-12] (Microsoft Corporation) [File not signed]
R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2025-06-22] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R3 dcdbas; C:\Windows\System32\drivers\dcdbas64.sys [50824 2019-11-14] (Dell Inc. -> Dell Inc.)
R3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sys [35896 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-10-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2024-07-02] (IObit CO., LTD -> IObit)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [234072 2025-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\Drivers\farflt11.sys [241872 2025-06-22] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\Drivers\mbam.sys [80960 2025-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [242752 2025-06-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [190136 2025-06-22] (Malwarebytes Inc -> Malwarebytes)
S3 PlutonHeci; C:\Windows\System32\DriverStore\FileRepository\pluton-heci.inf_amd64_f74945e2fcb1d3d7\pluton-heci.sys [75168 2025-06-11] (Microsoft Windows -> Microsoft Corporation)
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R3 rtwlanu6; C:\Windows\System32\drivers\rtwlanu6.sys [7521240 2023-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [14224 2021-06-07] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 ThermalFilter; C:\Windows\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-04-09] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 IUFileFilter; \??\F:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
S3 IUProcessFilter; \??\F:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [X]
S3 IURegistryFilter; \??\F:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
Error Reading file: "C:\ProgramData\Desktop\Zoner Photo Studio X.lnk"
Error Reading file: "C:\ProgramData\Desktop\WinRAR.lnk"
Error Reading file: "C:\ProgramData\Desktop\VCap Downloader.lnk"
Error Reading file: "C:\ProgramData\Desktop\Social Video Downloader.lnk"
Error Reading file: "C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk"
Error Reading file: "C:\ProgramData\Desktop\Rar Password Recover.lnk"
Error Reading file: "C:\ProgramData\Desktop\Photo Studio 12.lnk"
Error Reading file: "C:\ProgramData\Desktop\Photo Maximizer 12.lnk"
Error Reading file: "C:\ProgramData\Desktop\Photo Focus 12.lnk"
Error Reading file: "C:\ProgramData\Desktop\OfficeSuite Slides.lnk"
Error Reading file: "C:\ProgramData\Desktop\OfficeSuite Sheets.lnk"
Error Reading file: "C:\ProgramData\Desktop\OfficeSuite PDF.lnk"
Error Reading file: "C:\ProgramData\Desktop\OfficeSuite Documents.lnk"
Error Reading file: "C:\ProgramData\Desktop\Microsoft Edge.lnk"
Error Reading file: "C:\ProgramData\Desktop\Malwarebytes.lnk"
Error Reading file: "C:\ProgramData\Desktop\LibreOffice 25.2.lnk"
Error Reading file: "C:\ProgramData\Desktop\Garmin Express.lnk"
Error Reading file: "C:\ProgramData\Desktop\Firefox.lnk"
Error Reading file: "C:\ProgramData\Desktop\EPSON Scan.lnk"
Error Reading file: "C:\ProgramData\Desktop\Easy Media Player.lnk"
Error Reading file: "C:\ProgramData\Desktop\desktop.ini"
Error Reading file: "C:\ProgramData\Desktop\CCleaner.lnk"
Error Reading file: "C:\ProgramData\Desktop\Brave.lnk"
Error Reading file: "C:\ProgramData\Desktop\Avast Free Antivirus.lnk"
Error Reading file: "C:\ProgramData\Desktop\Advanced SystemCare.lnk"
Error Reading file: "C:\ProgramData\Desktop\Adobe Acrobat.lnk"
Error Reading file: "C:\ProgramData\Desktop\ABBYY FineReader PDF.lnk"
Error Reading file: "C:\ProgramData\Desktop\4K YouTube to MP3.lnk"
Error Reading file: "C:\ProgramData\Desktop\4K Video Downloader+.lnk"
2025-06-22 20:04 - 2025-06-22 20:05 - 000039339 _____ C:\Users\Ctibor\Desktop\FRST.txt
2025-06-22 20:04 - 2025-06-22 20:05 - 000000000 ____D C:\FRST
2025-06-22 20:02 - 2025-06-22 20:02 - 002406912 _____ (Farbar) C:\Users\Ctibor\Desktop\FRST64.exe
2025-06-22 13:21 - 2025-06-22 19:59 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-06-22 13:21 - 2025-06-22 19:56 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2025-06-22 13:21 - 2025-06-22 13:21 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk
2025-06-22 13:21 - 2025-06-22 13:21 - 000001081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-06-22 13:21 - 2025-06-22 13:21 - 000001069 _____ C:\Users\Public\Desktop\Firefox.lnk
2025-06-22 13:21 - 2025-06-22 13:21 - 000000000 ____D C:\Users\Ctibor\AppData\Roaming\Mozilla
2025-06-22 13:21 - 2025-06-22 13:21 - 000000000 ____D C:\Users\Ctibor\AppData\Local\Mozilla
2025-06-22 13:21 - 2025-06-22 13:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-06-22 13:21 - 2025-06-22 13:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-06-22 13:15 - 2025-06-22 13:15 - 000714490 _____ C:\Windows\system32\perfh005.dat
2025-06-22 13:15 - 2025-06-22 13:15 - 000153652 _____ C:\Windows\system32\perfc005.dat
2025-06-22 13:10 - 2025-06-22 13:10 - 000012288 ___SH C:\DumpStack.log.tmp
2025-06-22 12:47 - 2025-06-22 12:47 - 000000000 ____D C:\Users\Ctibor\AppData\LocalLow\IGDump
2025-06-22 12:33 - 2025-06-22 12:33 - 000241872 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2025-06-22 12:32 - 2025-06-22 12:32 - 000190136 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2025-06-22 12:25 - 2025-06-22 13:10 - 003023586 ____N C:\Windows\Minidump\062225-9953-01.dmp
2025-06-22 11:38 - 2025-06-22 11:38 - 000020542 _____ C:\Users\Ctibor\Downloads\Mozilla-Recovery-Key_2025-06-22_ctibor.fisar@seznam.cz.pdf
2025-06-21 09:06 - 2025-06-21 09:06 - 000000090 _____ C:\logUploaderSettings_temp.ini
2025-06-21 09:06 - 2025-06-21 09:06 - 000000090 _____ C:\logUploaderSettings.ini
2025-06-21 09:06 - 2025-06-21 09:06 - 000000000 ____D C:\Windows\system32\%userprofile%
2025-06-21 09:05 - 2025-06-21 19:19 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-06-20 20:21 - 2025-06-20 20:21 - 137478144 _____ C:\Windows\system32\config\SOFTWARE.iobit
2025-06-20 20:21 - 2025-06-20 20:21 - 000966656 _____ C:\Windows\system32\config\DEFAULT.iobit
2025-06-20 20:21 - 2025-06-20 20:21 - 000094208 _____ C:\Windows\system32\config\SAM.iobit
2025-06-20 20:21 - 2025-06-20 20:21 - 000053248 _____ C:\Windows\system32\config\SECURITY.iobit
2025-06-20 20:10 - 2025-06-21 09:06 - 000000000 ___RD C:\Users\Default\OneDrive
2025-06-20 20:09 - 2025-06-20 20:09 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk
2025-06-20 19:47 - 2025-06-20 20:35 - 000003542 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2025-06-20 19:46 - 2025-06-20 19:46 - 000002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2025-06-20 19:46 - 2025-06-20 19:46 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-06-20 19:46 - 2025-06-20 19:46 - 000002065 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2025-06-20 19:45 - 2025-06-20 21:06 - 000000000 ____D C:\Users\Ctibor\AppData\Local\Adobe
2025-06-20 19:45 - 2025-06-20 19:46 - 000000000 ____D C:\Users\Ctibor\AppData\LocalLow\Adobe
2025-06-20 19:45 - 2025-06-20 19:45 - 000000000 ____D C:\Users\Ctibor\AppData\Roaming\com.adobe.dunamis
2025-06-20 19:45 - 2025-06-20 19:45 - 000000000 ____D C:\Users\Ctibor\AppData\Roaming\Adobe
2025-06-20 19:40 - 2025-06-20 21:06 - 000000000 ____D C:\ProgramData\Adobe
2025-06-20 19:40 - 2025-06-20 19:40 - 000000000 ____D C:\Program Files\Adobe
2025-06-20 19:15 - 2025-06-20 19:15 - 000000000 ____D C:\Users\Ctibor\AppData\Local\SolidDocuments
2025-06-20 19:15 - 2025-06-20 19:15 - 000000000 ____D C:\Users\Ctibor\.ms-ad
2025-06-20 19:01 - 2025-06-20 19:41 - 000000000 ____D C:\Program Files\Common Files\Adobe
2025-06-20 18:50 - 2025-06-20 18:50 - 000000000 ____D C:\Users\Ctibor\AppData\Roaming\Microsoft\AddIns
2025-06-20 18:47 - 2025-06-22 20:04 - 000000000 __SHD C:\Users\Public\L001
2025-06-20 18:47 - 2025-06-22 19:54 - 000001248 _____ C:\ProgramData\ixsaflog.dat
2025-06-20 18:47 - 2025-06-20 18:47 - 000000000 ___HD C:\ProgramData\windows-systempro
2025-06-20 18:35 - 2025-06-20 18:35 - 000002050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite PDF.lnk
2025-06-20 18:35 - 2025-06-20 18:35 - 000002038 _____ C:\Users\Public\Desktop\OfficeSuite PDF.lnk
2025-06-20 18:35 - 2025-06-20 18:35 - 000001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MobiSystems Update.lnk
2025-06-20 18:35 - 2025-06-20 18:35 - 000001267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite Mail.lnk
2025-06-20 18:35 - 2025-06-20 18:35 - 000001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite Documents.lnk
2025-06-20 18:35 - 2025-06-20 18:35 - 000001150 _____ C:\Users\Public\Desktop\OfficeSuite Documents.lnk
2025-06-20 18:35 - 2025-06-20 18:35 - 000001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite Slides.lnk
2025-06-20 18:35 - 2025-06-20 18:35 - 000001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite Sheets.lnk
2025-06-20 18:35 - 2025-06-20 18:35 - 000001133 _____ C:\Users\Public\Desktop\OfficeSuite Slides.lnk
2025-06-20 18:35 - 2025-06-20 18:35 - 000001133 _____ C:\Users\Public\Desktop\OfficeSuite Sheets.lnk
2025-06-20 17:44 - 2025-06-20 17:44 - 000002544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2025-06-20 17:44 - 2025-06-20 17:44 - 000002513 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2025-06-20 17:44 - 2025-06-20 17:44 - 000002508 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2025-06-20 17:44 - 2025-06-20 17:44 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2025-06-20 17:44 - 2025-06-20 17:44 - 000002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2025-06-20 17:44 - 2025-06-20 17:44 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2025-06-20 17:44 - 2025-06-20 17:44 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2025-06-20 17:44 - 2025-06-20 17:44 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2025-06-20 17:44 - 2025-06-20 17:44 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk
2025-06-20 17:44 - 2025-06-20 17:44 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2025-06-20 17:44 - 2025-06-20 17:44 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2025-06-20 17:42 - 2025-06-20 20:09 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2025-06-20 17:42 - 2025-06-20 17:42 - 000000000 ____D C:\Program Files\Microsoft Office 15
2025-06-20 16:08 - 2025-06-20 16:08 - 000066509 _____ C:\Users\Ctibor\Documents\img027.pdf
2025-06-20 15:50 - 2025-06-20 15:50 - 000748316 _____ C:\Users\Ctibor\Downloads\398519-859182400702744573.pdf
2025-06-20 15:50 - 2025-06-20 15:50 - 000064011 _____ C:\Users\Ctibor\Downloads\potvrzeni-smlouvy-398519-859182400702744573.pdf
2025-06-20 15:04 - 2025-06-20 15:04 - 000519058 _____ C:\Users\Ctibor\Downloads\CITYDONNA s.r.o. - 20254033.pdf
2025-06-20 15:04 - 2025-06-20 15:04 - 000517983 _____ C:\Users\Ctibor\Downloads\CITYDONNA s.r.o. - 20253616.pdf
2025-06-17 17:01 - 2025-06-17 17:01 - 000441296 _____ C:\Users\Ctibor\Downloads\Nothing Phone (3a) Pro User Guide - cs-CZ.pdf
2025-06-17 15:56 - 2025-06-17 15:56 - 000131007 _____ C:\Users\Ctibor\Downloads\KalZalohPruvDopisPrint_Fonergy 2026.pdf
2025-06-12 14:28 - 2025-06-12 14:28 - 000449941 _____ C:\Users\Ctibor\Downloads\stored_cenik-2025-cez-distribuce-a-s-elektrina-domacnost-fixovka-01-04-2025.pdf
2025-06-12 13:10 - 2025-06-12 13:10 - 000254813 _____ C:\Users\Ctibor\Downloads\Vyúčtování elektřiny od innogy za období 08.06.2024 - 06.06.2025 číslo 117002806672.pdf
2025-06-12 12:57 - 2025-06-12 12:57 - 004402334 _____ C:\Users\Ctibor\Downloads\pruvodce-sjednanim-smlouvy-online.pdf
2025-06-12 09:54 - 2025-06-12 09:54 - 000257382 _____ C:\Users\Ctibor\Downloads\Cenik.pdf
2025-06-11 09:53 - 2025-06-21 21:19 - 000000000 ____D C:\Windows\CbsTemp
2025-06-11 09:36 - 2025-06-11 09:36 - 000033224 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-06-11 09:36 - 2025-06-11 09:36 - 000033224 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2025-06-11 09:36 - 2025-06-11 09:36 - 000001555 _____ C:\Windows\system32\DeviceFeatureDDF.json
2025-06-11 09:04 - 2025-06-11 09:04 - 000008984 _____ C:\Users\Ctibor\Downloads\VP_202505_1133_1.92.PDF
2025-06-08 01:02 - 2025-06-08 01:02 - 000000000 ____D C:\Users\Ctibor\AppData\Roaming\VCapDL
2025-06-08 01:00 - 2025-06-08 01:00 - 000001110 _____ C:\Users\Public\Desktop\VCap Downloader.lnk
2025-06-08 01:00 - 2025-06-08 01:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCap Downloader
2025-06-08 00:59 - 2025-06-21 09:58 - 000000000 ____D C:\Users\Ctibor\AppData\Local\VCapDL
2025-06-06 17:23 - 2025-06-06 17:23 - 000000000 ____D C:\Users\Ctibor\AppData\Roaming\4kdownload.com
2025-06-06 09:27 - 2025-06-21 23:46 - 000002770 _____ C:\Windows\system32\Tasks\IObit ANNI2025Sale (One-time)
2025-06-03 18:44 - 2025-06-03 18:44 - 000320248 _____ (Gen Digital Inc.) C:\Windows\system32\aswBoot.exe
2025-06-01 18:37 - 2025-06-01 18:37 - 006266585 _____ C:\Users\Ctibor\Downloads\Desktop Calendar 3.23.236.7188.rar
2025-06-01 18:16 - 2025-06-01 18:16 - 000045566 _____ C:\Users\Ctibor\Downloads\Facebook_Group_Insights_6-01-2025.xlsx
2025-05-29 09:29 - 2025-05-30 23:40 - 000000000 ____D C:\Users\Ctibor\Desktop\Máma
2025-05-29 09:18 - 2025-05-29 09:18 - 010199040 _____ C:\Windows\system32\config\DRIVERS.iobit
2025-05-23 01:04 - 2025-05-23 01:04 - 000485325 _____ C:\Users\Ctibor\Downloads\Sencor kolobezka.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-06-22 20:00 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemTemp
2025-06-22 19:55 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\AppReadiness
2025-06-22 19:55 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-06-22 19:54 - 2024-10-23 16:36 - 000001224 _____ C:\ProgramData\pdinst.ini
2025-06-22 19:54 - 2024-10-23 00:58 - 000000000 ____D C:\Users\Ctibor\AppData\Local\D3DSCache
2025-06-22 19:54 - 2024-10-23 00:19 - 000000000 __SHD C:\Users\Ctibor\IntelGraphicsProfiles
2025-06-22 13:15 - 2024-05-27 09:07 - 001692324 _____ C:\Windows\system32\PerfStringBackup.INI
2025-06-22 13:15 - 2024-04-01 09:24 - 000000000 ____D C:\Windows\INF
2025-06-22 13:11 - 2025-03-20 10:38 - 000000000 ____D C:\Windows\Minidump
2025-06-22 13:11 - 2024-05-27 09:02 - 000008322 _____ C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-06-22 13:11 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ServiceState
2025-06-22 13:10 - 2024-10-23 00:19 - 000000000 ____D C:\Intel
2025-06-22 13:10 - 2024-05-27 21:19 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-06-22 13:10 - 2024-05-27 21:18 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-06-22 13:09 - 2024-10-23 15:57 - 000000000 ____D C:\Program Files\CCleaner
2025-06-22 13:09 - 2019-04-16 21:07 - 000000000 ____D C:\Users\Ctibor\Documents\ccleaner
2025-06-22 13:07 - 2024-10-27 16:00 - 000000000 ____D C:\Users\Ctibor\AppData\Local\Malwarebytes
2025-06-22 13:07 - 2024-10-23 17:00 - 000000000 ____D C:\Users\Ctibor\AppData\Local\CrashDumps
2025-06-22 13:06 - 2024-10-23 15:57 - 000002254 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - Ctibor
2025-06-21 23:46 - 2025-04-28 01:05 - 000002540 _____ C:\Windows\system32\Tasks\ASC_SkipUac_Ctibor
2025-06-21 23:46 - 2025-04-16 16:00 - 000003292 _____ C:\Windows\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2025-06-21 23:46 - 2024-10-23 19:19 - 000003024 _____ C:\Windows\system32\Tasks\klcp_update
2025-06-21 23:46 - 2024-10-23 16:42 - 000002648 _____ C:\Windows\system32\Tasks\ASC_PerformanceMonitor
2025-06-21 23:46 - 2024-10-23 00:55 - 000003508 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{782E5D79-C369-4AF0-BCA2-29E29BB3576C}
2025-06-21 23:46 - 2024-10-23 00:55 - 000003284 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{84867FDD-FCDB-4B7F-8107-4DBD4AF164CC}
2025-06-21 23:46 - 2024-05-27 21:20 - 000003644 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{712292AC-1268-4AA5-AEEA-25279DAED4A1}
2025-06-21 23:46 - 2024-05-27 21:20 - 000003418 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{0A24EBD0-ECFB-4B20-8C51-BD5B68620A2E}
2025-06-21 23:44 - 2024-10-23 18:26 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2025-06-21 23:10 - 2024-10-22 23:44 - 000000000 ____D C:\Users\Ctibor
2025-06-21 22:45 - 2024-10-23 18:24 - 000000000 ____D C:\ProgramData\Avast Software
2025-06-21 22:45 - 2024-04-01 09:21 - 000786432 _____ C:\Windows\system32\config\BBI
2025-06-21 19:19 - 2025-01-13 17:20 - 000632032 _____ C:\Windows\system32\FNTCACHE.DAT
2025-06-21 19:19 - 2024-10-22 23:44 - 000001527 _____ C:\Windows\system32\config\VSMIDK
2025-06-21 19:13 - 2024-10-23 00:07 - 000000000 ___RD C:\Users\Ctibor\OneDrive
2025-06-21 19:13 - 2024-10-23 00:03 - 000000000 ____D C:\Users\Ctibor\AppData\Local\Packages
2025-06-21 19:13 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-06-21 18:52 - 2024-10-23 16:42 - 000000000 ____D C:\ProgramData\ProductData3
2025-06-21 09:42 - 2024-05-27 08:58 - 000000000 ____D C:\ProgramData\Packages
2025-06-21 09:06 - 2024-05-27 21:20 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-06-21 09:06 - 2024-05-27 21:20 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-06-20 18:55 - 2025-05-18 00:40 - 000000000 ____D C:\Users\Ctibor\AppData\Local\MobiSystems
2025-06-20 18:35 - 2024-10-23 16:18 - 000000000 ____D C:\Program Files\MobiSystems
2025-06-20 18:34 - 2024-05-28 07:48 - 000000000 ____D C:\ProgramData\Package Cache
2025-06-20 17:42 - 2024-04-01 09:26 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-06-20 17:25 - 2024-09-02 20:57 - 000000000 ____D C:\Users\Ctibor\Desktop\Milh
2025-06-20 17:25 - 2024-03-30 19:47 - 000000000 ____D C:\Users\Ctibor\Desktop\elektrika St
2025-06-20 16:29 - 2024-10-23 08:45 - 000000000 ____D C:\Users\Ctibor\AppData\Local\PlaceholderTileLogoFolder
2025-06-20 12:06 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\bcastdvr
2025-06-20 11:58 - 2024-10-23 16:36 - 000000000 ____D C:\Users\Ctibor\AppData\Roaming\IObit
2025-06-20 11:58 - 2024-10-23 16:36 - 000000000 ____D C:\ProgramData\IObit
2025-06-18 20:10 - 2024-10-23 00:56 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2025-06-18 20:10 - 2024-10-23 00:56 - 000002325 _____ C:\Users\Public\Desktop\Brave.lnk
2025-06-15 15:26 - 2024-11-27 14:02 - 000000000 ____D C:\Users\Ctibor\AppData\Roaming\Telegram Desktop
2025-06-13 13:37 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\LiveKernelReports
2025-06-11 22:01 - 2024-10-23 00:13 - 000000000 ____D C:\Windows\system32\MRT
2025-06-11 21:58 - 2024-10-23 00:12 - 216824056 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-06-11 10:08 - 2024-04-01 10:08 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ___SD C:\Windows\SysWOW64\F12
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ___SD C:\Windows\system32\F12
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ___RD C:\Program Files\Windows Defender
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\UUS
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\setup
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\Com
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemResources
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\WinMetadata
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\ShellExperiences
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\setup
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\oobe
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\migwiz
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\Dism
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\DDFs
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\Com
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\appraiser
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ShellExperiences
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ShellComponents
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-06-11 10:08 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\BrowserCore
2025-06-11 10:03 - 2024-04-01 09:26 - 001384944 _____ C:\Windows\system32\vulkan-1.dll
2025-06-11 10:03 - 2024-04-01 09:26 - 001240024 _____ C:\Windows\SysWOW64\vulkan-1.dll
2025-06-11 09:35 - 2024-05-27 21:21 - 003383808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-06-03 18:46 - 2024-04-01 09:26 - 000000000 ___HD C:\Windows\ELAMBKUP
2025-05-29 09:35 - 2025-04-06 17:36 - 000000000 ____D C:\Users\Ctibor\Desktop\Nová složka
2025-05-29 09:34 - 2025-04-06 18:47 - 000000000 ____D C:\Users\Ctibor\Desktop\Kašpar
2025-05-24 08:42 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\SecurityHealth
==================== Files in the root of some directories ========
2025-06-20 18:47 - 2025-06-22 19:54 - 000001248 _____ () C:\ProgramData\ixsaflog.dat
2024-10-26 16:11 - 2024-02-29 12:06 - 001245696 _____ (NirSoft) C:\Program Files\WNetWatcher.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2025
Ran by Ctibor (22-06-2025 20:07:59)
Running from C:\Users\Ctibor\Desktop
Microsoft Windows 11 Home Version 24H2 26100.4351 (X64) (2024-10-22 22:02:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-715329362-3617590162-3774514967-500 - Administrator - Disabled)
Ctibor (S-1-5-21-715329362-3617590162-3774514967-1001 - Administrator - Enabled) => C:\Users\Ctibor
DefaultAccount (S-1-5-21-715329362-3617590162-3774514967-503 - Limited - Disabled)
Guest (S-1-5-21-715329362-3617590162-3774514967-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-715329362-3617590162-3774514967-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader+ (HKLM\...\{C4D1C2B3-E8E7-4222-9ABF-33120194BDAE}) (Version: 25.1.2.0198 - InterPromo GMBH) Hidden
4K Video Downloader+ (HKLM-x32\...\{e7affcdf-12b8-4b99-99fc-51b7778cebcd}) (Version: 25.0.2.185 - InterPromo GMBH)
4K YouTube to MP3 (HKLM\...\{EAA7A008-E658-4A8E-8F28-BD5D91BD06AE}) (Version: 5.7.3.0161 - Open Media LLC)
8GadgetPack (HKLM-x32\...\{A84C39EA-54FE-4CED-B464-97DA9201EB33}) (Version: 35.0.0 - 8GadgetPack.net)
ABBYY FineReader PDF (HKLM\...\{F16000FE-0003-6400-0000-074957833700}) (Version: 16.0.7300 - ABBYY Development, Inc.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 18.3.0 - IObit)
AIDA64 Engineer v7.00 (HKLM-x32\...\AIDA64 Engineer_is1) (Version: 7.00 - FinalWire Ltd.)
AIDA64 Extreme v7.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 7.00 - FinalWire Ltd.)
ANT Drivers Installer x64 (HKLM\...\{833EECDD-A14B-4E6C-8358-8F4E753F05C6}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 25.5.10141.2799 - Gen Digital Inc.)
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 137.1.79.126 - Autoři prohlížeče Brave)
CCleaner (HKLM\...\CCleaner) (Version: 6.31 - Piriform)
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
DaVinci Resolve (HKLM\...\{D2BA5866-0754-4A50-B5D6-320A6D7CE7F8}) (Version: 19.0.30005 - Blackmagic Design)
DaVinci Resolve Control Panels (HKLM\...\{3739CA49-792F-4F1F-9B76-42DFBBBED27E}) (Version: 2.3.0.0 - Blackmagic Design)
Dell Digital Delivery (HKLM-x32\...\{7B2D0B6F-F02D-4363-ACDF-00DE6247ACBC}) (Version: 3.5.2015.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\{396C54DB-3C24-4AD5-B514-F9FCEC2B7637}) (Version: 4.8.2.29006 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{F5391400-4596-46A6-9D3C-9D7647230679}) (Version: 5.5.13.0 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2b5a1544-c837-4b31-acb8-cb096c96013f}) (Version: 5.5.13.0 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{D3EFD276-F67A-45CD-B8A3-7CE38B2FF434}) (Version: 5.5.13.0 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{c7ccf084-ab05-431c-8474-6b66df04f996}) (Version: 5.5.13.0 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{B724D287-C1C8-472E-B56B-41AEA619740F}) (Version: 5.4.0 - Dell Inc.)
DesktopOK (HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\DesktopOK) (Version: - hxxp://www.softwareok.com/)
Elevated Installer (HKLM-x32\...\{6B8AEF96-FBF9-4078-ACEB-157931FF35A7}) (Version: 7.25.0.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Epson Software Updater (HKLM-x32\...\{711E8536-AB71-4455-A6C4-357FDBBEBF91}) (Version: 4.6.7 - Seiko Epson Corporation)
Garmin Express (HKLM-x32\...\{204E0646-AAEA-41C9-A271-EDB44893AE80}) (Version: 7.25.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{72a52974-5fb0-4261-9986-cda4e6bba3de}) (Version: 7.25.0.0 - Garmin Ltd or its subsidiaries)
InPixio Photo Studio (HKLM\...\{A9464FA3-18A0-4E63-A4A2-A585F1CDB890}_is1) (Version: 12.0.8112.30215 - CyberMania)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10209.6897 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{ACA5CFAC-9E99-4764-A7AD-AF5CF3FA15BF}) (Version: 17.0.2.1076 - Intel Corporation)
IrfanView 4.70 (64-bit) (HKLM\...\IrfanView64) (Version: 4.70 - Irfan Skiljan)
Java 8 Update 451 (64-bit) (HKLM\...\{71024AE4-039E-4CA4-87B4-2F64180451F0}) (Version: 8.0.4510.10 - Oracle Corporation)
K-Lite Mega Codec Pack 18.9.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 18.9.6 - KLCP)
Kodi (HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\Kodi) (Version: 21.2.0.0 - XBMC Foundation)
LibreOffice 25.2.3.2 (HKLM\...\{55CF6D12-B29A-4610-9E4A-1ACFE722B691}) (Version: 25.2.3.2 - The Document Foundation)
Malwarebytes version 5.3.2.195 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.3.2.195 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.13058.0 - Waves Audio Ltd.) Hidden
Microsoft .NET Host - 6.0.30 (x64) (HKLM\...\{543852FC-D0E4-481B-B2B2-BEB271DED058}) (Version: 48.120.13561 - Microsoft Corporation) Hidden
Microsoft .NET Host - 8.0.15 (x64) (HKLM\...\{4C903F19-B4C3-4D0C-8CC9-D444C511AF1C}) (Version: 64.60.31149 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.30 (x64) (HKLM\...\{E80165F8-5F40-42C5-82CE-BE934C750771}) (Version: 48.120.13561 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.15 (x64) (HKLM\...\{11CCC9F6-77AA-4421-9EAC-BAEC36D96817}) (Version: 64.60.31149 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.30 (x64) (HKLM\...\{63F2E1E5-10EC-4F55-B92D-D65A7AA41A15}) (Version: 48.120.13561 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.15 (x64) (HKLM\...\{8731E6E3-AF96-4515-ACEC-DBFB3DF55292}) (Version: 64.60.31149 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 137.0.3296.93 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 137.0.3296.93 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.18925.20076 - Microsoft Corporation)
Microsoft Project - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.18925.20076 - Microsoft Corporation)
Microsoft Visio - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.18925.20076 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34438 (HKLM-x32\...\{b49c10dd-4d54-45f8-ad13-fa25704456a4}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34438 (HKLM-x32\...\{ba10fda9-f731-441f-a999-000bbb7ceec2}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34438 (HKLM\...\{E528AD94-12D7-42C4-91A3-908BE28E9BD2}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34438 (HKLM\...\{2E15F519-4FDA-4834-B4EE-7EFCE7D8D4EE}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34438 (HKLM-x32\...\{A5592FEF-F948-4BA6-A066-8BBFC2DC7EE1}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34438 (HKLM-x32\...\{5D0C4511-3CA1-4FF8-A4BA-C0E1957ABEEA}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.30 (x64) (HKLM\...\{D624CDFC-3CDA-47F7-9F84-A3CCB8D3396B}) (Version: 48.120.13587 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.30 (x64) (HKLM-x32\...\{b2b66c6f-6c27-49d1-846a-6c27d322b9bb}) (Version: 6.0.30.33617 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.15 (x64) (HKLM\...\{0E4A7820-FDA4-4250-B7AC-E7A2F7B43B64}) (Version: 64.60.31203 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.15 (x64) (HKLM-x32\...\{5625bb48-295c-4113-bc92-d6a69b19b04c}) (Version: 8.0.15.34718 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 139.0.4 (x64 cs)) (Version: 139.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 139.0.4 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18925.20076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18925.20076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18925.20076 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.4229.1002 - Microsoft Corporation) Hidden
OfficeSuite (HKLM\...\{D07C7A60-FA63-45E8-B786-FA48E1DB3903}) (Version: 9.0.7661.1 - MobiSystems) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10531 - Qualcomm)
rar password recover (HKLM-x32\...\{960AA765-C020-452F-ABC1-EB0F359C9CD0}) (Version: 2.1.2 - Recover Password)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9107.1 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 5.3.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.3.7 - VS Revo Group, Ltd.)
Social Video Downloader 6 (HKLM-x32\...\Social Video Downloader_is1) (Version: - Social Media Apps)
SupportAssist Recovery Assistant (HKLM\...\{818691EE-2FC0-43B2-AE6A-BBFCBBF43CE2}) (Version: 5.5.12.0 - Dell Inc.)
Telegram Desktop (HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.15.4 - Telegram FZ-LLC)
VCap Downloader verze 0.1.29.6515.full (HKLM-x32\...\{B7CE4900-9635-4d7c-818F-B630C9D03127}_is1) (Version: 0.1.29.6515.full - VCap-developer)
WiFi 6 USB Wireless Adapter (HKLM\...\{C8B8A9CE-A789-41BA-86F2-EF7728B97B8C}_is1) (Version: 0.0.0.7 - WiFi6)
WinRAR 7.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.11.0 - win.rar GmbH)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.02(06.06.2021) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox Phaser 3020 (HKLM-x32\...\Xerox Phaser 3020) (Version: V1.07 (25.03.2022) - Xerox Corporation)
XnView MP (x64) (HKLM\...\XnView MP (x64)_is1) (Version: 1.8.7.0 - Pierre-e Gougelet)
Zoner Photo Studio X version 19 (HKLM-x32\...\{14CB8114-0103-4E85-888A-D67E9B305A92}_is1) (Version: 19 - )
Packages:
=========
@{MicrosoftWindows.54792954.Filons_1000.26100.4343.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.54792954.Filons/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.54792954.Filons_cw5n1h2txyewy [2025-06-20] (Microsoft Windows)
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3775.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-06-11] ()
@{MicrosoftWindows.56978801.Voiess_1000.26100.4343.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.56978801.Voiess/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.56978801.Voiess_cw5n1h2txyewy [2025-06-20] (Microsoft Windows)
@{MicrosoftWindows.57058570.Speion_1000.26100.4343.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.57058570.Speion/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.57058570.Speion_cw5n1h2txyewy [2025-06-20] (Microsoft Windows)
@{MicrosoftWindows.57074914.Livtop_1000.26100.4343.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.57074914.Livtop/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.57074914.Livtop_cw5n1h2txyewy [2025-06-20] (Microsoft Windows)
@{MicrosoftWindows.Client.CoreAI_1000.26100.4061.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.CoreAI/AIXHost/ClickToDo/AppDisplayName} -> C:\Windows\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-06-20] (Microsoft Windows)
@{MicrosoftWindows.Client.CoreAI_1000.26100.4343.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.CoreAI/AIXHost/ClickToDo/AppDisplayName} -> C:\Windows\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-06-20] (Microsoft Windows)
Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2025-06-20] ()
Akce kliknutím (náhled) -> C:\Windows\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-06-20] (Microsoft Windows)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-08] (INTEL CORP) [Startup Task]
Balíček prostředí funkcí systému Windows -> C:\Windows\SystemApps\SxS\MicrosoftWindows.54792954.Filons_cw5n1h2txyewy [2025-06-20] (Microsoft Windows)
Balíček prostředí funkcí systému Windows -> C:\Windows\SystemApps\SxS\MicrosoftWindows.56978801.Voiess_cw5n1h2txyewy [2025-06-20] (Microsoft Windows)
Balíček prostředí funkcí systému Windows -> C:\Windows\SystemApps\SxS\MicrosoftWindows.57058570.Speion_cw5n1h2txyewy [2025-06-20] (Microsoft Windows)
Balíček prostředí funkcí systému Windows -> C:\Windows\SystemApps\SxS\MicrosoftWindows.57074914.Livtop_cw5n1h2txyewy [2025-06-20] (Microsoft Windows)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_4.8.1.0_x64__htrsf667h5kn2 [2025-04-16] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_5.4.19.0_x86__htrsf667h5kn2 [2024-12-08] (Dell Inc)
Dolby Digital Plus decoder for PC OEMs -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyDigitalPlusDecoderOEM_1.1.285.0_x64__rz1tebttyb220 [2024-10-23] (Dolby Laboratories)
JDR RAR Password Recovery -> C:\Program Files\WindowsApps\VartikaSoftwarePrivateLim.JDRRARPasswordRecovery_3.0.10.0_neutral__e05h43p6ee69w [2024-12-28] (VARTIKA SOFTWARE PRIVATE LIMITED)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.42.0_x64__w1wdnht996qgy [2025-06-20] (LinkedIn) [Startup Task]
Malwarebytes Anti-Malware -> C:\Program Files\Malwarebytes\Anti-Malware [2025-06-21] ()
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-10-24] (Microsoft Corp.)
Microsoft.Edge.GameAssist -> C:\Program Files\WindowsApps\Microsoft.Edge.GameAssist_1.0.3336.0_x64__8wekyb3d8bbwe [2025-05-31] (Microsoft Corporation)
PDF X -> C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.4.12.0_x64__sbe4t8mqwq93a [2025-05-06] (NG PDF Lab) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2025-04-05] (win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-715329362-3617590162-3774514967-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Ctibor\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-715329362-3617590162-3774514967-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Ctibor\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-715329362-3617590162-3774514967-1001_Classes\CLSID\{2fd1b642-ca5d-4583-bccf-12ef694a9d59}\localserver32 -> C:\Program Files\MobiSystems\OfficeSuite\MobiSystemsUpdate.exe (MobiSystems, Inc. -> MobiSystems Inc.)
CustomCLSID: HKU\S-1-5-21-715329362-3617590162-3774514967-1001_Classes\CLSID\{9B1F8A90-DF55-4BB6-B78F-77F8C4632B37}\localserver32 -> C:\Program Files\ABBYY FineReader 16\FineUpdate.exe (ABBYY Development, Inc. -> ABBYY Development, Inc.)
CustomCLSID: HKU\S-1-5-21-715329362-3617590162-3774514967-1001_Classes\CLSID\{A95A6166-52C9-DF84-DA13-59F352A94236}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-715329362-3617590162-3774514967-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-715329362-3617590162-3774514967-1001_Classes\CLSID\{D67F690B-A20E-BDD2-D9EC-C2FBC353BFA1}\InprocServer32 -> C:\Program Files\Common Files\System\ole32.dll => No File
CustomCLSID: HKU\S-1-5-21-715329362-3617590162-3774514967-1001_Classes\CLSID\{F03AD58D-F0C9-4EF0-A996-EA65627E918C} -> [OnePlus 11 5G] => C:\Users\Ctibor\CrossDevice\OnePlus 11 5G [2025-01-13 15:37]
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-01-03] () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-06-03] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-06-03] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-06-03] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [FineReader16ContextMenu] -> {DCACA03D-01CA-410C-8F35-FBEB05CA8BF0} => C:\Program Files\ABBYY FineReader 16\FRIntegration.dll [2023-07-30] (ABBYY Development, Inc. -> ABBYY Development, Inc.)
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => F:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers1: [IXnView] -> {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} => C:\Program Files\XnViewMP\XnViewShellExt64.dll [2025-03-22] (Pierre GOUGELET -> )
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-06-03] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-06-21] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-01-03] () [File not signed]
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => F:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-06-03] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [FineReader16ContextMenu] -> {DCACA03D-01CA-410C-8F35-FBEB05CA8BF0} => C:\Program Files\ABBYY FineReader 16\FRIntegration.dll [2023-07-30] (ABBYY Development, Inc. -> ABBYY Development, Inc.)
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => F:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-06-21] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2014-03-22 03:09 - 2014-03-22 03:09 - 000194048 _____ () [File not signed] C:\ProgramData\windows-systempro\curllib.dll
2014-03-22 03:09 - 2014-03-22 03:09 - 000078336 _____ () [File not signed] C:\ProgramData\windows-systempro\IMME.dll
2014-03-22 03:09 - 2014-03-22 03:09 - 000066048 _____ () [File not signed] C:\ProgramData\windows-systempro\IMME64.dll
2014-03-22 03:09 - 2014-03-22 03:09 - 000110592 _____ () [File not signed] C:\ProgramData\windows-systempro\OpenLDAP.dll
2014-03-22 03:09 - 2014-03-22 03:09 - 000198656 _____ (Carnegie Mellon University) [File not signed] C:\ProgramData\windows-systempro\libsasl.dll
2024-10-23 15:52 - 2022-06-27 12:21 - 000660992 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
2019-01-03 18:16 - 2019-01-03 18:16 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2014-03-22 03:09 - 2014-03-22 03:09 - 001016832 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\windows-systempro\LIBEAY32.dll
2014-03-22 03:09 - 2014-03-22 03:09 - 000274432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\windows-systempro\SSLEAY32.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.ya.ru/?win=690&clid=9183479-678
SearchScopes: HKU\S-1-5-21-715329362-3617590162-3774514967-1001 -> DefaultScope 1017d3e6-04f5-11f0-9bb3-54bf6406aff7 URL = hxxps://yandex.ru/search/?win=690&clid=9183481-678&text={searchTerms}
SearchScopes: HKU\S-1-5-21-715329362-3617590162-3774514967-1001 -> 1017d3e6-04f5-11f0-9bb3-54bf6406aff7 URL = hxxps://yandex.ru/search/?win=690&clid=9183481-678&text={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_451\bin\ssv.dll [2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_451\bin\jp2ssv.dll [2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-20] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2024-04-01 09:26 - 2025-06-20 19:47 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 account.zoner.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\java8path;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ctibor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: Qualcomm QCA9377 802.11ac Wireless Adapter -> Qcamain10x64.sys
Ethernet: Realtek PCIe FE Family Controller -> rt640x64.sys
Wi-Fi 2: Realtek 8832AU Wireless LAN WiFi 6 USB NIC -> rtwlanu6.sys
Síťové připojení Bluetooth: Bluetooth Device (Personal Area Network) -> bthpan.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run: => "VCVS06EN"
HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "kpm_tray.exe"
HKLM\...\StartupApproved\Run32: => "OODefragTray"
HKLM\...\StartupApproved\Run32: => "Phantom_Sl"
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\StartupApproved\Run: => "EPSDNMON"
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_722402FE564A17466FA1FB51F8563678"
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{486A38D6-CD14-4362-8CE4-A708CFA4525D}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [UDP Query User{28ED948C-297F-41B1-A49D-A6305224CBE1}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Allow) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{732BC240-024A-4647-9E36-E229AF7577AF}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{6C5E52C6-8392-4A1C-B564-E1449ECFF4CB}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3B93CBC9-9E8C-479E-9795-210247C945F7}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2595E9C3-70C1-4E6A-9A0B-19C64036F496}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0399AE7D-EA20-43F6-A3D4-C56819330AA3}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FAC28A5E-C382-4F1E-9D17-C492087F573C}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FCA27904-087C-48A3-841F-824EAFB785C0}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{EC05619C-9F8D-4EFF-9B78-90B25B374983}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{75F74648-5DB2-4403-99B9-7F4ED296E87A}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C0E0F0ED-6DD5-45F8-B0BB-19006896DECC}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A4883D56-9B91-47BB-BC2D-DB14A7B69121}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8196E7AD-8BE3-4214-BB77-E831CBE5E199}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{370D76CA-930B-4832-84E6-3E2CE66B1716}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2BA01CE0-3FAD-4E8E-9AF8-5E98C8501718}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6830182E-5EFF-4CDF-A112-8A844986CC35}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BF2A636C-09A2-4B8C-BE06-9A08F8B1F723}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C5EC5DFB-1CBE-48D3-B12E-EB8EA5EEDB04}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2D919621-4BCF-487F-AE57-9532475759E7}] => (Allow) C:\Windows\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{86FA9833-ADE7-4E9B-8DC6-78414A2523D1}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{2FB39580-508D-4E92-A7BF-550DCDEF6A76}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9F7A6CE8-F301-433C-B923-217C675E1743}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C4AE64EF-A508-4CAC-B724-8D7FB68D0F15}] => (Allow) C:\Program Files\MobiSystems\OfficeSuite\OfficeSuite.Collaboration.exe (MobiSystems, Inc. -> MobiSystems Inc.)
FirewallRules: [{4B156209-3273-4387-97A3-68F74E5B03B9}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{00EF9161-6C06-4D2E-8EF1-D6C56075059D}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef\AcroCEF.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{5A0C15B1-419C-4604-BD5B-9D81F04005BB}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{5E4FA3DC-6EBB-4591-B1E2-BABEDA5862EF}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{8E33859D-B91E-4246-B93A-78A05D330B45}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef\AcroCEF.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{168A7D48-8D1C-4057-B981-08D8954DA4FD}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{291C1ECF-1F16-492D-B0AE-E140D81562BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{86D13368-2101-4E81-9D80-A443C36F2A5A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{687FE375-D53F-4DB0-BA16-76266D646C8C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DB9EAAEB-DB7C-471C-AC85-D32E6B11429C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\137.0.3296.93\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B047CC8D-4F3E-4DBF-ABAF-80F959E992CF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{35A8FB5A-B0A6-4DE8-AF5D-C4AB6F69F1E1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
==================== Restore Points =========================
20-06-2025 18:32:46 Revo Uninstaller Pro's restore point - OfficeSuite
20-06-2025 18:35:14 Installed OfficeSuite
20-06-2025 18:46:57 Installed system windows .....
20-06-2025 19:23:15 Revo Uninstaller Pro's restore point - Adobe Acrobat (64-bit)
21-06-2025 19:11:02 Revo Uninstaller Pro's restore point - Mozilla Firefox (x64 cs)
21-06-2025 19:12:07 Revo Uninstaller Pro's restore point - Mozilla Firefox (x64 cs)
21-06-2025 19:13:27 Revo Uninstaller Pro's restore point - Microsoft OneDrive
22-06-2025 12:46:44 Revo Uninstaller Pro's restore point - Mozilla Firefox (x64 cs)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/22/2025 12:46:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {7ae9fc40-6429-4af4-959b-601454e1a3e2}
Error: (06/21/2025 08:28:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {a2bd1b49-2557-4813-8ab2-694539148fca}
Error: (06/21/2025 08:26:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {a2bd1b49-2557-4813-8ab2-694539148fca}
Error: (06/21/2025 07:20:21 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: Registrace certifikátu SCEP pro WORKGROUP\DESKTOP-6V5B74G$ přes https://INTC-KeyId-6ca9df62a1aae23e0feb ... s/Aik/scep se nepovedla:
SubmitDone
GetCACertChain: OK
HTTP/1.1 200 OK
Date: Sat, 21 Jun 2025 17:20:17 GMT
Content-Length: 5903
Content-Type: application/x-x509-ca-ra-cert
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 4803ff43-fd79-4d1a-8661-1ff0ac216a19
Metoda: POST(9297ms)
Fáze: SubmitDone
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (06/21/2025 07:19:50 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (6624,R,98,0) WebCacheLocal: Při otevírání souboru protokolu C:\Users\Ctibor\AppData\Local\Microsoft\Windows\WebCache\V0100007.log došlo k chybě -1811 (0xfffff8ed).
Error: (06/21/2025 07:11:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {a96a2f41-f6c8-44f4-8afe-593e7e8757d7}
Error: (06/20/2025 09:18:45 PM) (Source: Firefox Notification Server) (EventID: 0) (User: )
Description: Event-ID 0
Error: (06/20/2025 09:02:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {a96a2f41-f6c8-44f4-8afe-593e7e8757d7}
System errors:
=============
Error: (06/22/2025 01:11:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Intel(R) TPM Provisioning Service bylo dosaženo časového limitu (45000 ms).
Error: (06/22/2025 01:10:46 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT AUTHORITY)
Description: Služba protokolování událostí zjistila při inicializaci publikačních prostředků chybu v kanálu Microsoft-Windows-USBVideo/Analytic. V případě analytického nebo ladicího typu kanálu to může znamenat, že došlo také k chybě při inicializaci přihlašovacích prostředků.
Error: (06/22/2025 01:10:44 PM) (Source: Microsoft-Windows-WER-SystemErrorReporting) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x000000ef (0xffff89090dc81080, 0x0000000000000000, 0xffff89091b4a2080, 0x0000000000000000)C:\Windows\Minidump\062225-9953-01.dmp5357b4cb-1be6-40cd-89ab-5f140f44b750
Error: (06/22/2025 01:10:36 PM) (Source: volmgr) (EventID: 162) (User: )
Description: Soubor se stavem systému byl úspěšně vygenerován.
Error: (06/22/2025 01:10:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (13:05:38, 22.06.2025) bylo neočekávané.
Error: (06/22/2025 01:07:40 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-6V5B74G)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (06/22/2025 12:25:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Intel(R) TPM Provisioning Service bylo dosaženo časového limitu (45000 ms).
Error: (06/22/2025 12:25:38 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT AUTHORITY)
Description: Služba protokolování událostí zjistila při inicializaci publikačních prostředků chybu v kanálu Microsoft-Windows-USBVideo/Analytic. V případě analytického nebo ladicího typu kanálu to může znamenat, že došlo také k chybě při inicializaci přihlašovacích prostředků.
Windows Defender:
================
Date: 2024-10-23 18:23:00
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Agent!pz
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Ctibor\Desktop\IDM_6.4x_Crack_v19.7.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: DESKTOP-6V5B74G\Ctibor
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.419.668.0, AS: 1.419.668.0, NIS: 1.419.668.0
Verze modulu: AM: 1.1.24080.9, NIS: 1.1.24080.9
Date: 2024-10-23 18:22:55
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Crack!MTB
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Ctibor\Desktop\IDM_6.4x_Crack_v19.7.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-6V5B74G\Ctibor
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.419.668.0, AS: 1.419.668.0, NIS: 1.419.668.0
Verze modulu: AM: 1.1.24080.9, NIS: 1.1.24080.9
Date: 2024-10-23 18:22:09
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Agent!pz
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa6868.33838.rartemp\IDM_6.4x_Crack_v19.7.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-6V5B74G\Ctibor
Název procesu: C:\Program Files\WinRAR\WinRAR.exe
Verze bezpečnostních informací: AV: 1.419.668.0, AS: 1.419.668.0, NIS: 1.419.668.0
Verze modulu: AM: 1.1.24080.9, NIS: 1.1.24080.9
Date: 2024-10-23 16:49:33
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Patcher!MTB
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe; process:_pid:8212,ProcessStart:133741685580743322
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe
Verze bezpečnostních informací: AV: 1.419.668.0, AS: 1.419.668.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.24080.9, NIS: 0.0.0.0
Date: 2024-10-23 16:49:16
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Patcher!MTB
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.419.668.0, AS: 1.419.668.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.24080.9, NIS: 0.0.0.0
CodeIntegrity:
===============
Date: 2025-06-22 20:04:32
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
Date: 2025-06-22 20:00:24
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. 1.14.0 04/06/2023
Motherboard: Dell Inc. 0D65FD
Processor: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
Percentage of memory in use: 42%
Total physical RAM: 16281.29 MB
Available physical RAM: 9426.89 MB
Total Virtual: 17305.29 MB
Available Virtual: 10584.25 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:462.38 GB) (Free:253.83 GB) (Model: Lexar SSD NM620 512GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:179.42 GB) (Model: ST1000LM035-1RK172) NTFS
\\?\Volume{45622e2d-a71b-43dd-9251-bc924e7f9411}\ (WINRETOOLS) (Fixed) (Total:1.27 GB) (Free:0.17 GB) NTFS
\\?\Volume{c924d456-508b-4a18-8964-c62d8fbdaae1}\ (Image) (Fixed) (Total:11.41 GB) (Free:3.2 GB) NTFS
\\?\Volume{fc734c58-c404-4fd6-bb36-ab2cb3da72dd}\ (DELLSUPPORT) (Fixed) (Total:1.12 GB) (Free:0.03 GB) NTFS
\\?\Volume{3b39ea2b-1714-4197-a9a6-518fde9cdab0}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.54 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3D343657)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o pomoc s odvirováním
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
-
Rudy
- Site Admin
- Příspěvky: 119366
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752208 2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [] =>
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\Run: [EPSON Stylus DX5000 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBVE.EXE [213504 2007-10-05] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0A51B696-692C-4611-BA9C-2CA3D10883E2} - System32\Tasks\IObit ANNI2025Sale (One-time) => C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\annien.exe [2770008 2025-06-06] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\\/rpop
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
R2 AdvancedSystemCareService18; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1851760 2024-08-13] (IObit CO., LTD -> IObit)
R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2024-07-02] (IObit CO., LTD -> IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [30296 2025-03-18] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2025-06-22] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 IUFileFilter; \??\F:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
S3 IUProcessFilter; \??\F:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [X]
S3 IURegistryFilter; \??\F:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [X]
C:\DumpStack.log.tmp
C:\Windows\system32\config\SOFTWARE.iobit
C:\Windows\system32\config\DEFAULT.iobit
C:\Windows\system32\config\SAM.iobit
C:\Windows\system32\config\SECURITY.iobit
C:\Windows\system32\Tasks\IObit ANNI2025Sale (One-time)
C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
C:\Users\Ctibor\AppData\Roaming\IObit
C:\ProgramData\IObit
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => F:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => F:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => F:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
C:\Users\Ctibor\Desktop\IDM_6.4x_Crack_v19.7.exe
C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa6868.33838.rartemp\IDM_6.4x_Crack_v19.7.exe
C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe; process:_pid:8212,ProcessStart:133741685580743322
C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe
Hosts:
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
ccc
- Vzorný návštěvník
- Příspěvky: 198
- Registrován: 10 lis 2006 06:49
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
Po restartu po fix FF opět smazáno původní nastavení
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-06-2025
Ran by Ctibor (22-06-2025 21:20:51) Run:1
Running from C:\Users\Ctibor\Desktop
Loaded Profiles: Ctibor
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752208 2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [] =>
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\Run: [EPSON Stylus DX5000 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBVE.EXE [213504 2007-10-05] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0A51B696-692C-4611-BA9C-2CA3D10883E2} - System32\Tasks\IObit ANNI2025Sale (One-time) => C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\annien.exe [2770008 2025-06-06] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\\/rpop
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
R2 AdvancedSystemCareService18; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1851760 2024-08-13] (IObit CO., LTD -> IObit)
R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2024-07-02] (IObit CO., LTD -> IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [30296 2025-03-18] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2025-06-22] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 IUFileFilter; \??\F:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
S3 IUProcessFilter; \??\F:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [X]
S3 IURegistryFilter; \??\F:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [X]
C:\DumpStack.log.tmp
C:\Windows\system32\config\SOFTWARE.iobit
C:\Windows\system32\config\DEFAULT.iobit
C:\Windows\system32\config\SAM.iobit
C:\Windows\system32\config\SECURITY.iobit
C:\Windows\system32\Tasks\IObit ANNI2025Sale (One-time)
C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
C:\Users\Ctibor\AppData\Roaming\IObit
C:\ProgramData\IObit
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => F:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => F:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => F:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
C:\Users\Ctibor\Desktop\IDM_6.4x_Crack_v19.7.exe
C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa6868.33838.rartemp\IDM_6.4x_Crack_v19.7.exe
C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe; process:_pid:8212,ProcessStart:133741685580743322
C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-715329362-3617590162-3774514967-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON Stylus DX5000 Series" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A51B696-692C-4611-BA9C-2CA3D10883E2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A51B696-692C-4611-BA9C-2CA3D10883E2}" => removed successfully
C:\Windows\System32\Tasks\IObit ANNI2025Sale (One-time) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IObit ANNI2025Sale (One-time)" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
AdvancedSystemCareService18 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\AdvancedSystemCareService18 => removed successfully
AdvancedSystemCareService18 => service removed successfully
AscFileFilter => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\AscFileFilter => removed successfully
AscFileFilter => service removed successfully
AscRegistryFilter => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\AscRegistryFilter => removed successfully
AscRegistryFilter => service removed successfully
cpuz154 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\cpuz154 => removed successfully
cpuz154 => service removed successfully
HKLM\System\CurrentControlSet\Services\IUFileFilter => removed successfully
IUFileFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\IUProcessFilter => removed successfully
IUProcessFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\IURegistryFilter => removed successfully
IURegistryFilter => service removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
C:\Windows\system32\config\SOFTWARE.iobit => moved successfully
C:\Windows\system32\config\DEFAULT.iobit => moved successfully
C:\Windows\system32\config\SAM.iobit => moved successfully
C:\Windows\system32\config\SECURITY.iobit => moved successfully
"C:\Windows\system32\Tasks\IObit ANNI2025Sale (One-time)" => not found
Could not move "C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2" => Scheduled to move on reboot.
"C:\Users\Ctibor\AppData\Roaming\IObit" Folder move:
C:\Users\Ctibor\AppData\Roaming\IObit => moved successfully
"C:\ProgramData\IObit" Folder move:
C:\ProgramData\IObit => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUninstaller => removed successfully
HKLM\Software\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Advanced SystemCare => removed successfully
HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Advanced SystemCare => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\Advanced SystemCare => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Advanced SystemCare => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUninstaller => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUninstaller => removed successfully
"C:\Users\Ctibor\Desktop\IDM_6.4x_Crack_v19.7.exe" => not found
"C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa6868.33838.rartemp\IDM_6.4x_Crack_v19.7.exe" => not found
"C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe; process:_pid:8212,ProcessStart:133741685580743322" => not found
"C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13746230 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 3626046 B
Edge => 0 B
Chrome => 0 B
Brave => 417353230 B
Firefox => 25632875 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5740 B
NetworkService => 5740 B
Ctibor => 9577922 B
RecycleBin => 72566936 B
EmptyTemp: => 517.4 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-06-2025 21:22:10)
C:\DumpStack.log.tmp => Could not move
C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2 => Could not move
==== End of Fixlog 21:22:10 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-06-2025
Ran by Ctibor (22-06-2025 21:20:51) Run:1
Running from C:\Users\Ctibor\Desktop
Loaded Profiles: Ctibor
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752208 2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [] =>
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\...\Run: [EPSON Stylus DX5000 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBVE.EXE [213504 2007-10-05] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0A51B696-692C-4611-BA9C-2CA3D10883E2} - System32\Tasks\IObit ANNI2025Sale (One-time) => C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\annien.exe [2770008 2025-06-06] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\\/rpop
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
R2 AdvancedSystemCareService18; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1851760 2024-08-13] (IObit CO., LTD -> IObit)
R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2024-07-02] (IObit CO., LTD -> IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [30296 2025-03-18] (Microsoft Windows Hardware Compatibility Publisher -> IObit)
R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2025-06-22] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 IUFileFilter; \??\F:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
S3 IUProcessFilter; \??\F:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [X]
S3 IURegistryFilter; \??\F:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [X]
C:\DumpStack.log.tmp
C:\Windows\system32\config\SOFTWARE.iobit
C:\Windows\system32\config\DEFAULT.iobit
C:\Windows\system32\config\SAM.iobit
C:\Windows\system32\config\SECURITY.iobit
C:\Windows\system32\Tasks\IObit ANNI2025Sale (One-time)
C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
C:\Users\Ctibor\AppData\Roaming\IObit
C:\ProgramData\IObit
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => F:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2024-07-25] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => F:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => F:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
C:\Users\Ctibor\Desktop\IDM_6.4x_Crack_v19.7.exe
C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa6868.33838.rartemp\IDM_6.4x_Crack_v19.7.exe
C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe; process:_pid:8212,ProcessStart:133741685580743322
C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-715329362-3617590162-3774514967-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON Stylus DX5000 Series" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKU\S-1-5-21-715329362-3617590162-3774514967-1001\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A51B696-692C-4611-BA9C-2CA3D10883E2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A51B696-692C-4611-BA9C-2CA3D10883E2}" => removed successfully
C:\Windows\System32\Tasks\IObit ANNI2025Sale (One-time) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IObit ANNI2025Sale (One-time)" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
AdvancedSystemCareService18 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\AdvancedSystemCareService18 => removed successfully
AdvancedSystemCareService18 => service removed successfully
AscFileFilter => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\AscFileFilter => removed successfully
AscFileFilter => service removed successfully
AscRegistryFilter => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\AscRegistryFilter => removed successfully
AscRegistryFilter => service removed successfully
cpuz154 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\cpuz154 => removed successfully
cpuz154 => service removed successfully
HKLM\System\CurrentControlSet\Services\IUFileFilter => removed successfully
IUFileFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\IUProcessFilter => removed successfully
IUProcessFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\IURegistryFilter => removed successfully
IURegistryFilter => service removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
C:\Windows\system32\config\SOFTWARE.iobit => moved successfully
C:\Windows\system32\config\DEFAULT.iobit => moved successfully
C:\Windows\system32\config\SAM.iobit => moved successfully
C:\Windows\system32\config\SECURITY.iobit => moved successfully
"C:\Windows\system32\Tasks\IObit ANNI2025Sale (One-time)" => not found
Could not move "C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2" => Scheduled to move on reboot.
"C:\Users\Ctibor\AppData\Roaming\IObit" Folder move:
C:\Users\Ctibor\AppData\Roaming\IObit => moved successfully
"C:\ProgramData\IObit" Folder move:
C:\ProgramData\IObit => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUninstaller => removed successfully
HKLM\Software\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Advanced SystemCare => removed successfully
HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Advanced SystemCare => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\Advanced SystemCare => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Advanced SystemCare => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUninstaller => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUninstaller => removed successfully
"C:\Users\Ctibor\Desktop\IDM_6.4x_Crack_v19.7.exe" => not found
"C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa6868.33838.rartemp\IDM_6.4x_Crack_v19.7.exe" => not found
"C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe; process:_pid:8212,ProcessStart:133741685580743322" => not found
"C:\Users\Ctibor\AppData\Local\Temp\Rar$EXa12972.26544.rartemp\MADARA.exe" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13746230 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 3626046 B
Edge => 0 B
Chrome => 0 B
Brave => 417353230 B
Firefox => 25632875 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5740 B
NetworkService => 5740 B
Ctibor => 9577922 B
RecycleBin => 72566936 B
EmptyTemp: => 517.4 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-06-2025 21:22:10)
C:\DumpStack.log.tmp => Could not move
C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2 => Could not move
==== End of Fixlog 21:22:10 ====
-
Rudy
- Site Admin
- Příspěvky: 119366
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
ccc
- Vzorný návštěvník
- Příspěvky: 198
- Registrován: 10 lis 2006 06:49
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
Bohužel jak jsem psal tak po restartu po fixnutí i ted po dalším restatu opět ve Firefoxu všechna nastavení smazána a naskočí uvítací stránka - "Vítá vás Firefox
Pokračováním souhlasíte s Podmínkami používání Firefoxu a našimi Zásadami ochrany osobních údajů. Za účelem vylepšení prohlížeče Firefox odesílá diagnostické údaje a údaje o interakcích organizaci Mozilla."
Pokračováním souhlasíte s Podmínkami používání Firefoxu a našimi Zásadami ochrany osobních údajů. Za účelem vylepšení prohlížeče Firefox odesílá diagnostické údaje a údaje o interakcích organizaci Mozilla."
-
Rudy
- Site Admin
- Příspěvky: 119366
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
Dělá to pouze FF, nebo i jiné prohlížeče? Pokud jen FF, zkontrolujte, zda nemáte v nastavení povoleno "vymazat cookies a data stránek" :pokud ano, zrušte zatržítko a restartujte FF.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
ccc
- Vzorný návštěvník
- Příspěvky: 198
- Registrován: 10 lis 2006 06:49
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
Rudy, dělá mi to pouze FF, Brave je ok. Zatržítko u "vymazání cookies a dat" jsem zapnuté neměl, ani nemám. FF jsem i odinstaloval a smazal snad všechny možné zbytky, ale dělá mi to stále
-
ccc
- Vzorný návštěvník
- Příspěvky: 198
- Registrován: 10 lis 2006 06:49
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
Ještě dodám, že to dělá pouze po zapnutí ntb, když jen vypnu a zapnu FF tak je vše ok
-
Rudy
- Site Admin
- Příspěvky: 119366
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
1. Zkuste obnovi výchozí nastavení FF: https://o-seznam.cz/napoveda/prohlizece ... nastaveni/ : Je to divné, ale takový virus jsme tu neměli. Pokud to nepomůže, pak
2. Spusťte tuto utilitu:
2. Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
ccc
- Vzorný návštěvník
- Příspěvky: 198
- Registrován: 10 lis 2006 06:49
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
Právě to výchozí nastavení FF se vždy udělalo po každým restartu NTB a ani tímto postupem se nic nezměnilo, po nastavení jen domovský stránky a následného restartu ntb a po otevření FF se otevře bez jakéhokoliv nastavení
# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-23-2025
# Duration: 00:00:15
# OS: Windows 11 (Build 26100.4351)
# Scanned: 32097
# Detected: 41
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Ctibor\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Ctibor\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
***** [ Files ] *****
PUP.Optional.AdvancedSystemCare C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main|HomeButtonPage
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\1017d3e6-04f5-11f0-9bb3-54bf6406aff7
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
PUP.Optional.MediaGet HKCU\Software\Media Get LLC
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.DellDigitalDelivery Folder C:\Program Files (x86)\DELL DIGITAL DELIVERY
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Folder C:\Users\Ctibor\Documents\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95282D62-87E2-4FA2-90AF-350D02C233A3}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95282D62-87E2-4FA2-90AF-350D02C233A3}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
AdwCleaner[S00].txt - [6318 octets] - [20/03/2025 09:33:30]
AdwCleaner[S01].txt - [6379 octets] - [21/06/2025 23:06:41]
AdwCleaner[S02].txt - [6440 octets] - [22/06/2025 12:09:10]
AdwCleaner[S03].txt - [6501 octets] - [22/06/2025 12:15:56]
AdwCleaner[S04].txt - [6562 octets] - [22/06/2025 12:20:09]
AdwCleaner[S05].txt - [6208 octets] - [22/06/2025 13:09:46]
AdwCleaner[S06].txt - [6269 octets] - [22/06/2025 13:33:01]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S07].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-23-2025
# Duration: 00:00:15
# OS: Windows 11 (Build 26100.4351)
# Scanned: 32097
# Detected: 41
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Ctibor\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Ctibor\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
***** [ Files ] *****
PUP.Optional.AdvancedSystemCare C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main|HomeButtonPage
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\1017d3e6-04f5-11f0-9bb3-54bf6406aff7
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
PUP.Optional.MediaGet HKCU\Software\Media Get LLC
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.DellDigitalDelivery Folder C:\Program Files (x86)\DELL DIGITAL DELIVERY
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Folder C:\Users\Ctibor\Documents\DELL\SUPPORTASSIST
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95282D62-87E2-4FA2-90AF-350D02C233A3}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95282D62-87E2-4FA2-90AF-350D02C233A3}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
AdwCleaner[S00].txt - [6318 octets] - [20/03/2025 09:33:30]
AdwCleaner[S01].txt - [6379 octets] - [21/06/2025 23:06:41]
AdwCleaner[S02].txt - [6440 octets] - [22/06/2025 12:09:10]
AdwCleaner[S03].txt - [6501 octets] - [22/06/2025 12:15:56]
AdwCleaner[S04].txt - [6562 octets] - [22/06/2025 12:20:09]
AdwCleaner[S05].txt - [6208 octets] - [22/06/2025 13:09:46]
AdwCleaner[S06].txt - [6269 octets] - [22/06/2025 13:33:01]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S07].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 119366
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
Bodejť by se něco změnilo, když jste ty soubory nesmazal. Otevřte ADW, přejděte do karantény, tu smažte s vyjímkou Preinstaled, restartujte a vyzkoušejte. Virový problém by to neměl být, jen se obávám, že vám FF rozhodil ten čínský šmejd IOBit. Možná bude třeba FF přeinstalovat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
ccc
- Vzorný návštěvník
- Příspěvky: 198
- Registrován: 10 lis 2006 06:49
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
Asi je v adwcleaneru něco špatně nastavený, po skenu mám nabídku 2 tlačítka - Storno a Následující, po Následující je předinstalovaný soft, s tlačítky Zpět a Karanténa, kliknu karanténa a dojde k restartu a po znovuspuštění je v úvodním okně Karanténa prázdná.
V nastavení je v oddílu Základní opravné akce zapnuté jen Odstravit klávesy sledování a Resetovat Winsock ostatní tu mám vypnuté, ale nijak jsem to já nenastavoval a po smazání a znovustažení to je tak stejně
V nastavení je v oddílu Základní opravné akce zapnuté jen Odstravit klávesy sledování a Resetovat Winsock ostatní tu mám vypnuté, ale nijak jsem to já nenastavoval a po smazání a znovustažení to je tak stejně
-
ccc
- Vzorný návštěvník
- Příspěvky: 198
- Registrován: 10 lis 2006 06:49
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
Možnost Clean and Repair mi to nikde nedává
-
Rudy
- Site Admin
- Příspěvky: 119366
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
V karanténě jsou 2 tlačítka: Obnovit a smazat. Vy kliknete na smazat. Pokud vám to nefunguje, stáhněte znovu a spusťte. Nic není třeba nastavovat, toto je default.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
ccc
- Vzorný návštěvník
- Příspěvky: 198
- Registrován: 10 lis 2006 06:49
- Bydliště: Pardubice
- Kontaktovat uživatele:
Re: Prosím o pomoc s odvirováním
Ano, to souhlasí, ale po restartu je oddíl Karanténa prázdný, takže není co smazat, ačkoliv v Kontrolním panelu je 41 nálezů (Adwcleaner jsem smazal a stáhnul a spustil znovu už několikrát)
- Přílohy
-
- Snímek obrazovky 2025-06-23 181720.png (99.94 KiB) Zobrazeno 594 x
Přispějete na provoz fóra?