Kontakt cizích serverů pro odesílání pošty - pouze přes wifi

[foxy]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2025
Ran by Fox (administrator) on DESKTOP-9B6JPPE (Micro-Star International Co., Ltd. GE60 2OC\2OD\2OE) (28-08-2025 11:04:58)
Running from C:\Users\Fox\Desktop\FRST64.exe
Loaded Profiles: Fox
Platform: Microsoft Windows 10 Pro Version 22H2 19045.6216 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\PNotes\PNotes.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(C:\Program Files\Elantech\ETDService.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Mozilla Corporation -> Mozilla Foundation) C:\Program Files\Mozilla Firefox\crashhelper.exe
(C:\Programy\TC UP\TCUP64.exe ->) (Ghisler Software GmbH -> Ghisler Software GmbH) C:\Programy\TC UP\TOTALCMD64.EXE
(explorer.exe ->) () [File not signed] C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vždy navrchu.exe
(explorer.exe ->) (Andrey Gruber) [File not signed] C:\PNotes\PNotes.exe
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (TC UP Team) [File not signed] C:\Programy\TC UP\TCUP64.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <38>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(svchost.exe ->) () [File not signed] C:\ProgramData\Microsoft\Windows\Tools\OfficeAI\aisvchost.exe
(svchost.exe ->) () [File not signed] C:\Windows\OneDrive\onedrivesync.exe <2>
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2532.3.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (KUCHIKU LTD -> ) C:\ProgramData\Microsoft\Windows\Tools\{181e11ad-596a-4b9c-b600-03d18e7129e4}\nnsvc.exe
(svchost.exe ->) (KUCHIKU LTD -> ) C:\ProgramData\Microsoft\Windows\Tools\{2c8cdec6-997a-44ff-9271-c0877b2f688a}\sxhost.exe
(svchost.exe ->) (KUCHIKU LTD -> ) C:\ProgramData\Microsoft\Windows\Tools\{b2cbd99e-3b5c-4c90-ae82-365bb56722cc}\desvchost.exe
(svchost.exe ->) (KUCHIKU LTD -> ) C:\ProgramData\Microsoft\Windows\Tools\{b77d01b7-e05f-445d-8363-897f3fe182d0}\sdkhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\nodejs\node.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3375056 2017-11-21] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5204968 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.10\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752208 2025-06-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7340184 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\Run: [Agent Tray] => C:\Program Files\Agent\AgentTray.exe (No File)
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\MountPoints2: {6ac952ca-939d-11ee-b0a9-240a64eab616} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\MountPoints2: {6ac95977-939d-11ee-b0a9-240a64eab616} - "F:\HTC_Sync_Manager_PC.exe"
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\135.0.7049.96\Installer\chrmstp.exe [2025-04-18] (Google LLC -> Google LLC)
Startup: C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PNotes.lnk [2024-05-27]
ShortcutTarget: PNotes.lnk -> C:\PNotes\PNotes.exe (Andrey Gruber) [File not signed]
Startup: C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCUP64.lnk [2023-08-13]
ShortcutTarget: TCUP64.lnk -> C:\Programy\TC UP\TCUP64.exe (TC UP Team) [File not signed]
Startup: C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vždy navrchu.exe [2022-07-11] () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2024-03-18]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exeavgBoot.exe /M:299e235da3 /dir:"C:\Program Files\AVG\Antivirus"
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {572ECCAD-465A-453C-891C-3B7B6857AE6E} - System32\Tasks\FreedomeTrialReset => "C:\ProgramData\F-Secure\Freedome\FreedomeTrialReset.exe" (No File)
Task: {9BD1790A-0399-4BB4-ADAD-3777F8458F94} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [81928 2025-07-12] (HP Inc. -> HP Inc.)
Task: {9C079457-CFB5-4C32-9A1C-051B9E09DFFA} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [81928 2025-07-12] (HP Inc. -> HP Inc.)
Task: {620EDBBC-13F3-46CB-9FA1-5DC10EA0E536} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2401792 2025-06-09] () [File not signed]
Task: {40365F9E-39B1-4773-8D7D-4B559A2DC8F5} - System32\Tasks\Microsoft\Office\Copilot Optimization => C:\ProgramData\Microsoft\Windows\Tools\OfficeAI\aisvchost.exe [13312 2024-11-22] () [File not signed] <==== ATTENTION
Task: {32A9D663-9E0D-4D80-86E2-2C6589C05EE5} - System32\Tasks\Microsoft\Windows\AI\Module Optimization => C:\ProgramData\Microsoft\Windows\Tools\AI\bgm.exe (No File) <==== ATTENTION
Task: {DBCFB613-D6CA-4901-BAED-E630AB0AAE3F} - System32\Tasks\Microsoft\Windows\Copilot\Copilot Update => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [455680 2024-02-14] (Microsoft Windows -> Microsoft Corporation) -> -ExecutionPolicy Bypass C:\Windows\Copilot\update.ps1 <==== ATTENTION
Task: {6271412B-8D22-4D8F-AAE7-CC1B385DAF0B} - System32\Tasks\Microsoft\Windows\Cortana\Cortana Update => "C:\ProgramData\Cortana\infatica_agent.exe" (No File) <==== ATTENTION
Task: {7BDA8E1D-7654-4359-9DC1-B02842648DB0} - System32\Tasks\Microsoft\Windows\Defrag\Defrag Engine => C:\ProgramData\Microsoft\Windows\Tools\{b2cbd99e-3b5c-4c90-ae82-365bb56722cc}\desvchost.exe [27320 2024-09-02] (KUCHIKU LTD -> ) <==== ATTENTION
Task: {DF909F1D-E9CE-4792-8147-B249DB5003BF} - System32\Tasks\Microsoft\Windows\Defrag\Fragmentation Manager => C:\ProgramData\Microsoft\Windows\Tools\{85c559a7-e331-49d6-a96a-73f1be4e7e30}\fm.exe (No File) <==== ATTENTION
Task: {0685E0C6-CCD8-49DA-B87E-A4C60C7C80B1} - System32\Tasks\Microsoft\Windows\Experimental\Experimental Host => C:\ProgramData\Microsoft\Windows\Tools\{b77d01b7-e05f-445d-8363-897f3fe182d0}\sdkhost.exe [22200 2024-09-02] (KUCHIKU LTD -> ) <==== ATTENTION
Task: {81B7F7D4-5A90-47C6-89D7-EFAD3B5EDA4C} - System32\Tasks\Microsoft\Windows\NetTrace\Net Neutrality Service => C:\ProgramData\Microsoft\Windows\Tools\{181e11ad-596a-4b9c-b600-03d18e7129e4}\nnsvc.exe [22712 2024-09-14] (KUCHIKU LTD -> ) <==== ATTENTION
Task: {3FEE9DF0-5F8D-43B3-ACC6-15C58233BA8E} - System32\Tasks\Microsoft\Windows\NetTrace\RefreshNetworkInfo => "%PROGRAMDATA%\NetTrace\1.0.0\refreshNetworkInfo.cmd" ->
Task: {4F2D2FA6-C4AB-4C8D-B0EE-F57B786038A1} - System32\Tasks\Microsoft\Windows\OneDrive\OndeDrive Sync => C:\Windows\OneDrive\onedrivesync.exe [1370624 2024-06-05] () [File not signed]
Task: {F23FAFB3-E33E-456B-86B6-7F3026683A95} - System32\Tasks\Microsoft\Windows\OneDrive\OneDrive Sync => C:\Program Files\nodejs\node.exe [69763224 2024-07-08] (OpenJS Foundation -> Node.js) -> C:\Windows\OneDrive\onedrivesync.js <==== ATTENTION
Task: {E7A9449E-A008-4B5B-A662-EF32F8D8832A} - System32\Tasks\Microsoft\Windows\Remote Assistant Host => C:\ProgramData\Microsoft\Windows\Tools\{3a40afdb-daa7-4812-8494-a3e3075ff2c9}\rasvc.exe (No File) <==== ATTENTION
Task: {A929B2D1-1CAF-483E-B8CA-C13E1D28A9DE} - System32\Tasks\Microsoft\Windows\SyncCenter\SyncX SDK => C:\ProgramData\Microsoft\Windows\Tools\{2c8cdec6-997a-44ff-9271-c0877b2f688a}\sxhost.exe [24248 2024-09-14] (KUCHIKU LTD -> ) <==== ATTENTION
Task: {395BC569-0C86-4942-ABFA-E907F309AA82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe [1778240 2025-08-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4BEABC91-B631-4EDD-B0E4-7E78F8317E09} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe [1778240 2025-08-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7198CC3B-38D6-4FFA-A406-CEBF9DCE01A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe [1778240 2025-08-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5AD653F5-6AD8-404F-8CFA-EE1F3A39BFF3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe [1778240 2025-08-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3EDFEEEA-5162-4167-A009-519E1F401E8A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34944 2025-08-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {6C8B5DEE-0751-4A37-AA15-C32520064A58} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [File not signed]
Task: {DAD084A8-919E-483C-B8B9-330B894764E2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5363552 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {0C248473-61A1-4F13-B4EB-F412810C5250} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5629064 2021-11-23] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {0254D4D7-2265-41C4-9767-C5640EE9216F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6093928 2021-12-20] (Safer-Networking Limited -> Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{59a1b74a-d259-44a0-921f-b6d1b99a0986}: [NameServer] 10.77.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\1427368656270214855353020527F6: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\1427368656270214855353020527F6F564F485: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\1427368656270214855353020527F6F564F485F5548747: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\4505D2C494E4B4F513147343F564F485: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\4505D2C494E4B4F513147343F564F485F5548545: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\4505D2C494E4B4F513147343F564F485F5548747: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\4505D2C494E4B4F513147343F564F485F5548747: [DhcpDomain] WiFi-Repeater
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\4505D2C496E6B6F543831334: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\4505D2C496E6B6F543831334F564F485: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\75966496D22556075616475627: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\75966496D22556075616475627: [DhcpDomain] WiFi-Repeater
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\8445340205F627471626C6560284F6473707F6470293336444: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\Fox\AppData\Local\Microsoft\Edge\User Data\Default [2025-08-20]
Edge Session Restore: Default -> is enabled.
Edge Extension: (Dokumenty Google offline) - C:\Users\Fox\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-05-07]
Edge Extension: (Edge relevant text changes) - C:\Users\Fox\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-26]
Edge HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2024-10-15]

FireFox:
========
FF DefaultProfile: xyo9xd4z.default
FF ProfilePath: C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xfi1p5h2.Muj [2025-08-28]
FF ProfilePath: C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xyo9xd4z.default [2025-08-28]
FF ProfilePath: C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441 [2025-08-28]
FF DownloadDir: C:\Users\fox\Desktop
FF Homepage: Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441 -> hxxps://www.google.cz
FF NewTab: Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10429__180226__yaff
FF NetworkProxy: Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441 -> backup.ftp", "82.208.6.168"
FF Session Restore: Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441 -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441 -> hxxps://web.whatsapp.com; hxxps://web.telegram.org; hxxps://www.tipli.cz; hxxps://www.pilsfree.cloud; hxxps://mail.proton.me
FF Extension: (Tipli do prohlížeče) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\@tipli-do-prohlizece-.xpi [2021-08-09]
FF Extension: (Firefox DevTools ADB Extension) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\adb@mozilla.org.xpi [2024-04-23] [UpdateUrl:hxxps://ftp.mozilla.org/pub/labs/devtools/adb-extension/win32/update.json]
FF Extension: (Brief) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\brief@mozdev.org.xpi [2025-06-23]
FF Extension: (anonymoX) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\client@anonymox.net.xpi [2025-05-23]
FF Extension: (File Converter - By Online-Convert.com) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\firefox@online-convert.com.xpi [2023-05-14]
FF Extension: (Firefox Color) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\FirefoxColor@mozilla.com.xpi [2021-06-02]
FF Extension: (SaveFrom.net helper) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\helper@savefrom.net.xpi [2025-08-05]
FF Extension: (Privacy Badger) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2025-06-06]
FF Extension: (KProxy Extension) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\jid1-XgC5trUcILmXBw@jetpack.xpi [2022-09-02]
FF Extension: (Klient aplikace Hesla pro Nextcloud) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\ncpasswords@mdns.eu.xpi [2025-04-20]
FF Extension: (Open Tabs Next to Current) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\opentabsnexttocurrent@sblask.xpi [2022-07-27]
FF Extension: (Page Hacker) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\pagehacker-nico@nc.xpi [2024-05-09]
FF Extension: (Firefox Relay) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\private-relay@firefox.com.xpi [2023-12-09]
FF Extension: (Tab Session Manager) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\Tab-Session-Manager@sienori.xpi [2025-04-07]
FF Extension: (Tree Style Tab) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2025-07-15]
FF Extension: (uBlock Origin) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\uBlock0@raymondhill.net.xpi [2025-07-16]
FF Extension: (Alitools - nákupní asistent) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{019f5290-6afb-4863-bc31-87cc0b6adb25}.xpi [2025-07-12]
FF Extension: (Classic Blue) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{065a1db8-6bba-4e1e-bcdc-d3dd53b68828}.xpi [2023-05-05]
FF Extension: (Microsoft Office - Dark Gray) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{1c41d9fb-f904-4d38-850f-074312f06e64}.xpi [2021-06-02]
FF Extension: (Startpage — Private Search Engine) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2025-01-18]
FF Extension: (Open in VLC™ media player) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{6b954d17-d17c-4a19-8fe6-ee8052a562d6}.xpi [2025-04-23]
FF Extension: (10 Minutes Email - 10 min disposable email) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{82e0b600-2a0b-47d0-8b83-28fd982e451d}.xpi [2023-02-12]
FF Extension: (Y2mate.com - YouTube Converter & Downloader) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{8f4bbf79-5514-4d04-a901-d5fabfe91d73}.xpi [2023-12-19]
FF Extension: (DarkTheme) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{99c277af-d778-4a0b-9faa-b1d8165f0a55}.xpi [2021-09-17]
FF Extension: (ImTranslator: Překladač, Slovník, Hlas) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2025-08-20]
FF Extension: (Matte Black (Red)) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{a7589411-c5f6-41cf-8bdc-f66527d9d930}.xpi [2022-02-24]
FF Extension: (Foxified) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{b1da6234-8e0a-4001-87ff-e5fd0613de04}.xpi [2024-04-06] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Dracula Dark Theme) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{b743f56d-1cc1-4048-8ba6-f9c2ab7aa54d}.xpi [2024-12-22]
FF Extension: (Video DownloadHelper) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2025-06-04]
FF Extension: (Aliexpress SuperStar česky, Historie cen) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{ee0c7fbe-ee67-40b9-a6b5-21ec240ca8ae}.xpi [2023-11-05]
FF Extension: (YouTube Flash Video Player) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2024-04-26]
FF HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Fox\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Fox\AppData\Roaming\IDM\idmmzcc5 [2022-06-16] [Legacy] [not signed]
FF HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy]
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-04-20] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-04-20] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-04-20] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-04-20] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-04-20] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.461.0 -> C:\Program Files (x86)\Java\jre1.8.0_461\bin\dtplugin\npDeployJava1.dll [2025-06-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.461.0 -> C:\Program Files (x86)\Java\jre1.8.0_461\bin\plugin2\npjp2.dll [2025-06-27] (Oracle America, Inc. -> Oracle Corporation)

Chrome:
=======
CHR Profile: C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default [2025-08-28]
CHR Session Restore: Default -> is enabled.
CHR Extension: (3DTin) - C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi [2023-03-09]
CHR Extension: (video downloader - CocoCut) - C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhbcipncbkfpkaianbjbcbmfehjflpf [2025-08-07]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2025-08-24]
CHR Extension: (Open in VLC™ media player) - C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpiinojhnfhpdmmacgmpoonphhimkaj [2025-02-09]
CHR Extension: (Video Downloader HD) - C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcbiamenoghegpghidohnfegcepamdm [2025-02-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-07-27]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-10-15]
CHR HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-10-15]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-10-15]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2361576 2022-04-20] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243720 2025-07-12] (HP Inc. -> HP Inc.)
S3 LibreOfficeMaintenance; C:\Program Files\LibreOffice\program\update_service.exe [123304 2025-08-13] (The Document Foundation -> The Document Foundation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpDefenderCoreService.exe [2050952 2025-08-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v4.2.1\ProtonVPNService.exe [464624 2025-07-16] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v4.2.1\ProtonVPN.WireGuardService.exe [464112 2025-07-16] (Proton AG -> ProtonVPN)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2782080 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4605312 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [918456 2025-08-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\NisSrv.exe [4517784 2025-08-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MsMpEng.exe [282464 2025-08-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Agent; "C:\Program Files\Agent\Agent.exe" [X]
S2 CyberGhost8Service; "C:\Program Files\CyberGhost 8\Dashboard.Service.exe" [X]
S2 Freedome Service; "C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\fsvpnservice.exe" [X]
S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S2 JANA timezone 2.12.41; C:\ProgramData\JANA timezone 2.12.41\JANA timezone 2.12.41.exe [X] <==== ATTENTION

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [74872 2023-03-01] (Microsoft Windows Hardware Compatibility Publisher -> wch.cn)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [34368 2018-01-16] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [30280 2018-07-19] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R3 fsfreedomewintun; C:\Windows\System32\drivers\fsfreedomewintun.sys [31248 2024-03-27] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)
U5 htcnprot; C:\Windows\System32\Drivers\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (Sqa.com(Test) -> QUALCOMM Incorporated)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2024-12-13] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [173736 2023-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Tonec Inc.)
R1 ISODrive; C:\Programy\Vypalování-kopírování\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [332184 2025-08-27] (Microsoft Windows -> Microsoft Corporation)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52832 2023-03-09] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-23] (Logitech Inc -> Logitech)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [79424 2024-08-28] (Nmap Software LLC -> Insecure.Com LLC.)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v4.2.1\Resources\ProtonVPN.CalloutDriver.sys [40360 2025-02-10] (Proton AG -> Proton AG)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2021-03-26] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2021-03-26] (MiniTool Solution Ltd -> )
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\Windows\System32\drivers\tapprotonvpn.sys [49024 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 UniFairy_x64; C:\Windows\system32\drivers\UniFairy_x64.sys [7445944 2024-09-14] (Tencent Technology(Shenzhen) Company Limited -> )
S3 unirsdt; C:\Windows\system32\drivers\unirsdt.sys [4974960 2024-09-14] (Tencent Technology(Shenzhen) Company Limited -> )
S1 VD_FileDisk; C:\Windows\SysWow64\Drivers\VD_FileDisk.sys [24680 2011-01-26] (Ghisler Software GmbH -> CaptainFlint Software)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20888 2025-08-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [627120 2025-08-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [101792 2025-08-27] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\Windows\System32\drivers\wintun.sys [29592 2023-05-21] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2022-06-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 HWiNFO_204; \??\C:\Users\Fox\AppData\Local\Temp\HWiNFO_x64_204.sys [X] <==== ATTENTION
U4 npcap_wifi; no ImagePath
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-08-28 11:04 - 2025-08-28 11:05 - 000037636 ____C C:\Users\Fox\Desktop\FRST.txt
2025-08-28 11:04 - 2025-08-28 11:05 - 000000000 ___DC C:\FRST
2025-08-28 11:02 - 2025-08-28 11:02 - 002409472 ____C (Farbar) C:\Users\Fox\Desktop\FRST64.exe
2025-08-28 10:35 - 2025-08-28 10:35 - 002844576 ____C (Malwarebytes) C:\Users\Fox\Desktop\MBSetup.exe
2025-08-28 09:07 - 2025-08-27 17:03 - 000454708 ___RC C:\Windows\system32\Drivers\etc\hosts.20250828-090706.backup
2025-08-28 08:55 - 2025-08-28 08:55 - 000000000 ___DC C:\Windows\system32\Tasks\Mozilla
2025-08-28 08:48 - 2025-08-28 08:55 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2025-08-27 17:03 - 2025-08-27 12:32 - 000454708 ___RC C:\Windows\system32\Drivers\etc\hosts.20250827-170329.backup
2025-08-27 14:15 - 2025-08-27 14:15 - 000000260 ____C C:\Users\Fox\Desktop\vir.txt
2025-08-27 12:32 - 2025-03-19 12:21 - 000454708 ___RC C:\Windows\system32\Drivers\etc\hosts.20250827-123208.backup
2025-08-27 11:08 - 2025-08-27 11:08 - 000064703 ____C C:\Users\Fox\Desktop\[SkT]Vedatorka_Ada_Twistova___Ada_Twist,_Scientist_(CZ_EN)(S01-S03)(2021-2022)(1080p)(Web-DL).torrent
2025-08-27 10:30 - 2025-08-27 10:30 - 000001265 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\icecream screen recorder 7.lnk
2025-08-25 11:35 - 2025-08-25 11:35 - 000634962 ____C C:\Users\Fox\Desktop\instalace_sftp.pdf
2025-08-24 01:17 - 2025-08-24 01:17 - 000000240 ____C C:\Users\Fox\Desktop\baroni.txt
2025-08-23 23:16 - 2025-08-23 23:16 - 056752408 ____C C:\Users\Fox\Desktop\Velký vlastenecký výlet.mp4
2025-08-23 19:10 - 2025-08-23 19:10 - 000000000 ___DC C:\Windows\LastGood.Tmp
2025-08-21 17:05 - 2025-08-21 17:10 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\Wireshark
2025-08-21 17:05 - 2025-08-21 17:05 - 000001874 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2025-08-21 17:05 - 2025-08-21 17:05 - 000001862 ____C C:\Users\Public\Desktop\Wireshark.lnk
2025-08-21 17:04 - 2025-08-21 17:04 - 000003460 ____C C:\Windows\system32\Tasks\npcapwatchdog
2025-08-21 17:04 - 2025-08-21 17:04 - 000000000 ___DC C:\Windows\SysWOW64\Npcap
2025-08-21 17:04 - 2025-08-21 17:04 - 000000000 ___DC C:\Windows\system32\Npcap
2025-08-21 17:04 - 2025-08-21 17:04 - 000000000 ___DC C:\Program Files\Npcap
2025-08-21 17:03 - 2025-08-21 17:05 - 000000000 ___DC C:\Program Files\Wireshark
2025-08-21 13:45 - 2025-08-21 13:45 - 005388120 ____C C:\Users\Fox\Desktop\V zajetí démonů - CZ Dab (2013).avi
2025-08-20 18:06 - 2025-08-20 18:06 - 000000838 _RSHC C:\ProgramData\ntuser.pol
2025-08-20 09:52 - 2025-08-22 10:54 - 000000000 ___DC C:\Users\Fox\Desktop\ventoy-1.1.07
2025-08-20 09:40 - 2025-08-20 09:49 - 323461120 ____C C:\Users\Fox\Desktop\Nobara-42-Official-2025-05-13.iso
2025-08-20 09:38 - 2025-08-20 09:38 - 016702267 ____C C:\Users\Fox\Desktop\ventoy-1.1.07-windows.zip
2025-08-19 14:28 - 2025-08-19 14:31 - 000016713 ____C C:\Users\Fox\Desktop\Music CZ.txt
2025-08-19 14:19 - 2025-08-19 15:44 - 000048717 ____C C:\Users\Fox\Desktop\Music.txt
2025-08-19 13:08 - 2025-08-19 13:08 - 000055296 ____C C:\Users\Fox\Desktop\Papas Best STL Thumbnails.msi
2025-08-19 12:23 - 2025-08-19 12:25 - 000001520 ____C C:\Users\Fox\Desktop\# Downloads_Plocha.lnk
2025-08-13 00:49 - 2025-08-13 00:49 - 000023734 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-08-13 00:49 - 2025-08-13 00:49 - 000023734 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2025-08-12 15:27 - 2025-08-19 21:28 - 000000000 ___DC C:\Users\Fox\.cr3
2025-08-06 00:41 - 2025-08-06 00:41 - 000001816 ____C C:\Users\Fox\Desktop\led-zeppelin-discography_202401_archive.torrent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-08-28 10:55 - 2019-12-07 11:14 - 000000000 __HDC C:\Windows\ELAMBKUP
2025-08-28 10:55 - 2019-12-07 11:13 - 000000000 ___DC C:\Windows\INF
2025-08-28 10:51 - 2025-03-20 23:02 - 000000000 ___DC C:\ADB_AppControl
2025-08-28 10:51 - 2024-07-12 16:50 - 000000000 ___DC C:\ProgramData\Cortana
2025-08-28 10:26 - 2022-06-14 12:53 - 000000000 ___DC C:\Windows\SystemTemp
2025-08-28 10:15 - 2022-06-14 13:19 - 000000000 ___DC C:\Users\Fox\AppData\Local\ClassicShell
2025-08-28 10:12 - 2019-12-07 11:14 - 000000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2025-08-28 09:06 - 2022-06-14 14:28 - 000000000 ___DC C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-08-28 08:55 - 2022-07-27 19:53 - 000001073 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-08-28 08:55 - 2022-06-14 13:16 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2025-08-28 08:47 - 2022-06-14 12:30 - 001693712 ____C C:\Windows\system32\PerfStringBackup.INI
2025-08-28 08:47 - 2019-12-07 16:43 - 000718160 ____C C:\Windows\system32\perfh005.dat
2025-08-28 08:47 - 2019-12-07 16:43 - 000145302 ____C C:\Windows\system32\perfc005.dat
2025-08-28 08:40 - 2022-06-14 13:19 - 000000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2025-08-28 08:40 - 2022-06-14 12:30 - 000000000 _SHDC C:\Users\Fox\IntelGraphicsProfiles
2025-08-28 08:40 - 2022-06-14 12:30 - 000000000 ___DC C:\ProgramData\NVIDIA
2025-08-28 08:40 - 2022-06-14 12:28 - 000000180 ____C C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2025-08-28 08:40 - 2019-12-07 11:15 - 000008192 ___SH C:\DumpStack.log.tmp
2025-08-28 08:40 - 2019-12-07 11:15 - 000000006 ___HC C:\Windows\Tasks\SA.DAT
2025-08-28 01:22 - 2019-12-07 11:03 - 000786432 _____ C:\Windows\system32\config\BBI
2025-08-28 01:07 - 2022-06-14 17:03 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\vlc
2025-08-27 22:05 - 2019-12-07 11:15 - 000000000 ___DC C:\Windows\system32\SleepStudy
2025-08-27 16:59 - 2019-12-07 11:15 - 000000000 ___DC C:\Windows\system32\Drivers\wd
2025-08-27 14:27 - 2022-06-14 17:43 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\Telegram Desktop
2025-08-27 13:10 - 2024-11-02 12:33 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\Kodi
2025-08-27 12:18 - 2022-06-16 16:56 - 000000000 ___DC C:\Users\Fox\AppData\Local\Webshare
2025-08-27 10:30 - 2023-09-09 17:06 - 000000000 ___DC C:\Program Files (x86)\Icecream Screen Recorder 7
2025-08-27 08:51 - 2023-08-17 19:58 - 000001321 ____C C:\Users\Fox\Desktop\ESET Online Scanner.lnk
2025-08-27 08:51 - 2023-03-24 17:24 - 000001427 ____C C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-08-27 08:38 - 2019-12-07 11:14 - 000000000 ___DC C:\Windows\AppReadiness
2025-08-27 08:32 - 2022-06-14 12:30 - 000000000 ___DC C:\Users\Fox\AppData\Local\Packages
2025-08-27 08:32 - 2019-12-07 11:15 - 000002499 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-08-27 08:32 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-08-26 09:41 - 2022-09-02 13:18 - 000000527 ____C C:\Users\Fox\.vivaldi_reporting_data
2025-08-26 08:14 - 2022-06-14 12:30 - 000000000 __SDC C:\Users\Fox\AppData\Roaming\Microsoft\Credentials
2025-08-25 15:23 - 2022-09-15 17:06 - 000000000 ___DC C:\Users\Fox\AppData\Local\CrashDumps
2025-08-25 13:37 - 2019-12-07 11:14 - 000000000 ___DC C:\Windows\system32\NDF
2025-08-25 13:01 - 2023-07-22 11:06 - 000000000 ___DC C:\Users\Fox\Knihovna Calibre My
2025-08-25 13:01 - 2023-05-14 17:18 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\calibre
2025-08-23 20:26 - 2024-06-17 11:06 - 000000000 ___DC C:\Users\Fox\Downloads\Telegram Desktop
2025-08-23 19:10 - 2019-12-07 11:14 - 000000150 ____C C:\Windows\win.ini
2025-08-22 12:16 - 2022-06-14 17:39 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\XnView
2025-08-22 10:56 - 2024-11-26 17:16 - 000000000 ___DC C:\Windows\system32\log
2025-08-21 23:39 - 2022-06-16 14:51 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\DMCache
2025-08-19 21:32 - 2025-01-03 17:55 - 000000000 ___DC C:\Users\Fox\Desktop\.tmp
2025-08-19 21:32 - 2025-01-03 17:55 - 000000000 ___DC C:\Users\Fox\Desktop\.thumb
2025-08-19 21:31 - 2025-05-18 17:52 - 000000000 ___DC C:\Users\Fox\Desktop\111111
2025-08-18 12:28 - 2025-03-16 21:38 - 000001878 ____C C:\Users\Fox\Desktop\Webshare klient.lnk
2025-08-15 12:03 - 2022-07-30 12:54 - 000000000 ___DC C:\Users\Fox\AppData\Local\ElevatedDiagnostics
2025-08-13 22:56 - 2024-03-06 18:32 - 000000000 ___DC C:\Program Files\LibreOffice
2025-08-13 10:02 - 2024-09-15 23:05 - 000003300 _____ C:\Windows\system32\Tasks\klcp_update
2025-08-13 10:02 - 2024-09-15 23:05 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2025-08-13 10:02 - 2024-09-15 23:04 - 000000000 ___DC C:\Program Files (x86)\K-Lite Codec Pack
2025-08-13 07:44 - 2022-06-14 12:41 - 000000000 ___DC C:\Windows\system32\MRT
2025-08-13 07:40 - 2022-06-14 12:41 - 223939376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-08-13 07:17 - 2019-12-07 11:15 - 000464392 ____C C:\Windows\system32\FNTCACHE.DAT
2025-08-13 01:33 - 2024-07-10 23:25 - 000000000 ___DC C:\Windows\system32\compatrel
2025-08-13 01:33 - 2019-12-07 16:47 - 000000000 ___DC C:\Program Files\Windows Defender Advanced Threat Protection
2025-08-13 01:33 - 2019-12-07 11:14 - 000000000 __RDC C:\Windows\ImmersiveControlPanel
2025-08-13 01:33 - 2019-12-07 11:14 - 000000000 ___DC C:\Windows\system32\oobe
2025-08-13 01:33 - 2019-12-07 11:14 - 000000000 ___DC C:\Windows\system32\migwiz
2025-08-13 01:33 - 2019-12-07 11:14 - 000000000 ___DC C:\Windows\system32\appraiser
2025-08-13 01:33 - 2019-12-07 11:14 - 000000000 ___DC C:\Windows\bcastdvr
2025-08-13 01:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2025-08-13 00:52 - 2019-12-07 11:03 - 000000000 ___DC C:\Windows\CbsTemp
2025-08-13 00:49 - 2022-06-14 12:26 - 003016192 ____C (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-08-12 16:00 - 2023-05-14 17:18 - 000000000 ___DC C:\Users\Fox\AppData\Local\calibre-cache
2025-08-12 15:44 - 2025-03-17 14:29 - 000001154 ____C C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2025-08-12 15:44 - 2025-03-17 14:29 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2025-08-12 15:44 - 2023-07-22 11:06 - 000000000 ___DC C:\Program Files\Calibre2
2025-08-12 15:27 - 2022-06-14 12:28 - 000000000 ___DC C:\Users\Fox
2025-08-02 13:26 - 2019-12-07 11:15 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-08-02 13:26 - 2019-12-07 11:15 - 000003514 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-07-31 21:03 - 2024-03-11 15:45 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton

==================== Files in the root of some directories ========

2024-05-27 14:51 - 2024-05-27 14:51 - 000000008 ___HC () C:\ProgramData\jit_41.dat
2024-05-27 14:52 - 2024-05-29 10:35 - 000000004 ___HC () C:\ProgramData\jrc_41.dat
2024-05-27 14:51 - 2024-05-27 14:51 - 000000128 ___HC () C:\ProgramData\jres-a.dat
2024-05-27 14:51 - 2024-05-27 14:51 - 000000128 ___HC () C:\ProgramData\jres-b.dat
2024-07-17 12:22 - 2024-07-17 12:22 - 000000068 ____C () C:\Users\Fox\AppData\Roaming\settings.conf
2024-10-22 21:52 - 2024-10-22 21:52 - 000000128 ____C () C:\Users\Fox\AppData\Local\PUTTY.RND
2024-04-28 17:14 - 2024-04-28 17:14 - 000001455 ____C () C:\Users\Fox\AppData\Local\recently-used.xbel
2022-06-19 17:30 - 2025-04-28 23:26 - 000007649 ____C () C:\Users\Fox\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2025
Ran by Fox (28-08-2025 11:07:02)
Running from C:\Users\Fox\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.6216 (X64) (2022-06-14 10:25:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1220654465-1674008627-1598820287-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1220654465-1674008627-1598820287-503 - Limited - Disabled)
Fox (S-1-5-21-1220654465-1674008627-1598820287-1001 - Administrator - Enabled) => C:\Users\Fox
Guest (S-1-5-21-1220654465-1674008627-1598820287-501 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1220654465-1674008627-1598820287-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov)
Active@ File Recovery 22 (HKLM\...\{177608F6-F029-4301-B176-15BA7C605B73}_is1) (Version: 22 - LSoft Technologies Inc)
ADB AppControl version 1.8.6 (HKLM-x32\...\{64A8B963-4FB2-49B5-B2B1-35A333497319}_is1) (Version: 1.8.6 - Cyber.Cat)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Any Video Converter Ultimate 7.1.6 (HKLM-x32\...\Any Video Converter_is1) (Version: 7.1.6 - lrepacks.net)
AnyMP4 Video Editor 1.0.32 (HKLM-x32\...\{D2650AAA-B8FF-43F5-A3E9-26141B69045E}_is1) (Version: 1.0.32 - AnyMP4 Studio)
Apple Mobile Device Support (HKLM\...\{C788AE25-3D4E-4D18-811B-3219F778487E}) (Version: 13.5.1.2 - Apple Inc.)
Ashampoo Burning Studio FREE (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.23.4 - Ashampoo GmbH & Co. KG)
Audacity 3.7.0 (HKLM\...\Audacity_is1) (Version: 3.7.0 - Audacity Team)
AutoHotkey 1.1.34.03 (HKLM\...\AutoHotkey) (Version: 1.1.34.03 - Lexikos)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Balíček ovladače systému Windows - Adafruit Industries LLC (usbser) Ports (02/25/2016 6.2.2600.0) (HKLM\...\1245A5961AC9D2C18ADF9EEC931D77E059B7F74E) (Version: 02/25/2016 6.2.2600.0 - Adafruit Industries LLC)
Balíček ovladače systému Windows - Arduino LLC (www.arduino.cc) Arduino USB Driver (11/24/2015 1.2.3.0) (HKLM\...\8B585560B248755A6C5A24D5C0F50FA998310883) (Version: 11/24/2015 1.2.3.0 - Arduino LLC (www.arduino.cc))
Balíček ovladače systému Windows - Arduino LLC (www.arduino.cc) Genuino USB Driver (01/07/2016 1.0.3.0) (HKLM\...\EC414D98E2986DCA1628FAED2163CD1C9A4ED7EC) (Version: 01/07/2016 1.0.3.0 - Arduino LLC (www.arduino.cc))
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Balíček ovladače systému Windows - libusb-win32 (libusb0) libusb-win32 devices (04/21/2015 1.0.0.0) (HKLM\...\28E91B69CA377EB48D6E1B92C37F897036E8A818) (Version: 04/21/2015 1.0.0.0 - libusb-win32)
Balíček ovladače systému Windows - Prusa Research s.r.o. Original Prusa CW1 (02/13/2013 1.0.0.0) (HKLM\...\B10CCB939D59F72AA817B257D84328FC4A1DC752) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Balíček ovladače systému Windows - Prusa Research s.r.o. Original Prusa i3 MK2 (02/13/2013 1.0.0.0) (HKLM\...\E6CFEF5357DD0E2F987E98779FD6603959DA391B) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Balíček ovladače systému Windows - Prusa Research s.r.o. Original Prusa i3 MK3 Multi Material 2.0 upgrade (02/13/2013 1.0.0.0) (HKLM\...\FA562E43945E7D9CAC76A811E49088FF2255A11A) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Balíček ovladače systému Windows - Prusa Research s.r.o. Prusa i3 Plus MK3 3D printer (02/13/2013 1.0.0.0) (HKLM\...\890B56493F7CACBCA0E70EA8EBFD9A18BC780C34) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Balíček ovladače systému Windows - UltiMachine 3D Printer (RAMBo) (02/13/2013 1.0.0.0) (HKLM\...\D77EC126405DC217C7BF7DA6669B51E297D5CF23) (Version: 02/13/2013 1.0.0.0 - UltiMachine)
calibre 64bit (HKLM\...\{40304D89-3875-4F64-8826-5AFCFBF15A9E}) (Version: 8.8.0 - Kovid Goyal)
CesarFTP 0.99g (HKLM-x32\...\CesarFTP 0.99g_is1) (Version: - Alexandre Cesari)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
com.geonode.repocket_package (HKU\.DEFAULT\...\com.geonode.repocket_package) (Version: 1.5.3 - com.geonode.repocket_package)
Creality Slicer 4.8.2 (HKLM-x32\...\Creality Slicer 4.8.2) (Version: 4.8.2 - Creality Company)
CyberGhost TUN (HKLM\...\{677232D6-72D6-4821-8CB5-47969B15D4DF}) (Version: 1.0 - CyberGhost S.R.L.) Hidden
DownloadHelper CoApp (HKLM-x32\...\DownloadHelper CoApp) (Version: 2.0.19.0 - ACLAP)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS Data Recovery Wizard)
EaseUS Partition Master 12.10 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS)
ELAN Touchpad 15.13.9.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.9.1 - ELAN Microelectronic Corp.)
Eye Cloud 1.3.3.28 (HKLM-x32\...\{DE24BB52-3A46-4ED1-8E57-41E724F6BC74}_is1) (Version: - *)
FORM studio 2009 (HKLM-x32\...\FS6_is1) (Version: - KASTNER software s.r.o.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 11.2.2.53575 - Foxit Software Inc.)
FreeCAD 0.19.4 (HKLM\...\FreeCAD0194) (Version: 0.19.4 - FreeCAD Team)
Freemake Video Converter 4.1.13.153 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.13.153 - LR)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 135.0.7049.96 - Google LLC)
HD Video Converter Factory Pro 26.2 (HKLM-x32\...\HD Video Converter Factory Pro) (Version: 26.2 - WonderFox Soft, Inc.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{276C40A7-8110-4976-80D2-39C669B84D32}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
Icecream Screen Recorder verze 7.21 (HKLM-x32\...\{CE9603D0-2A7F-4B94-BF4D-BC4B1389888F}_is1) (Version: 7.21 - Icecream Apps)
Inkscape (HKLM\...\{2AB0D298-5B41-4C70-BB32-46F153F7A1BF}) (Version: 1.3.2 - Inkscape)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.42.23 - Tonec Inc.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 461 (HKLM-x32\...\{71124AE4-039E-4CA4-87B4-2F32180461F0}) (Version: 8.0.4610.11 - Oracle Corporation)
K-Lite Codec Pack 19.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 19.1.5 - KLCP)
Kodi (HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\Kodi) (Version: 21.1.0.0 - XBMC Foundation)
LibreOffice 24.8.3.2 (HKLM\...\{D69038CE-B543-4B8A-931D-6D2078D94AE9}) (Version: 24.8.3.2 - The Document Foundation)
MainConcept MJPEG Codec Demo (HKLM-x32\...\InstallShield_{805A7890-3138-44E4-8DAA-480C55516989}) (Version: 3.02.0004.0000 - MainConcept AG)
MainConcept MJPG software codec (Remove Only) (HKLM-x32\...\MCMJPG) (Version: - )
Meshmixer (HKLM\...\Meshmixer_x64) (Version: 10.9.246 - Autodesk, Inc.)
Microsoft .NET Host - 6.0.13 (x64) (HKLM\...\{9511601E-12FF-4972-BF9C-2992F2CA5A32}) (Version: 48.55.52137 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.13 (x64) (HKLM\...\{8CDACE3C-0064-4A17-A02C-49F831D5F73A}) (Version: 48.55.52137 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.13 (x64) (HKLM\...\{5F0DB006-2AE3-4D36-8077-65247FD687D4}) (Version: 48.55.52137 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.13 - Shared Framework (x64) (HKLM-x32\...\{373915e3-2fa6-41a5-80e3-49fe1115263d}) (Version: 6.0.13.22580 - Microsoft Corporation)
Microsoft ASP.NET Core 6.0.13 Shared Framework (x64) (HKLM\...\{A6500837-F3BE-357E-9A21-6A78D098659F}) (Version: 6.0.13.22580 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 139.0.3405.119 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 139.0.3405.119 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34438 (HKLM-x32\...\{b49c10dd-4d54-45f8-ad13-fa25704456a4}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34438 (HKLM\...\{E528AD94-12D7-42C4-91A3-908BE28E9BD2}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34438 (HKLM\...\{2E15F519-4FDA-4834-B4EE-7EFCE7D8D4EE}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.13 (x64) (HKLM\...\{8484730A-68A4-4C63-93B4-52628D3B488D}) (Version: 48.55.53270 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.13 (x64) (HKLM-x32\...\{96cf40b0-81d6-43ed-ad0e-611e67899196}) (Version: 6.0.13.32001 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 142.0.1 (x64 cs)) (Version: 142.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 103.0 - Mozilla)
Mozilla Thunderbird (x64 cs) (HKLM\...\Mozilla Thunderbird 128.11.0 (x64 cs)) (Version: 128.11.0 - Mozilla)
Node.js (HKLM\...\{FF820EDB-79A3-49B1-AFA0-7E2CD4090AA1}) (Version: 18.20.4 - Node.js Foundation) Hidden
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.80 - Nmap Project)
NVIDIA Ovladače grafiky 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
OpenSCAD (remove only) (HKLM\...\OpenSCAD) (Version: 2021.01 - The OpenSCAD Developers)
OrcaSlicer (HKLM-x32\...\OrcaSlicer) (Version: 2.0.0 - SoftFever)
Papa’s Best STL Thumbnails (HKLM\...\{FA081A17-A255-493A-BA50-386E7F25C11A}) (Version: 23.12.9 - Papa’s Best)
PNotes 9.3.0 (HKLM-x32\...\{949D34E5-F53F-4830-9A50-1E2C39109043}_is1) (Version: 9.3.0 - Andrey Gruber)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{11C4575B-4B32-44D2-A097-D59A00BA60DE}) (Version: 8.5 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{D39B163A-9E12-442C-95E9-33FA5746AB21}) (Version: 8.5 - Apple Inc.)
Proton VPN (HKLM\...\Proton VPN_is1) (Version: 4.2.1 - Proton AG)
PrusaSlicer (HKLM\...\PrusaSlicer_is1) (Version: 2.9.2 - Prusa Research s.r.o.)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.4 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.102 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 5.3.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.3.2 - VS Revo Group, Ltd.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Speedtest by Ookla (HKLM\...\{49DC746F-BFC1-41CC-B5B1-AE3721829A3A}) (Version: 1.13.194.001 - Ookla)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.82.0 - Safer-Networking Ltd.)
SysCute WinBootMate (HKLM-x32\...\SysCute WinBootMate_is1) (Version: 4.2.6 - SysCute WinBootMate)
TagScanner (64bit) (HKLM\...\TagScanner_is1) (Version: 6.1.17 - Sergey Serkov)
TagScanner 6.1.15 (32bit) (HKLM-x32\...\TagScanner 6.1.15 (32bit)_is1) (Version: 6.1.15 - Sergey Serkov)
Telegram Desktop (HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 6.0.2 - Telegram FZ-LLC)
Total Commander Ultima Prime 8.9 (HKLM-x32\...\TC UP) (Version: 8.9.2024.1 - TC UP Team)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UltiMaker Cura (HKLM\...\{E2B07A1D-D4DA-440F-8E0C-EB6B14924F0D}) (Version: 5.10.1 - UltiMaker)
UltraISO Premium V9.71 (HKLM-x32\...\UltraISO_is1) (Version: - )
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)
VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VidJuice UniTube version 6.9.9 (HKLM\...\VidJuice UniTube_is1) (Version: 6.9.9 - Mobee Technology Co., Limited)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
VSDC Free Video Converter version 2.4.7.339 (HKLM-x32\...\VSDC Free Video Converter_is1) (Version: 2.4.7.339 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Webshare klient (HKLM-x32\...\Webshare klient) (Version: - )
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
WinRAR 6.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)
Wireshark 4.4.8 x64 (HKLM-x32\...\Wireshark) (Version: 4.4.8 - The Wireshark developer community, hxxps://www.wireshark.org)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2025-04-20] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2025-05-31] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_160.1.1192.0_x64__v10z8vjag6ke6 [2025-07-12] (HP Inc.)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.18.194.0_x64__43tkc6nmykmb6 [2025-07-28] (Ookla)
Virtual Piano -> C:\Program Files\WindowsApps\53716.VirtualPiano_4.0.0.4_x64__s67n2zjdheej8 [2025-04-20] (Παναγιώτης Παπαδημητρίου)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2532.3.0_x64__cv1g1gvanyjgm [2025-08-15] (WhatsApp Inc.) [Startup Task]
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.8.3.0_x64__gs5k5vmxr2ste [2025-08-26] (Matt Hafner)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{27fecc36-4773-45b4-946f-d9b8d2985ec0}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{2E2F83C0-00D8-4504-B84A-31D6A29BFD80}\InprocServer32 -> C:\Users\Fox\AppData\Local\Programs\Papa’s Best\STL Thumbnails\Best STL Thumbnails x64.dll (Papa’s Best) [File not signed]
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{50726f74-6f6e-2e56-504e-000000000000}\localserver32 -> C:\Program Files\Proton\VPN\v4.2.1\ProtonVPN.Client.exe (Proton AG -> ProtonVPN)
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{9325E30F-982B-4322-AFD3-F5586D8AB128}\localserver32 -> C:\Programy\TC UP\MEDIA\Programs\Vivaldi\Application\7.5.3735.64\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{b4175fb1-dff3-c216-a4be-a80de0dc90cf}\localserver32 -> "C:\Users\Fox\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{F2485C34-331C-4B39-A9BB-09C23D24C1E7}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-02] (Tonec Inc. -> Tonec FZE)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Programy\TC UP\MEDIA\Programs\AIMP\System\aimp_menu64.dll [2022-03-27] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1-x32: [TCUPShellExt] -> {544F5441-4C43-4D44-5550-5348454C4C00} => C:\Programy\TC UP\LIB\TCUPShellExt.dll [2023-11-26] (TC UP Team) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Programy\Vypalování-kopírování\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Programy\TC UP\MEDIA\Programs\AIMP\System\aimp_menu64.dll [2022-03-27] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers4-x32: [DiskInternals_cd_recovery] -> {6DD33479-D4D0-4666-93C8-F6DC46668518} => C:\PROGRA~2\DISKIN~1\CDANDD~1\contmenu.dll -> No File
ContextMenuHandlers4-x32: [TCUPShellExt] -> {544F5441-4C43-4D44-5550-5348454C4C00} => C:\Programy\TC UP\LIB\TCUPShellExt.dll [2023-11-26] (TC UP Team) [File not signed]
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Programy\Vypalování-kopírování\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Programy\Vypalování-kopírování\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\SysWOW64\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.mjpg] => C:\Windows\SysWOW64\mcmjpg32.dll [122880 2003-10-28] (MainConcept) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2024-09-18 16:16 - 2024-09-06 14:05 - 000946688 _____ () [File not signed] C:\ProgramData\Microsoft\Windows\Tools\{181e11ad-596a-4b9c-b600-03d18e7129e4}\nnsvc.dll
2024-09-18 16:16 - 2024-09-12 12:40 - 006908928 _____ () [File not signed] C:\ProgramData\Microsoft\Windows\Tools\{2c8cdec6-997a-44ff-9271-c0877b2f688a}\sx.dll
2024-09-18 16:16 - 2024-08-26 14:44 - 004352000 _____ () [File not signed] C:\ProgramData\Microsoft\Windows\Tools\{b2cbd99e-3b5c-4c90-ae82-365bb56722cc}\desvc.dll
2024-09-18 16:16 - 2024-08-14 13:42 - 001041408 _____ () [File not signed] C:\ProgramData\Microsoft\Windows\Tools\{b77d01b7-e05f-445d-8363-897f3fe182d0}\earn_sdk_32.dll
2024-10-03 18:16 - 2024-11-22 17:34 - 000349696 _____ () [File not signed] C:\ProgramData\Microsoft\Windows\Tools\OfficeAI\sdk.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2024-05-27 14:17 - 2011-05-04 15:53 - 000373248 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] C:\PNotes\libhunspell.dll
2017-08-13 08:49 - 2017-08-13 08:49 - 003664184 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2022-12-29 23:16 - 2021-06-19 02:55 - 001079909 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2022-12-29 23:16 - 2018-11-22 17:48 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
2022-12-29 23:16 - 2018-11-22 17:48 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Software\Classes\.cmd: => <==== ATTENTION

==================== Internet Explorer (Whitelisted) =============

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_461\bin\ssv.dll [2025-06-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_461\bin\jp2ssv.dll [2025-06-27] (Oracle America, Inc. -> Oracle Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE trusted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2025-08-28 09:07 - 000454708 ___RC C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15607 more lines.


2022-10-08 10:51 - 2022-10-08 21:27 - 000000517 ____C C:\Windows\system32\drivers\etc\hosts.ics

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.0.1
Windows Firewall is enabled.

Network Binding:
=============
FreedomeVPNConnection: Freedome Wintun Userspace Tunnel -> fsfreedomewintun.sys
Wi-Fi: Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC -> rtwlane_13.sys
Ethernet: Killer E2200 Gigabit Ethernet Controller -> e2xw10x64.sys

INSECURE_NPCAP: Npcap Packet Driver (NPCAP)

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\java8path;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Smart Projects\IsoBuster;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\Fox\AppData\Local\Microsoft\WindowsApps;C:\adb;C:\Program Files\dotnet\;C:\Program Files\nodejs\;C:\Program Files\Calibre2\
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Fox\Pictures\Wallpaper\Leopard_wallpap.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ ‍   .scr
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Windows\Cortana
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\[FTUApps.com] - F-Secure Freedome VPN v2.71.176.0 Multilingual RePack\F-Secure Freedome VPN 2.71.176.0 RePack by KpoJIuK\F-Secure.Freedome.VPN.v2.71.176.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\Any Video Converter Ultimate 7.1.6 Repack.rar
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\Freemake Video Converter Gold 4.1.13.153 Repack.rar
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\EaseUS Data Recovery Wizard Technician v16.0.0.0 Build 20230328 + Fix.zip
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\EaseUS_Data_Recovery_Wizard_Technician_15.2.0_Multilingual\EaseUS Data Recovery Wizard Technician 15.2.0 Multilingual\Crack\2. Patch x64.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\EaseUS_Data_Recovery_Wizard_Technician_15.2.0_Multilingual\EaseUS Data Recovery Wizard Technician 15.2.0 Multilingual\Crack\2. Patch x86.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\EaseUS_Data_Recovery_Wizard_Technician_15.2.0_Multilingual\EaseUS Data Recovery Wizard Technician 15.2.0 Multilingual\Crack\3. Activator.exe.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\ipacket\Vypálit\Auto\ScanMaster v2.1.771\ScanMaster v2.1.771.rar
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\ipacket\Vypálit\Video\AVIJOINER+CRK+CZ\digitbytestudioavijoinerv1.0keygeneclipse.zip
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\ipacket\Vypálit\Video\BB FlashBack\keygen.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\ipacket\Vypálit\Video\WinAviVideoConverter+VobSub\WinAVIVideoConverterCRK.rar
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\ipacket\Vypálit\Vypalování+Kopírování\CloneDVD 2.8.5.1\Patch.zip
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\Tag&Rename v3.9.15.7z
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\ipacket\Vypálit\Vypalování+Kopírování\CloneDVD 2.8.5.1\Keygen.zip
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\Ashampoo Burning Studio 24.0 Multilingual.rar
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\Autodesk EAGLE Premium 9.6.2.Full\Autodesk_EAGLE_9.6.2_English_Win_64bit.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\$RECYCLE.BIN\S-1-5-21-1220654465-1674008627-1598820287-1001\$RMZRY3P.zip
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\111 BORDEL\! ČUM\Bypass Windows Password_Ver_2019_04_01d.7z


==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Freemake Improver => 2
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_52F3496649232767C0EC3A6D2BD25D22"
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\StartupApproved\Run: => "Agent Tray"
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_09734546AAC0F6B0AFC7F868BD21179D"
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\StartupApproved\Run: => "YandexBrowserAutoLaunch_4D6BAD7FC36E9DC2DA85D6DCCA57BCF5"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{85D2244A-C85C-4855-A2D0-B70820043E49}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\MirandaNG\Miranda32.exe (Miranda NG team) [File not signed]
FirewallRules: [{D71E3596-D260-4A5B-B7D8-00779B00DA71}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\MirandaNG\Miranda32.exe (Miranda NG team) [File not signed]
FirewallRules: [{A2A48DFA-C0E7-4CAD-8F13-1A5859DA08DB}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{10FE99F8-8A6C-4906-A808-C5EF279F3C3D}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5917B2FC-F6AF-47A5-B592-EC88C2A38B1A}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{7C235E8B-1DF0-4E1D-9308-A40D6FECFCB3}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{1BE9E6D3-AA95-4011-A452-BF2CE357C382}] => (Allow) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe => No File
FirewallRules: [{F373A20E-E92E-4E75-A73F-838CBE1AB42D}] => (Allow) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe => No File
FirewallRules: [{84B80410-CABE-4E5B-939C-BEF7A3EBD5E6}] => (Allow) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe => No File
FirewallRules: [{FB8B4D0B-7D9E-4FB1-B8DE-2C38DA23D31D}] => (Allow) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe => No File
FirewallRules: [TCP Query User{4FBD6F91-00B4-44C3-AF46-C2401D6AC6B6}C:\programy\tc up\totalcmd.exe] => (Allow) C:\programy\tc up\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{C2FE6302-E845-4381-9A88-954435507CF8}C:\programy\tc up\totalcmd.exe] => (Allow) C:\programy\tc up\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{0C0D7342-74B4-4039-A777-18014B7AAA6E}] => (Allow) C:\Programy\Video-Tv\simpleTV (x64 vlc3016)\tv.exe (VSG) [File not signed]
FirewallRules: [{DBB06905-3684-430B-882D-5477BC00FAB6}] => (Allow) C:\Programy\Video-Tv\simpleTV (x64 vlc3016)\tv.exe (VSG) [File not signed]
FirewallRules: [{8372E379-E551-4B6C-B9FE-AC9EA8A73DA4}] => (Allow) C:\Programy\Video-Tv\simpleTV (x64 vlc3016)\tv.exe (VSG) [File not signed]
FirewallRules: [{F1E30A47-98C7-4544-98DB-A941486E8810}] => (Allow) C:\Programy\Video-Tv\simpleTV (x64 vlc3016)\tv.exe (VSG) [File not signed]
FirewallRules: [{EFC76650-5D14-48AF-BB01-5DCBB518B1AF}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{654AFA0C-0612-4EF9-B382-8710FF68E199}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5D7867C6-2669-4497-AB02-BF1AEBE19B30}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E42429EA-0CD1-4F05-860B-AC0BE6035F62}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{DF825983-3225-4A9C-A903-85F31C361D7B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{8043DDEE-1C36-4D0F-9372-70AB4B2A4FBE}D:\games\bobb\binaries\win64\bobb-win64-shipping.exe] => (Allow) D:\games\bobb\binaries\win64\bobb-win64-shipping.exe => No File
FirewallRules: [UDP Query User{368042EB-E179-4397-BB8B-A5200815F804}D:\games\bobb\binaries\win64\bobb-win64-shipping.exe] => (Allow) D:\games\bobb\binaries\win64\bobb-win64-shipping.exe => No File
FirewallRules: [{FA684627-4579-44F1-A4BB-A6D5AAE94B0F}] => (Allow) D:\Games\BOBB.exe => No File
FirewallRules: [{357B5088-EFC4-4E79-9C40-615BB51B8EBE}] => (Allow) D:\Games\BOBB.exe => No File
FirewallRules: [{1F955F67-6AB5-49E8-ACD1-2990F7995F1B}] => (Allow) D:\Games\BOBB.exe => No File
FirewallRules: [{AB9838DE-F129-4929-8708-36645582CC38}] => (Allow) D:\Games\BOBB.exe => No File
FirewallRules: [TCP Query User{FC365856-4156-4812-A116-1B0903C974CA}D:\downloads\bitcomet\black.one.blood.brothers.university.early.access\black one blood brothers\bobb\binaries\win64\bobb-win64-shipping.exe] => (Allow) D:\downloads\bitcomet\black.one.blood.brothers.university.early.access\black one blood brothers\bobb\binaries\win64\bobb-win64-shipping.exe => No File
FirewallRules: [UDP Query User{B1691DA0-9820-4C22-B0F1-843B5CAB4A62}D:\downloads\bitcomet\black.one.blood.brothers.university.early.access\black one blood brothers\bobb\binaries\win64\bobb-win64-shipping.exe] => (Allow) D:\downloads\bitcomet\black.one.blood.brothers.university.early.access\black one blood brothers\bobb\binaries\win64\bobb-win64-shipping.exe => No File
FirewallRules: [TCP Query User{8AEC5D1F-A7AE-4EB4-8C63-6840D9B7451E}C:\program files (x86)\eye cloud\superipcam.exe] => (Allow) C:\program files (x86)\eye cloud\superipcam.exe () [File not signed]
FirewallRules: [UDP Query User{AD2E1B54-47DA-469E-A5AC-C49A73F1CE51}C:\program files (x86)\eye cloud\superipcam.exe] => (Allow) C:\program files (x86)\eye cloud\superipcam.exe () [File not signed]
FirewallRules: [TCP Query User{B85749E0-3F5B-4DD1-A925-0A45322C7D57}C:\programy\tc up\media\tools\hfs\hfs.exe] => (Allow) C:\programy\tc up\media\tools\hfs\hfs.exe (rejetto) [File not signed]
FirewallRules: [UDP Query User{443D3914-1CAF-4A71-B221-67018B0276F0}C:\programy\tc up\media\tools\hfs\hfs.exe] => (Allow) C:\programy\tc up\media\tools\hfs\hfs.exe (rejetto) [File not signed]
FirewallRules: [TCP Query User{6BC9D510-2CAC-4E67-ABDA-E382AD2DE965}C:\programy\tc up\media\programs\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\programy\tc up\media\programs\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{688D87BB-0AF5-4CD9-95AC-68A8DC76B8CE}C:\programy\tc up\media\programs\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\programy\tc up\media\programs\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{CFB0073B-E086-494F-BB4D-2F2D2835358A}C:\users\fox\appdata\local\temp\_tc\setup.exe] => (Allow) C:\users\fox\appdata\local\temp\_tc\setup.exe => No File
FirewallRules: [UDP Query User{872E9076-EC5A-46D5-95FA-5A5915ADE7AE}C:\users\fox\appdata\local\temp\_tc\setup.exe] => (Allow) C:\users\fox\appdata\local\temp\_tc\setup.exe => No File
FirewallRules: [{9A2ABD6E-0C9F-469B-8376-AB6E895B662B}] => (Allow) LPort=8090
FirewallRules: [{31E6622F-CF28-4EDC-B77F-809E6440E053}] => (Allow) C:\Program Files\Agent\Agent.exe => No File
FirewallRules: [TCP Query User{92343596-856B-48D8-AAC2-2FF0E22028DB}C:\program files\agent\agenttray.exe] => (Allow) C:\program files\agent\agenttray.exe => No File
FirewallRules: [UDP Query User{23335467-A1F4-4ADE-B4F7-17BF1ACE0BB4}C:\program files\agent\agenttray.exe] => (Allow) C:\program files\agent\agenttray.exe => No File
FirewallRules: [{B7B18275-0D77-4794-98FF-79612D1971C6}] => (Allow) C:\Program Files\Agent\Agent.exe => No File
FirewallRules: [{01F6B7BD-3C89-4183-A49B-4AA1917DCB4F}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\VideoConverter.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [{03EB61DC-01D6-475C-988A-678258F24DE7}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\VideoConverter.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [{6D7478FE-4FC3-4CB2-86F9-64ADB2ECCB17}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\Updater.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [{7CA69612-6762-4E15-A8C6-040FDB6C359F}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\Updater.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [TCP Query User{A79C06FE-267F-414A-874B-F169051A9CA6}C:\programy\3d\creality slicer\crealityslicer.exe] => (Allow) C:\programy\3d\creality slicer\crealityslicer.exe () [File not signed]
FirewallRules: [UDP Query User{7569DBFD-CAF0-4EA6-B6CB-58357C35B2AD}C:\programy\3d\creality slicer\crealityslicer.exe] => (Allow) C:\programy\3d\creality slicer\crealityslicer.exe () [File not signed]
FirewallRules: [TCP Query User{047B58BE-C112-4BCD-879D-1E770839F316}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D900DDBB-B0A0-4E3D-9EFA-6A9DFBA02C01}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{8E674C59-0530-47F7-ACD8-E7205DCA7980}C:\programy\tc up\totalcmd64.exe] => (Allow) C:\programy\tc up\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{35450AD6-F55B-46C0-9288-24BC35876D47}C:\programy\tc up\totalcmd64.exe] => (Allow) C:\programy\tc up\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{7F8F5B19-13C3-4B81-9363-198707928664}C:\users\fox\desktop\active\netfabb.exe] => (Allow) C:\users\fox\desktop\active\netfabb.exe => No File
FirewallRules: [UDP Query User{0EF7CA1C-C0C1-44D3-A07D-958BB07B97AE}C:\users\fox\desktop\active\netfabb.exe] => (Allow) C:\users\fox\desktop\active\netfabb.exe => No File
FirewallRules: [{094DAC17-B4EE-40AA-92C0-6A465F01F4AF}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{8F77E11A-6F4B-4AA5-83D4-44A334704C90}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{1BFB21ED-7EC2-40F3-B435-3A42B9D62D4C}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [File not signed]
FirewallRules: [UDP Query User{925548BA-6F69-416A-9456-F95D6312A5E0}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [File not signed]
FirewallRules: [TCP Query User{C12E708B-F01A-4370-9FFA-B49A3B98F8DB}E:\start.exe] => (Allow) E:\start.exe => No File
FirewallRules: [UDP Query User{500E6930-D264-42E7-B464-4CD37CCE5E1A}E:\start.exe] => (Allow) E:\start.exe => No File
FirewallRules: [{174DF89B-227B-4009-B506-EF3CB2B349BA}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{7E83C82F-7860-4231-B942-4C65DC0EC392}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{8CF434AA-DB10-421A-9252-CEC51D814B04}C:\program files (x86)\cesarftp\server.exe] => (Allow) C:\program files (x86)\cesarftp\server.exe () [File not signed]
FirewallRules: [UDP Query User{C3091409-0F6E-4012-A267-AA0FC08DF4E4}C:\program files (x86)\cesarftp\server.exe] => (Allow) C:\program files (x86)\cesarftp\server.exe () [File not signed]
FirewallRules: [{EB1802F7-1036-4579-8B0C-78D244B9C4B1}] => (Allow) C:\Users\Fox\AppData\Local\Temp\_tc\KonBootInstaller.exe => No File
FirewallRules: [TCP Query User{BC84691B-C6C5-48A9-8F18-0161A4015BA5}C:\program files\vidjuice\vidjuice unitube\vidjuice unitube.exe] => (Allow) C:\program files\vidjuice\vidjuice unitube\vidjuice unitube.exe (Mobee Technology Co., Limited -> Mobee Technology Co., Limited)
FirewallRules: [UDP Query User{97B4DE73-A9BD-403E-9FD2-5E6B71A64EB8}C:\program files\vidjuice\vidjuice unitube\vidjuice unitube.exe] => (Allow) C:\program files\vidjuice\vidjuice unitube\vidjuice unitube.exe (Mobee Technology Co., Limited -> Mobee Technology Co., Limited)
FirewallRules: [{CB34375A-6D06-4656-84B8-0D6A56F36BA9}] => (Allow) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [TCP Query User{B58B80FF-7EB6-44CD-9F6A-ED0D708B2029}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8FA8DC1D-CA2D-44C8-AAAB-287048D6181D}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [{043681AF-06DF-4083-ACF0-DCE59F99F074}] => (Allow) C:\Users\Fox\Desktop\EaseUS.Fixo.Technician.2.0.8_20240902.Portable.KaranPC\App\EaseUS Fixo\Fixo.exe => No File
FirewallRules: [{930F435F-BE96-4579-8DF3-1306294060D8}] => (Allow) C:\Programy\Video-Tv\EaseUS.Fixo.Technician.2.0.8_20240902.Portable.KaranPC\App\EaseUS Fixo\Fixo.exe (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{9af505ec-2aa1-4542-bed3-1b6d690d3910}] => (Allow) C:\ProgramData\Microsoft\Windows\Tools\AI\bgm.exe => No File
FirewallRules: [TCP Query User{DE4E3616-BF42-4F17-83D8-131621D9C1B6}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{4A504044-51DE-47A3-91B0-AB16CF1813F4}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [{06E2B2D2-2055-49B5-BA79-E21982D2B464}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\MirandaNG\Miranda32.exe (Miranda NG team) [File not signed]
FirewallRules: [{941EB4AD-239D-4421-87D9-645867D9BBE8}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\MirandaNG\Miranda32.exe (Miranda NG team) [File not signed]
FirewallRules: [{735967B9-0C04-4F2D-8C36-DA508CD6D4FE}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{17A0F0C3-CC94-4852-9A40-37D48036D75A}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{30FEEF94-69E7-4B93-8FCD-449D12B91F0D}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A49FA409-622E-4BEB-9487-C7E6EB3FCF12}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{273D766E-3B82-43E8-9C22-3A76F40A8711}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{7161B14C-E44C-4E0A-BE57-3CC44550CE25}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{A5AF7177-572C-4D2A-A26A-66F13E4D90D4}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{0C91F4B4-F1A7-49D6-96B6-E3344356EF05}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{5CCD8D1E-312D-443C-814A-9EA864D03D85}D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [UDP Query User{27B746EF-EAF9-43B5-9E1D-E398B1968EC3}D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [{B1847561-2796-4A95-9D68-3BC8F64E7BE7}] => (Allow) C:\Programy\Video-Tv\EaseUS.Fixo.Technician.2.0.8_20240902.Portable.KaranPC\App\EaseUS Fixo\Fixo.exe (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [TCP Query User{D57B75DF-B6AC-4DF6-AFB9-A7E981F23D28}C:\program files (x86)\java\jre1.8.0_441\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_441\bin\javaw.exe => No File
FirewallRules: [UDP Query User{E0FF83B8-BAD4-4899-81D7-5FEF928AF6B6}C:\program files (x86)\java\jre1.8.0_441\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_441\bin\javaw.exe => No File
FirewallRules: [TCP Query User{5E7FCC69-8450-4A1E-9A5E-9B5683D3A44D}C:\programy\3d\ultimaker cura\ultimaker cura 5.9.1\ultimaker-cura.exe] => (Allow) C:\programy\3d\ultimaker cura\ultimaker cura 5.9.1\ultimaker-cura.exe => No File
FirewallRules: [UDP Query User{0A4AD823-EDB3-4A83-A9A0-BF26C344795F}C:\programy\3d\ultimaker cura\ultimaker cura 5.9.1\ultimaker-cura.exe] => (Allow) C:\programy\3d\ultimaker cura\ultimaker cura 5.9.1\ultimaker-cura.exe => No File
FirewallRules: [TCP Query User{2C7FE82C-C699-4C2A-9042-E4624F2E2EAB}C:\adbappcontrol-1.8.6\adb\adb.exe] => (Allow) C:\adbappcontrol-1.8.6\adb\adb.exe (Google LLC -> )
FirewallRules: [UDP Query User{10E44A52-2737-4A3D-A256-3883C7439B20}C:\adbappcontrol-1.8.6\adb\adb.exe] => (Allow) C:\adbappcontrol-1.8.6\adb\adb.exe (Google LLC -> )
FirewallRules: [TCP Query User{58B24015-C8F0-497E-BB59-D53413A32CD5}C:\adb_appcontrol\adb\adb.exe] => (Allow) C:\adb_appcontrol\adb\adb.exe (Google LLC -> )
FirewallRules: [UDP Query User{6A1ADF69-0233-4547-9905-A7067F00E9C3}C:\adb_appcontrol\adb\adb.exe] => (Allow) C:\adb_appcontrol\adb\adb.exe (Google LLC -> )
FirewallRules: [{BEAE675C-EF77-4E2D-8C9E-AEE2FC58A7B1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{51E5A682-A9FA-4A3C-AAB8-95BD7A04B204}C:\programy\3d\ultimaker cura\ultimaker cura 5.10.0\ultimaker-cura.exe] => (Allow) C:\programy\3d\ultimaker cura\ultimaker cura 5.10.0\ultimaker-cura.exe => No File
FirewallRules: [UDP Query User{7247441C-F1C0-4A9E-B94E-9A46E308578F}C:\programy\3d\ultimaker cura\ultimaker cura 5.10.0\ultimaker-cura.exe] => (Allow) C:\programy\3d\ultimaker cura\ultimaker cura 5.10.0\ultimaker-cura.exe => No File
FirewallRules: [TCP Query User{CB5C981B-4464-46DB-AB07-2F2CBCD9486E}C:\program files (x86)\java\jre1.8.0_451\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_451\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DC0B785E-556A-4D17-9AC3-B05F7AFE21E3}C:\program files (x86)\java\jre1.8.0_451\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_451\bin\javaw.exe => No File
FirewallRules: [{B79FEC59-B287-4D2E-A7C2-E1225DA1C961}] => (Allow) C:\Programy\Video-Tv\EaseUS.Fixo.Technician.2.0.8_20240902.Portable.KaranPC\App\EaseUS Fixo\Fixo.exe (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{7E72EEA9-3EA4-42B5-BB6B-541799FCDDFD}] => (Allow) C:\Programy\3D\UltiMaker Cura\UltiMaker-Cura.exe (Ultimaker B.V. -> )
FirewallRules: [{E0C8E67D-148D-4600-BC95-56E423470644}] => (Allow) C:\Programy\3D\UltiMaker Cura\CuraEngine.exe (Ultimaker B.V. -> Ultimaker BV.)
FirewallRules: [TCP Query User{32F157FE-6D3B-4430-ABE3-6A99E6B3D1D4}C:\program files (x86)\java\jre1.8.0_461\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_461\bin\javaw.exe
FirewallRules: [UDP Query User{6A7C4DCE-B1C2-431B-AF19-561118036246}C:\program files (x86)\java\jre1.8.0_461\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_461\bin\javaw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

28-08-2025 10:54:01 Revo Uninstaller Pro's restore point - Malwarebytes version 5.3.7.209

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/28/2025 10:55:08 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (08/28/2025 10:53:59 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {a7c71db1-b298-45f9-8531-e3b43596d988}

Error: (08/27/2025 04:44:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/27/2025 04:02:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: nnsvc.exe, verze: 0.0.0.0, časové razítko: 0x66db3af2
Název chybujícího modulu: nnsvc.dll, verze: 0.0.0.0, časové razítko: 0x66cf5f2a
Kód výjimky: 0xc0000409
Posun chyby: 0x0009192e
ID chybujícího procesu: 0xa00
Čas spuštění chybující aplikace: 0x01dc174c5d6d31ee
Cesta k chybující aplikaci: C:\ProgramData\Microsoft\Windows\Tools\{181e11ad-596a-4b9c-b600-03d18e7129e4}\nnsvc.exe
Cesta k chybujícímu modulu: C:\ProgramData\Microsoft\Windows\Tools\{181e11ad-596a-4b9c-b600-03d18e7129e4}\nnsvc.dll
ID zprávy: c9715507-a941-4cd2-95ca-35adff1756e9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (08/27/2025 03:42:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Repocket.exe, verze: 1.0.0.0, časové razítko: 0x6720f3fa
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x053944c7
ID chybujícího procesu: 0x2f60
Čas spuštění chybující aplikace: 0x01dc17568b44efe7
Cesta k chybující aplikaci: C:\Windows\Copilot\current\Repocket.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 3b8eaeb4-63ae-4a5c-97ed-dabae3caccfa
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (08/27/2025 03:42:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Repocket.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.NullReferenceException
na com.geonode.repocket_package.Runtime.Scripts.P2P.RepocketSocket.StartReceive()
na com.geonode.repocket_package.Runtime.Scripts.P2P.RepocketSocket.ProcessReceive(System.Net.Sockets.SocketAsyncEventArgs)
na com.geonode.repocket_package.Runtime.Scripts.P2P.RepocketSocket.OnReceiveCompleted(System.Object, System.Net.Sockets.SocketAsyncEventArgs)
na System.Net.Sockets.SocketAsyncEventArgs.OnCompleted(System.Net.Sockets.SocketAsyncEventArgs)
na System.Net.Sockets.SocketAsyncEventArgs.ExecutionCallback(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Net.Sockets.SocketAsyncEventArgs.FinishOperationSuccess(System.Net.Sockets.SocketError, Int32, System.Net.Sockets.SocketFlags)
na System.Net.Sockets.SocketAsyncEventArgs.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
na System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (08/27/2025 12:35:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {fbab8ffc-d9a7-4313-9fdd-5d3c93fc1eb4}

Error: (08/27/2025 12:18:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Webshare klient.exe verze 8.6.2.4 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 15fc

Čas spuštění: 01dc172d1f60e9c6

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\Webshare klient\Webshare klient.exe

ID hlášení: ac35edf8-f8a1-4f6d-8a9c-499c2d08075b

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle


System errors:
=============
Error: (08/28/2025 10:41:45 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (08/28/2025 08:45:09 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (08/28/2025 08:45:09 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (08/28/2025 08:42:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Aktualizace Google (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (08/28/2025 08:42:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Aktualizace Google (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (08/28/2025 08:42:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Agent neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (08/28/2025 08:40:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba JANA timezone 2.12.41 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (08/28/2025 08:40:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HuaweiHiSuiteService64.exe neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Windows Defender:
================
Date: 2025-08-28 09:00:19
Description:
Antivirová ochrana v programu Microsoft Defender ŝĉàʼn нåš ъè℮η śţőррзð веƒσге ćóмрľ℮ŧĭσň.%и %ťŚĉăй ĪÐ:%в{5F36607A-545E-4103-B14D-D75587A84B5A}%ʼn %тŜċàή Τỳφέ:%ьAntimalwarový program%ň %ŧЅĉăп Рàřáméŧėяѕ:%ъÚplné prohledávání%ή %ŧЦŝèя:%ъDESKTOP-9B6JPPE\Fox%ʼn %тŞтøр Ŕęаśòή:%ь∆вôŕŧěð ъў ŧĥέ сŀίέⁿŧ

Date: 2025-08-27 17:01:09
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.AB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: containerfile:_D:\ipacket\Vypálit\Vypalování+Kopírování\CloneDVD 2.8.5.1\Keygen.zip; file:_D:\ipacket\Vypálit\Vypalování+Kopírování\CloneDVD 2.8.5.1\Keygen.zip->SlysoftCloneDVD2Keygen.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.435.418.0, AS: 1.435.418.0, NIS: 1.435.418.0
Verze modulu: AM: 1.1.25070.4, NIS: 1.1.25070.4

Date: 2025-08-27 17:01:09
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Adware:Win32/Adrepack
Závažnost: Vysoké
Kategorie: Software placený zobrazováním reklamy
Cesta: file:_D:\Downloads\Bitcomet\[FTUApps.com] - F-Secure Freedome VPN v2.71.176.0 Multilingual RePack\F-Secure Freedome VPN 2.71.176.0 RePack by KpoJIuK\F-Secure.Freedome.VPN.v2.71.176.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.435.418.0, AS: 1.435.418.0, NIS: 1.435.418.0
Verze modulu: AM: 1.1.25070.4, NIS: 1.1.25070.4

Date: 2025-08-27 17:01:08
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Trickbot
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: containerfile:_D:\Downloads\Bitcomet\Tag&Rename v3.9.15.7z; file:_D:\Downloads\Bitcomet\Tag&Rename v3.9.15.7z->v1 patch.7z->tagrename-3.9.x-patch.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.435.418.0, AS: 1.435.418.0, NIS: 1.435.418.0
Verze modulu: AM: 1.1.25070.4, NIS: 1.1.25070.4

Date: 2025-08-27 17:01:08
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:MSIL/Heracles.ARA!MTB
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: containerfile:_D:\Downloads\Bitcomet\EaseUS Data Recovery Wizard Technician v16.0.0.0 Build 20230328 + Fix.zip; file:_D:\Downloads\Bitcomet\EaseUS Data Recovery Wizard Technician v16.0.0.0 Build 20230328 + Fix.zip->EaseUS Data Recovery Wizard Technician v16.0.0.0 Build 20230328 + Fix/Setup/setup.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.435.418.0, AS: 1.435.418.0, NIS: 1.435.418.0
Verze modulu: AM: 1.1.25070.4, NIS: 1.1.25070.4
Event[0]:

Date: 2025-08-28 09:01:31
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o obnovení položky z karantény.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/crack
Závažnost: Vysoké
Kategorie: Nástroj
Uživatel: DESKTOP-9B6JPPE\Fox
Kód chyby: 0x80508014
Popis chyby: Položku v karanténě nelze obnovit.
Verze bezpečnostních informací: AV: 1.435.437.0, AS: 1.435.437.0
Verze modulu: 1.1.25070.4

Date: 2025-06-18 11:36:04
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Monitorování chování
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: Ovladač filtru vyžaduje ke správnému fungování aktuální modul. Pokud chcete povolit ochranu v reálném čase, je nutné nainstalovat nejnovější aktualizace bezpečnostních informací.

Date: 2024-12-10 10:26:31
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Monitorování chování
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: Ovladač filtru vyžaduje ke správnému fungování aktuální modul. Pokud chcete povolit ochranu v reálném čase, je nutné nainstalovat nejnovější aktualizace bezpečnostních informací.

Date: 2024-11-14 17:32:54
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Monitorování chování
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: Ovladač filtru vyžaduje ke správnému fungování aktuální modul. Pokud chcete povolit ochranu v reálném čase, je nutné nainstalovat nejnovější aktualizace bezpečnostních informací.

Date: 2024-10-17 09:41:14
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.547.0
Předchozí verze bezpečnostních informací: 1.419.417.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80004004
Popis chyby: Operace přerušena

CodeIntegrity:
===============
Date: 2025-08-28 10:55:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.

Date: 2025-08-28 10:55:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.

Date: 2025-08-28 10:55:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. E16GCIMS.216 11/15/2013
Motherboard: Micro-Star International Co., Ltd. MS-16GC
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 49%
Total physical RAM: 16304.02 MB
Available physical RAM: 8222.28 MB
Total Virtual: 17328.02 MB
Available Virtual: 8009.23 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:111.18 GB) (Free:28.64 GB) (Model: KINGSTON SMS200S3120G) NTFS
Drive d: (DATA) (Fixed) (Total:465.76 GB) (Free:266.29 GB) (Model: TOSHIBA MQ01ABF050) NTFS

\\?\Volume{541abc26-796e-473c-96dd-49b855f83705}\ () (Fixed) (Total:0.5 GB) (Free:0.48 GB) NTFS
\\?\Volume{0b53f683-334c-4854-8082-363a61caf971}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5F5AC42E)

Partition: GPT.

==========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 96FA0516)

Partition: GPT.

==================== End of Addition.txt =======================

[Rudy]

Zdravím!
Spusťte nejprve tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[foxy]

# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-28-2025
# Duration: 00:00:19
# OS: Windows 10 (Build 19045.6216)
# Scanned: 32096
# Detected: 13


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\ProgramData\Tencent
PUP.Optional.Legacy C:\Users\Fox\AppData\Local\Tencent
PUP.Optional.Legacy C:\Users\Fox\AppData\Roaming\Tencent
PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Adware.Heuristic HKCU\SOFTWARE\05CEF91FAD91B127CE00
PUP.Adware.Heuristic HKCU\SOFTWARE\05cef91fad91b127ce00349785dafe8e
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

[Rudy]

OK. Dejte nové logy FRST+Addition.

[foxy]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2025
Ran by Fox (administrator) on DESKTOP-9B6JPPE (Micro-Star International Co., Ltd. GE60 2OC\2OD\2OE) (28-08-2025 15:34:06)
Running from C:\Users\Fox\Desktop\FRST64.exe
Loaded Profiles: Fox
Platform: Microsoft Windows 10 Pro Version 22H2 19045.6216 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\PNotes\PNotes.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(C:\Program Files\Elantech\ETDService.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(explorer.exe ->) () [File not signed] C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vždy navrchu.exe
(explorer.exe ->) (Andrey Gruber) [File not signed] C:\PNotes\PNotes.exe
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\Fox\AppData\Roaming\Telegram Desktop\Telegram.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(svchost.exe ->) () [File not signed] C:\ProgramData\Microsoft\Windows\Tools\OfficeAI\aisvchost.exe
(svchost.exe ->) () [File not signed] C:\Windows\OneDrive\onedrivesync.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2532.3.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe
(svchost.exe ->) (KUCHIKU LTD -> ) C:\ProgramData\Microsoft\Windows\Tools\{181e11ad-596a-4b9c-b600-03d18e7129e4}\nnsvc.exe
(svchost.exe ->) (KUCHIKU LTD -> ) C:\ProgramData\Microsoft\Windows\Tools\{2c8cdec6-997a-44ff-9271-c0877b2f688a}\sxhost.exe
(svchost.exe ->) (KUCHIKU LTD -> ) C:\ProgramData\Microsoft\Windows\Tools\{b2cbd99e-3b5c-4c90-ae82-365bb56722cc}\desvchost.exe
(svchost.exe ->) (KUCHIKU LTD -> ) C:\ProgramData\Microsoft\Windows\Tools\{b77d01b7-e05f-445d-8363-897f3fe182d0}\sdkhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3375056 2017-11-21] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5204968 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.10\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752208 2025-06-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7340184 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\Run: [Agent Tray] => C:\Program Files\Agent\AgentTray.exe (No File)
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\MountPoints2: {6ac952ca-939d-11ee-b0a9-240a64eab616} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\MountPoints2: {6ac95977-939d-11ee-b0a9-240a64eab616} - "F:\HTC_Sync_Manager_PC.exe"
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\135.0.7049.96\Installer\chrmstp.exe [2025-04-18] (Google LLC -> Google LLC)
Startup: C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PNotes.lnk [2024-05-27]
ShortcutTarget: PNotes.lnk -> C:\PNotes\PNotes.exe (Andrey Gruber) [File not signed]
Startup: C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCUP64.lnk [2023-08-13]
ShortcutTarget: TCUP64.lnk -> C:\Programy\TC UP\TCUP64.exe (TC UP Team) [File not signed]
Startup: C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vždy navrchu.exe [2022-07-11] () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2024-03-18]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {9BD1790A-0399-4BB4-ADAD-3777F8458F94} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [81928 2025-07-12] (HP Inc. -> HP Inc.)
Task: {9C079457-CFB5-4C32-9A1C-051B9E09DFFA} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [81928 2025-07-12] (HP Inc. -> HP Inc.)
Task: {620EDBBC-13F3-46CB-9FA1-5DC10EA0E536} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2401792 2025-06-09] () [File not signed]
Task: {40365F9E-39B1-4773-8D7D-4B559A2DC8F5} - System32\Tasks\Microsoft\Office\Copilot Optimization => C:\ProgramData\Microsoft\Windows\Tools\OfficeAI\aisvchost.exe [13312 2024-11-22] () [File not signed] <==== ATTENTION
Task: {DBCFB613-D6CA-4901-BAED-E630AB0AAE3F} - System32\Tasks\Microsoft\Windows\Copilot\Copilot Update => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [455680 2024-02-14] (Microsoft Windows -> Microsoft Corporation) -> -ExecutionPolicy Bypass C:\Windows\Copilot\update.ps1 <==== ATTENTION
Task: {7BDA8E1D-7654-4359-9DC1-B02842648DB0} - System32\Tasks\Microsoft\Windows\Defrag\Defrag Engine => C:\ProgramData\Microsoft\Windows\Tools\{b2cbd99e-3b5c-4c90-ae82-365bb56722cc}\desvchost.exe [27320 2024-09-02] (KUCHIKU LTD -> ) <==== ATTENTION
Task: {DF909F1D-E9CE-4792-8147-B249DB5003BF} - System32\Tasks\Microsoft\Windows\Defrag\Fragmentation Manager => C:\ProgramData\Microsoft\Windows\Tools\{85c559a7-e331-49d6-a96a-73f1be4e7e30}\fm.exe (No File) <==== ATTENTION
Task: {0685E0C6-CCD8-49DA-B87E-A4C60C7C80B1} - System32\Tasks\Microsoft\Windows\Experimental\Experimental Host => C:\ProgramData\Microsoft\Windows\Tools\{b77d01b7-e05f-445d-8363-897f3fe182d0}\sdkhost.exe [22200 2024-09-02] (KUCHIKU LTD -> ) <==== ATTENTION
Task: {81B7F7D4-5A90-47C6-89D7-EFAD3B5EDA4C} - System32\Tasks\Microsoft\Windows\NetTrace\Net Neutrality Service => C:\ProgramData\Microsoft\Windows\Tools\{181e11ad-596a-4b9c-b600-03d18e7129e4}\nnsvc.exe [22712 2024-09-14] (KUCHIKU LTD -> ) <==== ATTENTION
Task: {3FEE9DF0-5F8D-43B3-ACC6-15C58233BA8E} - System32\Tasks\Microsoft\Windows\NetTrace\RefreshNetworkInfo => "%PROGRAMDATA%\NetTrace\1.0.0\refreshNetworkInfo.cmd" ->
Task: {4F2D2FA6-C4AB-4C8D-B0EE-F57B786038A1} - System32\Tasks\Microsoft\Windows\OneDrive\OndeDrive Sync => C:\Windows\OneDrive\onedrivesync.exe [1370624 2024-06-05] () [File not signed]
Task: {F23FAFB3-E33E-456B-86B6-7F3026683A95} - System32\Tasks\Microsoft\Windows\OneDrive\OneDrive Sync => C:\Program Files\nodejs\node.exe [69763224 2024-07-08] (OpenJS Foundation -> Node.js) -> C:\Windows\OneDrive\onedrivesync.js <==== ATTENTION
Task: {E7A9449E-A008-4B5B-A662-EF32F8D8832A} - System32\Tasks\Microsoft\Windows\Remote Assistant Host => C:\ProgramData\Microsoft\Windows\Tools\{3a40afdb-daa7-4812-8494-a3e3075ff2c9}\rasvc.exe (No File) <==== ATTENTION
Task: {A929B2D1-1CAF-483E-B8CA-C13E1D28A9DE} - System32\Tasks\Microsoft\Windows\SyncCenter\SyncX SDK => C:\ProgramData\Microsoft\Windows\Tools\{2c8cdec6-997a-44ff-9271-c0877b2f688a}\sxhost.exe [24248 2024-09-14] (KUCHIKU LTD -> ) <==== ATTENTION
Task: {3EDFEEEA-5162-4167-A009-519E1F401E8A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34944 2025-08-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {6C8B5DEE-0751-4A37-AA15-C32520064A58} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [File not signed]
Task: {DAD084A8-919E-483C-B8B9-330B894764E2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5363552 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {0C248473-61A1-4F13-B4EB-F412810C5250} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5629064 2021-11-23] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {0254D4D7-2265-41C4-9767-C5640EE9216F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6093928 2021-12-20] (Safer-Networking Limited -> Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{59a1b74a-d259-44a0-921f-b6d1b99a0986}: [NameServer] 10.77.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\1427368656270214855353020527F6: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\1427368656270214855353020527F6F564F485: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\1427368656270214855353020527F6F564F485F5548747: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\4505D2C494E4B4F513147343F564F485: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\4505D2C494E4B4F513147343F564F485F5548545: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\4505D2C494E4B4F513147343F564F485F5548747: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\4505D2C494E4B4F513147343F564F485F5548747: [DhcpDomain] WiFi-Repeater
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\4505D2C496E6B6F543831334: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\4505D2C496E6B6F543831334F564F485: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\75966496D22556075616475627: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\75966496D22556075616475627: [DhcpDomain] WiFi-Repeater
Tcpip\..\Interfaces\{c435e24f-305d-4855-a897-a7d0b9d5326c}\8445340205F627471626C6560284F6473707F6470293336444: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\Fox\AppData\Local\Microsoft\Edge\User Data\Default [2025-08-20]
Edge Session Restore: Default -> is enabled.
Edge Extension: (Dokumenty Google offline) - C:\Users\Fox\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-05-07]
Edge Extension: (Edge relevant text changes) - C:\Users\Fox\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-26]
Edge HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2024-10-15]

FireFox:
========
FF DefaultProfile: xyo9xd4z.default
FF ProfilePath: C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xfi1p5h2.Muj [2025-08-28]
FF ProfilePath: C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xyo9xd4z.default [2025-08-28]
FF ProfilePath: C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441 [2025-08-28]
FF DownloadDir: C:\Users\fox\Desktop
FF Homepage: Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441 -> hxxps://www.google.cz
FF NewTab: Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10429__180226__yaff
FF NetworkProxy: Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441 -> backup.ftp", "82.208.6.168"
FF Session Restore: Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441 -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441 -> hxxps://web.whatsapp.com; hxxps://web.telegram.org; hxxps://www.tipli.cz; hxxps://www.pilsfree.cloud; hxxps://mail.proton.me
FF Extension: (Tipli do prohlížeče) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\@tipli-do-prohlizece-.xpi [2021-08-09]
FF Extension: (Firefox DevTools ADB Extension) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\adb@mozilla.org.xpi [2024-04-23] [UpdateUrl:hxxps://ftp.mozilla.org/pub/labs/devtools/adb-extension/win32/update.json]
FF Extension: (Brief) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\brief@mozdev.org.xpi [2025-06-23]
FF Extension: (anonymoX) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\client@anonymox.net.xpi [2025-05-23]
FF Extension: (File Converter - By Online-Convert.com) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\firefox@online-convert.com.xpi [2023-05-14]
FF Extension: (Firefox Color) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\FirefoxColor@mozilla.com.xpi [2021-06-02]
FF Extension: (SaveFrom.net helper) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\helper@savefrom.net.xpi [2025-08-05]
FF Extension: (Privacy Badger) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2025-06-06]
FF Extension: (KProxy Extension) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\jid1-XgC5trUcILmXBw@jetpack.xpi [2022-09-02]
FF Extension: (Klient aplikace Hesla pro Nextcloud) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\ncpasswords@mdns.eu.xpi [2025-04-20]
FF Extension: (Open Tabs Next to Current) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\opentabsnexttocurrent@sblask.xpi [2022-07-27]
FF Extension: (Page Hacker) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\pagehacker-nico@nc.xpi [2024-05-09]
FF Extension: (Firefox Relay) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\private-relay@firefox.com.xpi [2023-12-09]
FF Extension: (Tab Session Manager) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\Tab-Session-Manager@sienori.xpi [2025-04-07]
FF Extension: (Tree Style Tab) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2025-07-15]
FF Extension: (uBlock Origin) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\uBlock0@raymondhill.net.xpi [2025-07-16]
FF Extension: (Alitools - nákupní asistent) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{019f5290-6afb-4863-bc31-87cc0b6adb25}.xpi [2025-07-12]
FF Extension: (Classic Blue) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{065a1db8-6bba-4e1e-bcdc-d3dd53b68828}.xpi [2023-05-05]
FF Extension: (Microsoft Office - Dark Gray) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{1c41d9fb-f904-4d38-850f-074312f06e64}.xpi [2021-06-02]
FF Extension: (Startpage — Private Search Engine) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2025-01-18]
FF Extension: (Open in VLC™ media player) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{6b954d17-d17c-4a19-8fe6-ee8052a562d6}.xpi [2025-04-23]
FF Extension: (10 Minutes Email - 10 min disposable email) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{82e0b600-2a0b-47d0-8b83-28fd982e451d}.xpi [2023-02-12]
FF Extension: (Y2mate.com - YouTube Converter & Downloader) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{8f4bbf79-5514-4d04-a901-d5fabfe91d73}.xpi [2023-12-19]
FF Extension: (DarkTheme) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{99c277af-d778-4a0b-9faa-b1d8165f0a55}.xpi [2021-09-17]
FF Extension: (ImTranslator: Překladač, Slovník, Hlas) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2025-08-20]
FF Extension: (Matte Black (Red)) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{a7589411-c5f6-41cf-8bdc-f66527d9d930}.xpi [2022-02-24]
FF Extension: (Foxified) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{b1da6234-8e0a-4001-87ff-e5fd0613de04}.xpi [2024-04-06] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Dracula Dark Theme) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{b743f56d-1cc1-4048-8ba6-f9c2ab7aa54d}.xpi [2024-12-22]
FF Extension: (Video DownloadHelper) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2025-06-04]
FF Extension: (Aliexpress SuperStar česky, Historie cen) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{ee0c7fbe-ee67-40b9-a6b5-21ec240ca8ae}.xpi [2023-11-05]
FF Extension: (YouTube Flash Video Player) - C:\Users\Fox\AppData\Roaming\Mozilla\Firefox\Profiles\xgdzyy41.default-release-1658948394441\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2024-04-26]
FF HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Fox\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Fox\AppData\Roaming\IDM\idmmzcc5 [2022-06-16] [Legacy] [not signed]
FF HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy]
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-04-20] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-04-20] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-04-20] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-04-20] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-04-20] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.461.0 -> C:\Program Files (x86)\Java\jre1.8.0_461\bin\dtplugin\npDeployJava1.dll [2025-06-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.461.0 -> C:\Program Files (x86)\Java\jre1.8.0_461\bin\plugin2\npjp2.dll [2025-06-27] (Oracle America, Inc. -> Oracle Corporation)

Chrome:
=======
CHR Profile: C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default [2025-08-28]
CHR Session Restore: Default -> is enabled.
CHR Extension: (3DTin) - C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi [2023-03-09]
CHR Extension: (video downloader - CocoCut) - C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhbcipncbkfpkaianbjbcbmfehjflpf [2025-08-07]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2025-08-24]
CHR Extension: (Open in VLC™ media player) - C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpiinojhnfhpdmmacgmpoonphhimkaj [2025-02-09]
CHR Extension: (Video Downloader HD) - C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcbiamenoghegpghidohnfegcepamdm [2025-02-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Fox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-07-27]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-10-15]
CHR HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-10-15]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2024-10-15]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2361576 2022-04-20] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243720 2025-07-12] (HP Inc. -> HP Inc.)
S3 LibreOfficeMaintenance; C:\Program Files\LibreOffice\program\update_service.exe [123304 2025-08-13] (The Document Foundation -> The Document Foundation)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpDefenderCoreService.exe [2050952 2025-08-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v4.2.1\ProtonVPNService.exe [464624 2025-07-16] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v4.2.1\ProtonVPN.WireGuardService.exe [464112 2025-07-16] (Proton AG -> ProtonVPN)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2782080 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4605312 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [918456 2025-08-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\NisSrv.exe [4517784 2025-08-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MsMpEng.exe [282464 2025-08-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Agent; "C:\Program Files\Agent\Agent.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [76800 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [74872 2023-03-01] (Microsoft Windows Hardware Compatibility Publisher -> wch.cn)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [34368 2018-01-16] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [30280 2018-07-19] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R3 fsfreedomewintun; C:\Windows\System32\drivers\fsfreedomewintun.sys [31248 2024-03-27] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)
U5 htcnprot; C:\Windows\System32\Drivers\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (Sqa.com(Test) -> QUALCOMM Incorporated)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2024-12-13] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [173736 2023-11-25] (Microsoft Windows Hardware Compatibility Publisher -> Tonec Inc.)
R1 ISODrive; C:\Programy\Vypalování-kopírování\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
S3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [332184 2025-08-27] (Microsoft Windows -> Microsoft Corporation)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52832 2023-03-09] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-23] (Logitech Inc -> Logitech)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [79424 2024-08-28] (Nmap Software LLC -> Insecure.Com LLC.)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v4.2.1\Resources\ProtonVPN.CalloutDriver.sys [40360 2025-02-10] (Proton AG -> Proton AG)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2021-03-26] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2021-03-26] (MiniTool Solution Ltd -> )
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\Windows\System32\drivers\tapprotonvpn.sys [49024 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 UniFairy_x64; C:\Windows\system32\drivers\UniFairy_x64.sys [7445944 2024-09-14] (Tencent Technology(Shenzhen) Company Limited -> )
S3 unirsdt; C:\Windows\system32\drivers\unirsdt.sys [4974960 2024-09-14] (Tencent Technology(Shenzhen) Company Limited -> )
S1 VD_FileDisk; C:\Windows\SysWow64\Drivers\VD_FileDisk.sys [24680 2011-01-26] (Ghisler Software GmbH -> CaptainFlint Software)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [20888 2025-08-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [627120 2025-08-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [101792 2025-08-27] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\Windows\System32\drivers\wintun.sys [29592 2023-05-21] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2022-06-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 HWiNFO_204; \??\C:\Users\Fox\AppData\Local\Temp\HWiNFO_x64_204.sys [X] <==== ATTENTION
U4 npcap_wifi; no ImagePath
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-08-28 15:32 - 2025-08-28 15:34 - 000034905 ____C C:\Users\Fox\Desktop\FRST.txt
2025-08-28 15:31 - 2025-08-28 15:31 - 000032837 ____C C:\Users\Fox\Desktop\FRST1.rar
2025-08-28 13:53 - 2025-08-28 13:54 - 000000000 ___DC C:\AdwCleaner
2025-08-28 13:52 - 2025-08-28 13:52 - 009566696 ____C (Malwarebytes) C:\Users\Fox\Desktop\AdwCleaner.exe
2025-08-28 12:49 - 2025-08-28 12:50 - 012157347 ____C C:\Users\Fox\Desktop\hijackthis-devel.zip
2025-08-28 12:34 - 2025-08-28 13:25 - 000000000 ___DC C:\Users\Fox\Desktop\Backups
2025-08-28 12:34 - 2025-08-28 12:34 - 000000000 ___DC C:\Windows\ABR
2025-08-28 12:27 - 2025-08-28 12:27 - 002045714 ____C C:\Users\Fox\Desktop\HiJackThis.zip
2025-08-28 12:27 - 2020-08-08 13:41 - 006875040 ____C (Stanislav Polshyn & Trend Micro Inc.) C:\Users\Fox\Desktop\HiJackThis.exe
2025-08-28 11:04 - 2025-08-28 15:34 - 000000000 ___DC C:\FRST
2025-08-28 11:02 - 2025-08-28 11:02 - 002409472 ____C (Farbar) C:\Users\Fox\Desktop\FRST64.exe
2025-08-28 10:35 - 2025-08-28 10:35 - 002844576 ____C (Malwarebytes) C:\Users\Fox\Desktop\MBSetup.exe
2025-08-28 09:07 - 2025-08-27 17:03 - 000454708 ___RC C:\Windows\system32\Drivers\etc\hosts.20250828-090706.backup
2025-08-28 08:55 - 2025-08-28 08:55 - 000000000 ___DC C:\Windows\system32\Tasks\Mozilla
2025-08-28 08:48 - 2025-08-28 13:19 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2025-08-27 17:03 - 2025-08-27 12:32 - 000454708 ___RC C:\Windows\system32\Drivers\etc\hosts.20250827-170329.backup
2025-08-27 14:15 - 2025-08-27 14:15 - 000000260 ____C C:\Users\Fox\Desktop\vir.txt
2025-08-27 12:32 - 2025-03-19 12:21 - 000454708 ___RC C:\Windows\system32\Drivers\etc\hosts.20250827-123208.backup
2025-08-27 11:08 - 2025-08-27 11:08 - 000064703 ____C C:\Users\Fox\Desktop\[SkT]Vedatorka_Ada_Twistova___Ada_Twist,_Scientist_(CZ_EN)(S01-S03)(2021-2022)(1080p)(Web-DL).torrent
2025-08-27 10:30 - 2025-08-27 10:30 - 000001265 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\icecream screen recorder 7.lnk
2025-08-25 11:35 - 2025-08-25 11:35 - 000634962 ____C C:\Users\Fox\Desktop\instalace_sftp.pdf
2025-08-24 01:17 - 2025-08-24 01:17 - 000000240 ____C C:\Users\Fox\Desktop\baroni.txt
2025-08-23 23:16 - 2025-08-23 23:16 - 056752408 ____C C:\Users\Fox\Desktop\Velký vlastenecký výlet.mp4
2025-08-23 19:10 - 2025-08-23 19:10 - 000000000 ___DC C:\Windows\LastGood.Tmp
2025-08-21 17:05 - 2025-08-21 17:10 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\Wireshark
2025-08-21 17:05 - 2025-08-21 17:05 - 000001874 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2025-08-21 17:05 - 2025-08-21 17:05 - 000001862 ____C C:\Users\Public\Desktop\Wireshark.lnk
2025-08-21 17:04 - 2025-08-21 17:04 - 000003460 ____C C:\Windows\system32\Tasks\npcapwatchdog
2025-08-21 17:04 - 2025-08-21 17:04 - 000000000 ___DC C:\Windows\SysWOW64\Npcap
2025-08-21 17:04 - 2025-08-21 17:04 - 000000000 ___DC C:\Windows\system32\Npcap
2025-08-21 17:04 - 2025-08-21 17:04 - 000000000 ___DC C:\Program Files\Npcap
2025-08-21 17:03 - 2025-08-21 17:05 - 000000000 ___DC C:\Program Files\Wireshark
2025-08-21 13:45 - 2025-08-21 13:45 - 005388120 ____C C:\Users\Fox\Desktop\V zajetí démonů - CZ Dab (2013).avi
2025-08-20 18:06 - 2025-08-20 18:06 - 000000838 _RSHC C:\ProgramData\ntuser.pol
2025-08-20 09:52 - 2025-08-22 10:54 - 000000000 ___DC C:\Users\Fox\Desktop\ventoy-1.1.07
2025-08-20 09:40 - 2025-08-20 09:49 - 323461120 ____C C:\Users\Fox\Desktop\Nobara-42-Official-2025-05-13.iso
2025-08-20 09:38 - 2025-08-20 09:38 - 016702267 ____C C:\Users\Fox\Desktop\ventoy-1.1.07-windows.zip
2025-08-19 14:28 - 2025-08-19 14:31 - 000016713 ____C C:\Users\Fox\Desktop\Music CZ.txt
2025-08-19 14:19 - 2025-08-19 15:44 - 000048717 ____C C:\Users\Fox\Desktop\Music.txt
2025-08-19 13:08 - 2025-08-19 13:08 - 000055296 ____C C:\Users\Fox\Desktop\Papas Best STL Thumbnails.msi
2025-08-19 12:23 - 2025-08-19 12:25 - 000001520 ____C C:\Users\Fox\Desktop\# Downloads_Plocha.lnk
2025-08-13 00:49 - 2025-08-13 00:49 - 000023734 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-08-13 00:49 - 2025-08-13 00:49 - 000023734 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2025-08-12 15:27 - 2025-08-19 21:28 - 000000000 ___DC C:\Users\Fox\.cr3
2025-08-06 00:41 - 2025-08-06 00:41 - 000001816 ____C C:\Users\Fox\Desktop\led-zeppelin-discography_202401_archive.torrent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-08-28 15:31 - 2022-06-14 14:28 - 000000000 ___DC C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-08-28 15:30 - 2022-06-14 13:19 - 000000000 ___DC C:\Users\Fox\AppData\Local\ClassicShell
2025-08-28 15:26 - 2022-06-14 12:53 - 000000000 ___DC C:\Windows\SystemTemp
2025-08-28 14:59 - 2019-12-07 11:15 - 000000000 ___DC C:\Windows\system32\SleepStudy
2025-08-28 13:58 - 2019-12-07 11:14 - 000000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2025-08-28 13:39 - 2022-06-14 17:43 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\Telegram Desktop
2025-08-28 13:27 - 2022-06-14 12:30 - 001693712 ____C C:\Windows\system32\PerfStringBackup.INI
2025-08-28 13:27 - 2019-12-07 16:43 - 000718160 ____C C:\Windows\system32\perfh005.dat
2025-08-28 13:27 - 2019-12-07 16:43 - 000145302 ____C C:\Windows\system32\perfc005.dat
2025-08-28 13:27 - 2019-12-07 11:13 - 000000000 ___DC C:\Windows\INF
2025-08-28 13:19 - 2022-06-14 13:19 - 000000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2025-08-28 13:19 - 2022-06-14 13:16 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2025-08-28 13:19 - 2022-06-14 12:30 - 000000000 _SHDC C:\Users\Fox\IntelGraphicsProfiles
2025-08-28 13:19 - 2022-06-14 12:30 - 000000000 ___DC C:\ProgramData\NVIDIA
2025-08-28 13:19 - 2022-06-14 12:28 - 000000180 ____C C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2025-08-28 13:19 - 2019-12-07 11:15 - 000008192 ___SH C:\DumpStack.log.tmp
2025-08-28 13:19 - 2019-12-07 11:15 - 000000006 ___HC C:\Windows\Tasks\SA.DAT
2025-08-28 13:19 - 2019-12-07 11:03 - 000786432 _____ C:\Windows\system32\config\BBI
2025-08-28 12:34 - 2022-09-15 17:06 - 000000000 ___DC C:\Users\Fox\AppData\Local\CrashDumps
2025-08-28 12:25 - 2022-06-14 12:30 - 000000000 ___DC C:\Users\Fox\AppData\Local\VirtualStore
2025-08-28 11:38 - 2022-09-02 13:18 - 000000527 ____C C:\Users\Fox\.vivaldi_reporting_data
2025-08-28 10:55 - 2019-12-07 11:14 - 000000000 __HDC C:\Windows\ELAMBKUP
2025-08-28 10:51 - 2025-03-20 23:02 - 000000000 ___DC C:\ADB_AppControl
2025-08-28 10:51 - 2024-07-12 16:50 - 000000000 ___DC C:\ProgramData\Cortana
2025-08-28 08:55 - 2022-07-27 19:53 - 000001073 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-08-28 01:07 - 2022-06-14 17:03 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\vlc
2025-08-27 16:59 - 2019-12-07 11:15 - 000000000 ___DC C:\Windows\system32\Drivers\wd
2025-08-27 13:10 - 2024-11-02 12:33 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\Kodi
2025-08-27 12:18 - 2022-06-16 16:56 - 000000000 ___DC C:\Users\Fox\AppData\Local\Webshare
2025-08-27 10:30 - 2023-09-09 17:06 - 000000000 ___DC C:\Program Files (x86)\Icecream Screen Recorder 7
2025-08-27 08:51 - 2023-08-17 19:58 - 000001321 ____C C:\Users\Fox\Desktop\ESET Online Scanner.lnk
2025-08-27 08:51 - 2023-03-24 17:24 - 000001427 ____C C:\Users\Fox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-08-27 08:38 - 2019-12-07 11:14 - 000000000 ___DC C:\Windows\AppReadiness
2025-08-27 08:32 - 2022-06-14 12:30 - 000000000 ___DC C:\Users\Fox\AppData\Local\Packages
2025-08-27 08:32 - 2019-12-07 11:15 - 000002499 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-08-27 08:32 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-08-26 08:14 - 2022-06-14 12:30 - 000000000 __SDC C:\Users\Fox\AppData\Roaming\Microsoft\Credentials
2025-08-25 13:37 - 2019-12-07 11:14 - 000000000 ___DC C:\Windows\system32\NDF
2025-08-25 13:01 - 2023-07-22 11:06 - 000000000 ___DC C:\Users\Fox\Knihovna Calibre My
2025-08-25 13:01 - 2023-05-14 17:18 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\calibre
2025-08-23 20:26 - 2024-06-17 11:06 - 000000000 ___DC C:\Users\Fox\Downloads\Telegram Desktop
2025-08-23 19:10 - 2019-12-07 11:14 - 000000150 ____C C:\Windows\win.ini
2025-08-22 12:16 - 2022-06-14 17:39 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\XnView
2025-08-22 10:56 - 2024-11-26 17:16 - 000000000 ___DC C:\Windows\system32\log
2025-08-21 23:39 - 2022-06-16 14:51 - 000000000 ___DC C:\Users\Fox\AppData\Roaming\DMCache
2025-08-19 21:32 - 2025-01-03 17:55 - 000000000 ___DC C:\Users\Fox\Desktop\.tmp
2025-08-19 21:32 - 2025-01-03 17:55 - 000000000 ___DC C:\Users\Fox\Desktop\.thumb
2025-08-19 21:31 - 2025-05-18 17:52 - 000000000 ___DC C:\Users\Fox\Desktop\111111
2025-08-18 12:28 - 2025-03-16 21:38 - 000001878 ____C C:\Users\Fox\Desktop\Webshare klient.lnk
2025-08-15 12:03 - 2022-07-30 12:54 - 000000000 ___DC C:\Users\Fox\AppData\Local\ElevatedDiagnostics
2025-08-13 22:56 - 2024-03-06 18:32 - 000000000 ___DC C:\Program Files\LibreOffice
2025-08-13 10:02 - 2024-09-15 23:05 - 000003300 _____ C:\Windows\system32\Tasks\klcp_update
2025-08-13 10:02 - 2024-09-15 23:05 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2025-08-13 10:02 - 2024-09-15 23:04 - 000000000 ___DC C:\Program Files (x86)\K-Lite Codec Pack
2025-08-13 07:44 - 2022-06-14 12:41 - 000000000 ___DC C:\Windows\system32\MRT
2025-08-13 07:40 - 2022-06-14 12:41 - 223939376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-08-13 07:17 - 2019-12-07 11:15 - 000464392 ____C C:\Windows\system32\FNTCACHE.DAT
2025-08-13 01:33 - 2024-07-10 23:25 - 000000000 ___DC C:\Windows\system32\compatrel
2025-08-13 01:33 - 2019-12-07 16:47 - 000000000 ___DC C:\Program Files\Windows Defender Advanced Threat Protection
2025-08-13 01:33 - 2019-12-07 11:14 - 000000000 __RDC C:\Windows\ImmersiveControlPanel
2025-08-13 01:33 - 2019-12-07 11:14 - 000000000 ___DC C:\Windows\system32\oobe
2025-08-13 01:33 - 2019-12-07 11:14 - 000000000 ___DC C:\Windows\system32\migwiz
2025-08-13 01:33 - 2019-12-07 11:14 - 000000000 ___DC C:\Windows\system32\appraiser
2025-08-13 01:33 - 2019-12-07 11:14 - 000000000 ___DC C:\Windows\bcastdvr
2025-08-13 01:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2025-08-13 00:52 - 2019-12-07 11:03 - 000000000 ___DC C:\Windows\CbsTemp
2025-08-13 00:49 - 2022-06-14 12:26 - 003016192 ____C (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-08-12 16:00 - 2023-05-14 17:18 - 000000000 ___DC C:\Users\Fox\AppData\Local\calibre-cache
2025-08-12 15:44 - 2025-03-17 14:29 - 000001154 ____C C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2025-08-12 15:44 - 2025-03-17 14:29 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2025-08-12 15:44 - 2023-07-22 11:06 - 000000000 ___DC C:\Program Files\Calibre2
2025-08-12 15:27 - 2022-06-14 12:28 - 000000000 ___DC C:\Users\Fox
2025-08-02 13:26 - 2019-12-07 11:15 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-08-02 13:26 - 2019-12-07 11:15 - 000003514 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-07-31 21:03 - 2024-03-11 15:45 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton

==================== Files in the root of some directories ========

2024-05-27 14:51 - 2024-05-27 14:51 - 000000008 ___HC () C:\ProgramData\jit_41.dat
2024-05-27 14:52 - 2024-05-29 10:35 - 000000004 ___HC () C:\ProgramData\jrc_41.dat
2024-05-27 14:51 - 2024-05-27 14:51 - 000000128 ___HC () C:\ProgramData\jres-a.dat
2024-05-27 14:51 - 2024-05-27 14:51 - 000000128 ___HC () C:\ProgramData\jres-b.dat
2024-07-17 12:22 - 2024-07-17 12:22 - 000000068 ____C () C:\Users\Fox\AppData\Roaming\settings.conf
2024-10-22 21:52 - 2024-10-22 21:52 - 000000128 ____C () C:\Users\Fox\AppData\Local\PUTTY.RND
2024-04-28 17:14 - 2024-04-28 17:14 - 000001455 ____C () C:\Users\Fox\AppData\Local\recently-used.xbel
2022-06-19 17:30 - 2025-04-28 23:26 - 000007649 ____C () C:\Users\Fox\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2025
Ran by Fox (28-08-2025 15:35:32)
Running from C:\Users\Fox\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.6216 (X64) (2022-06-14 10:25:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1220654465-1674008627-1598820287-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1220654465-1674008627-1598820287-503 - Limited - Disabled)
Fox (S-1-5-21-1220654465-1674008627-1598820287-1001 - Administrator - Enabled) => C:\Users\Fox
Guest (S-1-5-21-1220654465-1674008627-1598820287-501 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1220654465-1674008627-1598820287-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov)
Active@ File Recovery 22 (HKLM\...\{177608F6-F029-4301-B176-15BA7C605B73}_is1) (Version: 22 - LSoft Technologies Inc)
ADB AppControl version 1.8.6 (HKLM-x32\...\{64A8B963-4FB2-49B5-B2B1-35A333497319}_is1) (Version: 1.8.6 - Cyber.Cat)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Any Video Converter Ultimate 7.1.6 (HKLM-x32\...\Any Video Converter_is1) (Version: 7.1.6 - lrepacks.net)
AnyMP4 Video Editor 1.0.32 (HKLM-x32\...\{D2650AAA-B8FF-43F5-A3E9-26141B69045E}_is1) (Version: 1.0.32 - AnyMP4 Studio)
Apple Mobile Device Support (HKLM\...\{C788AE25-3D4E-4D18-811B-3219F778487E}) (Version: 13.5.1.2 - Apple Inc.)
Ashampoo Burning Studio FREE (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.23.4 - Ashampoo GmbH & Co. KG)
Audacity 3.7.0 (HKLM\...\Audacity_is1) (Version: 3.7.0 - Audacity Team)
AutoHotkey 1.1.34.03 (HKLM\...\AutoHotkey) (Version: 1.1.34.03 - Lexikos)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Balíček ovladače systému Windows - Adafruit Industries LLC (usbser) Ports (02/25/2016 6.2.2600.0) (HKLM\...\1245A5961AC9D2C18ADF9EEC931D77E059B7F74E) (Version: 02/25/2016 6.2.2600.0 - Adafruit Industries LLC)
Balíček ovladače systému Windows - Arduino LLC (www.arduino.cc) Arduino USB Driver (11/24/2015 1.2.3.0) (HKLM\...\8B585560B248755A6C5A24D5C0F50FA998310883) (Version: 11/24/2015 1.2.3.0 - Arduino LLC (www.arduino.cc))
Balíček ovladače systému Windows - Arduino LLC (www.arduino.cc) Genuino USB Driver (01/07/2016 1.0.3.0) (HKLM\...\EC414D98E2986DCA1628FAED2163CD1C9A4ED7EC) (Version: 01/07/2016 1.0.3.0 - Arduino LLC (www.arduino.cc))
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Balíček ovladače systému Windows - libusb-win32 (libusb0) libusb-win32 devices (04/21/2015 1.0.0.0) (HKLM\...\28E91B69CA377EB48D6E1B92C37F897036E8A818) (Version: 04/21/2015 1.0.0.0 - libusb-win32)
Balíček ovladače systému Windows - Prusa Research s.r.o. Original Prusa CW1 (02/13/2013 1.0.0.0) (HKLM\...\B10CCB939D59F72AA817B257D84328FC4A1DC752) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Balíček ovladače systému Windows - Prusa Research s.r.o. Original Prusa i3 MK2 (02/13/2013 1.0.0.0) (HKLM\...\E6CFEF5357DD0E2F987E98779FD6603959DA391B) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Balíček ovladače systému Windows - Prusa Research s.r.o. Original Prusa i3 MK3 Multi Material 2.0 upgrade (02/13/2013 1.0.0.0) (HKLM\...\FA562E43945E7D9CAC76A811E49088FF2255A11A) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Balíček ovladače systému Windows - Prusa Research s.r.o. Prusa i3 Plus MK3 3D printer (02/13/2013 1.0.0.0) (HKLM\...\890B56493F7CACBCA0E70EA8EBFD9A18BC780C34) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Balíček ovladače systému Windows - UltiMachine 3D Printer (RAMBo) (02/13/2013 1.0.0.0) (HKLM\...\D77EC126405DC217C7BF7DA6669B51E297D5CF23) (Version: 02/13/2013 1.0.0.0 - UltiMachine)
calibre 64bit (HKLM\...\{40304D89-3875-4F64-8826-5AFCFBF15A9E}) (Version: 8.8.0 - Kovid Goyal)
CesarFTP 0.99g (HKLM-x32\...\CesarFTP 0.99g_is1) (Version: - Alexandre Cesari)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
com.geonode.repocket_package (HKU\.DEFAULT\...\com.geonode.repocket_package) (Version: 1.5.3 - com.geonode.repocket_package)
Creality Slicer 4.8.2 (HKLM-x32\...\Creality Slicer 4.8.2) (Version: 4.8.2 - Creality Company)
CyberGhost TUN (HKLM\...\{677232D6-72D6-4821-8CB5-47969B15D4DF}) (Version: 1.0 - CyberGhost S.R.L.) Hidden
DownloadHelper CoApp (HKLM-x32\...\DownloadHelper CoApp) (Version: 2.0.19.0 - ACLAP)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS Data Recovery Wizard)
EaseUS Partition Master 12.10 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS)
ELAN Touchpad 15.13.9.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.9.1 - ELAN Microelectronic Corp.)
Eye Cloud 1.3.3.28 (HKLM-x32\...\{DE24BB52-3A46-4ED1-8E57-41E724F6BC74}_is1) (Version: - *)
FORM studio 2009 (HKLM-x32\...\FS6_is1) (Version: - KASTNER software s.r.o.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 11.2.2.53575 - Foxit Software Inc.)
FreeCAD 0.19.4 (HKLM\...\FreeCAD0194) (Version: 0.19.4 - FreeCAD Team)
Freemake Video Converter 4.1.13.153 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.13.153 - LR)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 135.0.7049.96 - Google LLC)
HD Video Converter Factory Pro 26.2 (HKLM-x32\...\HD Video Converter Factory Pro) (Version: 26.2 - WonderFox Soft, Inc.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{276C40A7-8110-4976-80D2-39C669B84D32}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
Icecream Screen Recorder verze 7.21 (HKLM-x32\...\{CE9603D0-2A7F-4B94-BF4D-BC4B1389888F}_is1) (Version: 7.21 - Icecream Apps)
Inkscape (HKLM\...\{2AB0D298-5B41-4C70-BB32-46F153F7A1BF}) (Version: 1.3.2 - Inkscape)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.42.23 - Tonec Inc.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 461 (HKLM-x32\...\{71124AE4-039E-4CA4-87B4-2F32180461F0}) (Version: 8.0.4610.11 - Oracle Corporation)
K-Lite Codec Pack 19.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 19.1.5 - KLCP)
Kodi (HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\Kodi) (Version: 21.1.0.0 - XBMC Foundation)
LibreOffice 24.8.3.2 (HKLM\...\{D69038CE-B543-4B8A-931D-6D2078D94AE9}) (Version: 24.8.3.2 - The Document Foundation)
MainConcept MJPEG Codec Demo (HKLM-x32\...\InstallShield_{805A7890-3138-44E4-8DAA-480C55516989}) (Version: 3.02.0004.0000 - MainConcept AG)
MainConcept MJPG software codec (Remove Only) (HKLM-x32\...\MCMJPG) (Version: - )
Meshmixer (HKLM\...\Meshmixer_x64) (Version: 10.9.246 - Autodesk, Inc.)
Microsoft .NET Host - 6.0.13 (x64) (HKLM\...\{9511601E-12FF-4972-BF9C-2992F2CA5A32}) (Version: 48.55.52137 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.13 (x64) (HKLM\...\{8CDACE3C-0064-4A17-A02C-49F831D5F73A}) (Version: 48.55.52137 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.13 (x64) (HKLM\...\{5F0DB006-2AE3-4D36-8077-65247FD687D4}) (Version: 48.55.52137 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.13 - Shared Framework (x64) (HKLM-x32\...\{373915e3-2fa6-41a5-80e3-49fe1115263d}) (Version: 6.0.13.22580 - Microsoft Corporation)
Microsoft ASP.NET Core 6.0.13 Shared Framework (x64) (HKLM\...\{A6500837-F3BE-357E-9A21-6A78D098659F}) (Version: 6.0.13.22580 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 139.0.3405.119 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 139.0.3405.119 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34438 (HKLM-x32\...\{b49c10dd-4d54-45f8-ad13-fa25704456a4}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34438 (HKLM\...\{E528AD94-12D7-42C4-91A3-908BE28E9BD2}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34438 (HKLM\...\{2E15F519-4FDA-4834-B4EE-7EFCE7D8D4EE}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.13 (x64) (HKLM\...\{8484730A-68A4-4C63-93B4-52628D3B488D}) (Version: 48.55.53270 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.13 (x64) (HKLM-x32\...\{96cf40b0-81d6-43ed-ad0e-611e67899196}) (Version: 6.0.13.32001 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 142.0.1 (x64 cs)) (Version: 142.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 103.0 - Mozilla)
Mozilla Thunderbird (x64 cs) (HKLM\...\Mozilla Thunderbird 128.11.0 (x64 cs)) (Version: 128.11.0 - Mozilla)
Node.js (HKLM\...\{FF820EDB-79A3-49B1-AFA0-7E2CD4090AA1}) (Version: 18.20.4 - Node.js Foundation) Hidden
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.80 - Nmap Project)
NVIDIA Ovladače grafiky 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
OpenSCAD (remove only) (HKLM\...\OpenSCAD) (Version: 2021.01 - The OpenSCAD Developers)
OrcaSlicer (HKLM-x32\...\OrcaSlicer) (Version: 2.0.0 - SoftFever)
Papa’s Best STL Thumbnails (HKLM\...\{FA081A17-A255-493A-BA50-386E7F25C11A}) (Version: 23.12.9 - Papa’s Best)
PNotes 9.3.0 (HKLM-x32\...\{949D34E5-F53F-4830-9A50-1E2C39109043}_is1) (Version: 9.3.0 - Andrey Gruber)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{11C4575B-4B32-44D2-A097-D59A00BA60DE}) (Version: 8.5 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{D39B163A-9E12-442C-95E9-33FA5746AB21}) (Version: 8.5 - Apple Inc.)
Proton VPN (HKLM\...\Proton VPN_is1) (Version: 4.2.1 - Proton AG)
PrusaSlicer (HKLM\...\PrusaSlicer_is1) (Version: 2.9.2 - Prusa Research s.r.o.)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.4 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.102 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 5.3.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.3.2 - VS Revo Group, Ltd.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Speedtest by Ookla (HKLM\...\{49DC746F-BFC1-41CC-B5B1-AE3721829A3A}) (Version: 1.13.194.001 - Ookla)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.82.0 - Safer-Networking Ltd.)
SysCute WinBootMate (HKLM-x32\...\SysCute WinBootMate_is1) (Version: 4.2.6 - SysCute WinBootMate)
TagScanner (64bit) (HKLM\...\TagScanner_is1) (Version: 6.1.17 - Sergey Serkov)
TagScanner 6.1.15 (32bit) (HKLM-x32\...\TagScanner 6.1.15 (32bit)_is1) (Version: 6.1.15 - Sergey Serkov)
Telegram Desktop (HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 6.0.2 - Telegram FZ-LLC)
Total Commander Ultima Prime 8.9 (HKLM-x32\...\TC UP) (Version: 8.9.2024.1 - TC UP Team)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UltiMaker Cura (HKLM\...\{E2B07A1D-D4DA-440F-8E0C-EB6B14924F0D}) (Version: 5.10.1 - UltiMaker)
UltraISO Premium V9.71 (HKLM-x32\...\UltraISO_is1) (Version: - )
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)
VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VidJuice UniTube version 6.9.9 (HKLM\...\VidJuice UniTube_is1) (Version: 6.9.9 - Mobee Technology Co., Limited)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
VSDC Free Video Converter version 2.4.7.339 (HKLM-x32\...\VSDC Free Video Converter_is1) (Version: 2.4.7.339 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Webshare klient (HKLM-x32\...\Webshare klient) (Version: - )
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
WinRAR 6.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)
Wireshark 4.4.8 x64 (HKLM-x32\...\Wireshark) (Version: 4.4.8 - The Wireshark developer community, hxxps://www.wireshark.org)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2025-04-20] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2025-05-31] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_160.1.1192.0_x64__v10z8vjag6ke6 [2025-07-12] (HP Inc.)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.18.194.0_x64__43tkc6nmykmb6 [2025-07-28] (Ookla)
Virtual Piano -> C:\Program Files\WindowsApps\53716.VirtualPiano_4.0.0.4_x64__s67n2zjdheej8 [2025-04-20] (Παναγιώτης Παπαδημητρίου)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2532.3.0_x64__cv1g1gvanyjgm [2025-08-15] (WhatsApp Inc.) [Startup Task]
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.8.3.0_x64__gs5k5vmxr2ste [2025-08-26] (Matt Hafner)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{27fecc36-4773-45b4-946f-d9b8d2985ec0}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{2E2F83C0-00D8-4504-B84A-31D6A29BFD80}\InprocServer32 -> C:\Users\Fox\AppData\Local\Programs\Papa’s Best\STL Thumbnails\Best STL Thumbnails x64.dll (Papa’s Best) [File not signed]
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{50726f74-6f6e-2e56-504e-000000000000}\localserver32 -> C:\Program Files\Proton\VPN\v4.2.1\ProtonVPN.Client.exe (Proton AG -> ProtonVPN)
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{9325E30F-982B-4322-AFD3-F5586D8AB128}\localserver32 -> C:\Programy\TC UP\MEDIA\Programs\Vivaldi\Application\7.5.3735.64\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{b4175fb1-dff3-c216-a4be-a80de0dc90cf}\localserver32 -> "C:\Users\Fox\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{F2485C34-331C-4B39-A9BB-09C23D24C1E7}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-02] (Tonec Inc. -> Tonec FZE)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Programy\TC UP\MEDIA\Programs\AIMP\System\aimp_menu64.dll [2022-03-27] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1-x32: [TCUPShellExt] -> {544F5441-4C43-4D44-5550-5348454C4C00} => C:\Programy\TC UP\LIB\TCUPShellExt.dll [2023-11-26] (TC UP Team) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Programy\Vypalování-kopírování\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Programy\TC UP\MEDIA\Programs\AIMP\System\aimp_menu64.dll [2022-03-27] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers4-x32: [DiskInternals_cd_recovery] -> {6DD33479-D4D0-4666-93C8-F6DC46668518} => C:\PROGRA~2\DISKIN~1\CDANDD~1\contmenu.dll -> No File
ContextMenuHandlers4-x32: [TCUPShellExt] -> {544F5441-4C43-4D44-5550-5348454C4C00} => C:\Programy\TC UP\LIB\TCUPShellExt.dll [2023-11-26] (TC UP Team) [File not signed]
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Programy\Vypalování-kopírování\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Programy\Vypalování-kopírování\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\SysWOW64\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.mjpg] => C:\Windows\SysWOW64\mcmjpg32.dll [122880 2003-10-28] (MainConcept) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2024-09-18 16:16 - 2024-09-06 14:05 - 000946688 _____ () [File not signed] C:\ProgramData\Microsoft\Windows\Tools\{181e11ad-596a-4b9c-b600-03d18e7129e4}\nnsvc.dll
2024-09-18 16:16 - 2024-09-12 12:40 - 006908928 _____ () [File not signed] C:\ProgramData\Microsoft\Windows\Tools\{2c8cdec6-997a-44ff-9271-c0877b2f688a}\sx.dll
2024-09-18 16:16 - 2024-08-26 14:44 - 004352000 _____ () [File not signed] C:\ProgramData\Microsoft\Windows\Tools\{b2cbd99e-3b5c-4c90-ae82-365bb56722cc}\desvc.dll
2024-09-18 16:16 - 2024-08-14 13:42 - 001041408 _____ () [File not signed] C:\ProgramData\Microsoft\Windows\Tools\{b77d01b7-e05f-445d-8363-897f3fe182d0}\earn_sdk_32.dll
2024-10-03 18:16 - 2024-11-22 17:34 - 000349696 _____ () [File not signed] C:\ProgramData\Microsoft\Windows\Tools\OfficeAI\sdk.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2024-05-27 14:17 - 2011-05-04 15:53 - 000373248 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] C:\PNotes\libhunspell.dll
2017-08-13 08:49 - 2017-08-13 08:49 - 003664184 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2017-08-13 08:49 - 2017-08-13 08:49 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll
2022-12-29 23:16 - 2021-06-19 02:55 - 001079909 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2022-12-29 23:16 - 2018-11-22 17:48 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
2022-12-29 23:16 - 2018-11-22 17:48 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Software\Classes\.cmd: => <==== ATTENTION

==================== Internet Explorer (Whitelisted) =============

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_461\bin\ssv.dll [2025-06-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_461\bin\jp2ssv.dll [2025-06-27] (Oracle America, Inc. -> Oracle Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2025-08-28 12:34 - 000000828 ____C C:\Windows\system32\drivers\etc\hosts

2022-10-08 10:51 - 2022-10-08 21:27 - 000000517 ____C C:\Windows\system32\drivers\etc\hosts.ics

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.0.1
Windows Firewall is enabled.

Network Binding:
=============
FreedomeVPNConnection: Freedome Wintun Userspace Tunnel -> fsfreedomewintun.sys
Wi-Fi: Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC -> rtwlane_13.sys
Ethernet: Killer E2200 Gigabit Ethernet Controller -> e2xw10x64.sys

INSECURE_NPCAP: Npcap Packet Driver (NPCAP)

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\java8path;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Smart Projects\IsoBuster;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\Fox\AppData\Local\Microsoft\WindowsApps;C:\adb;C:\Program Files\dotnet\;C:\Program Files\nodejs\;C:\Program Files\Calibre2\
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Fox\Pictures\Wallpaper\Leopard_wallpap.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ ‍   .scr
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Windows\Cortana
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\[FTUApps.com] - F-Secure Freedome VPN v2.71.176.0 Multilingual RePack\F-Secure Freedome VPN 2.71.176.0 RePack by KpoJIuK\F-Secure.Freedome.VPN.v2.71.176.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\Any Video Converter Ultimate 7.1.6 Repack.rar
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\Freemake Video Converter Gold 4.1.13.153 Repack.rar
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\EaseUS Data Recovery Wizard Technician v16.0.0.0 Build 20230328 + Fix.zip
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\EaseUS_Data_Recovery_Wizard_Technician_15.2.0_Multilingual\EaseUS Data Recovery Wizard Technician 15.2.0 Multilingual\Crack\2. Patch x64.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\EaseUS_Data_Recovery_Wizard_Technician_15.2.0_Multilingual\EaseUS Data Recovery Wizard Technician 15.2.0 Multilingual\Crack\2. Patch x86.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\EaseUS_Data_Recovery_Wizard_Technician_15.2.0_Multilingual\EaseUS Data Recovery Wizard Technician 15.2.0 Multilingual\Crack\3. Activator.exe.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\ipacket\Vypálit\Auto\ScanMaster v2.1.771\ScanMaster v2.1.771.rar
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\ipacket\Vypálit\Video\AVIJOINER+CRK+CZ\digitbytestudioavijoinerv1.0keygeneclipse.zip
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\ipacket\Vypálit\Video\BB FlashBack\keygen.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\ipacket\Vypálit\Video\WinAviVideoConverter+VobSub\WinAVIVideoConverterCRK.rar
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\ipacket\Vypálit\Vypalování+Kopírování\CloneDVD 2.8.5.1\Patch.zip
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\Tag&Rename v3.9.15.7z
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\ipacket\Vypálit\Vypalování+Kopírování\CloneDVD 2.8.5.1\Keygen.zip
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\Ashampoo Burning Studio 24.0 Multilingual.rar
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\Downloads\Bitcomet\Autodesk EAGLE Premium 9.6.2.Full\Autodesk_EAGLE_9.6.2_English_Win_64bit.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\$RECYCLE.BIN\S-1-5-21-1220654465-1674008627-1598820287-1001\$RMZRY3P.zip
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths|\\?\D:\111 BORDEL\! ČUM\Bypass Windows Password_Ver_2019_04_01d.7z


==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Freemake Improver => 2
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_52F3496649232767C0EC3A6D2BD25D22"
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\StartupApproved\Run: => "Agent Tray"
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_09734546AAC0F6B0AFC7F868BD21179D"
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\StartupApproved\Run: => "YandexBrowserAutoLaunch_4D6BAD7FC36E9DC2DA85D6DCCA57BCF5"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{85D2244A-C85C-4855-A2D0-B70820043E49}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\MirandaNG\Miranda32.exe (Miranda NG team) [File not signed]
FirewallRules: [{D71E3596-D260-4A5B-B7D8-00779B00DA71}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\MirandaNG\Miranda32.exe (Miranda NG team) [File not signed]
FirewallRules: [{A2A48DFA-C0E7-4CAD-8F13-1A5859DA08DB}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{10FE99F8-8A6C-4906-A808-C5EF279F3C3D}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5917B2FC-F6AF-47A5-B592-EC88C2A38B1A}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{7C235E8B-1DF0-4E1D-9308-A40D6FECFCB3}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{1BE9E6D3-AA95-4011-A452-BF2CE357C382}] => (Allow) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe => No File
FirewallRules: [{F373A20E-E92E-4E75-A73F-838CBE1AB42D}] => (Allow) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe => No File
FirewallRules: [{84B80410-CABE-4E5B-939C-BEF7A3EBD5E6}] => (Allow) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe => No File
FirewallRules: [{FB8B4D0B-7D9E-4FB1-B8DE-2C38DA23D31D}] => (Allow) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe => No File
FirewallRules: [TCP Query User{4FBD6F91-00B4-44C3-AF46-C2401D6AC6B6}C:\programy\tc up\totalcmd.exe] => (Allow) C:\programy\tc up\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{C2FE6302-E845-4381-9A88-954435507CF8}C:\programy\tc up\totalcmd.exe] => (Allow) C:\programy\tc up\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{0C0D7342-74B4-4039-A777-18014B7AAA6E}] => (Allow) C:\Programy\Video-Tv\simpleTV (x64 vlc3016)\tv.exe (VSG) [File not signed]
FirewallRules: [{DBB06905-3684-430B-882D-5477BC00FAB6}] => (Allow) C:\Programy\Video-Tv\simpleTV (x64 vlc3016)\tv.exe (VSG) [File not signed]
FirewallRules: [{8372E379-E551-4B6C-B9FE-AC9EA8A73DA4}] => (Allow) C:\Programy\Video-Tv\simpleTV (x64 vlc3016)\tv.exe (VSG) [File not signed]
FirewallRules: [{F1E30A47-98C7-4544-98DB-A941486E8810}] => (Allow) C:\Programy\Video-Tv\simpleTV (x64 vlc3016)\tv.exe (VSG) [File not signed]
FirewallRules: [{EFC76650-5D14-48AF-BB01-5DCBB518B1AF}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{654AFA0C-0612-4EF9-B382-8710FF68E199}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5D7867C6-2669-4497-AB02-BF1AEBE19B30}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E42429EA-0CD1-4F05-860B-AC0BE6035F62}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{DF825983-3225-4A9C-A903-85F31C361D7B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{8043DDEE-1C36-4D0F-9372-70AB4B2A4FBE}D:\games\bobb\binaries\win64\bobb-win64-shipping.exe] => (Allow) D:\games\bobb\binaries\win64\bobb-win64-shipping.exe => No File
FirewallRules: [UDP Query User{368042EB-E179-4397-BB8B-A5200815F804}D:\games\bobb\binaries\win64\bobb-win64-shipping.exe] => (Allow) D:\games\bobb\binaries\win64\bobb-win64-shipping.exe => No File
FirewallRules: [{FA684627-4579-44F1-A4BB-A6D5AAE94B0F}] => (Allow) D:\Games\BOBB.exe => No File
FirewallRules: [{357B5088-EFC4-4E79-9C40-615BB51B8EBE}] => (Allow) D:\Games\BOBB.exe => No File
FirewallRules: [{1F955F67-6AB5-49E8-ACD1-2990F7995F1B}] => (Allow) D:\Games\BOBB.exe => No File
FirewallRules: [{AB9838DE-F129-4929-8708-36645582CC38}] => (Allow) D:\Games\BOBB.exe => No File
FirewallRules: [TCP Query User{FC365856-4156-4812-A116-1B0903C974CA}D:\downloads\bitcomet\black.one.blood.brothers.university.early.access\black one blood brothers\bobb\binaries\win64\bobb-win64-shipping.exe] => (Allow) D:\downloads\bitcomet\black.one.blood.brothers.university.early.access\black one blood brothers\bobb\binaries\win64\bobb-win64-shipping.exe => No File
FirewallRules: [UDP Query User{B1691DA0-9820-4C22-B0F1-843B5CAB4A62}D:\downloads\bitcomet\black.one.blood.brothers.university.early.access\black one blood brothers\bobb\binaries\win64\bobb-win64-shipping.exe] => (Allow) D:\downloads\bitcomet\black.one.blood.brothers.university.early.access\black one blood brothers\bobb\binaries\win64\bobb-win64-shipping.exe => No File
FirewallRules: [TCP Query User{8AEC5D1F-A7AE-4EB4-8C63-6840D9B7451E}C:\program files (x86)\eye cloud\superipcam.exe] => (Allow) C:\program files (x86)\eye cloud\superipcam.exe () [File not signed]
FirewallRules: [UDP Query User{AD2E1B54-47DA-469E-A5AC-C49A73F1CE51}C:\program files (x86)\eye cloud\superipcam.exe] => (Allow) C:\program files (x86)\eye cloud\superipcam.exe () [File not signed]
FirewallRules: [TCP Query User{B85749E0-3F5B-4DD1-A925-0A45322C7D57}C:\programy\tc up\media\tools\hfs\hfs.exe] => (Allow) C:\programy\tc up\media\tools\hfs\hfs.exe (rejetto) [File not signed]
FirewallRules: [UDP Query User{443D3914-1CAF-4A71-B221-67018B0276F0}C:\programy\tc up\media\tools\hfs\hfs.exe] => (Allow) C:\programy\tc up\media\tools\hfs\hfs.exe (rejetto) [File not signed]
FirewallRules: [TCP Query User{6BC9D510-2CAC-4E67-ABDA-E382AD2DE965}C:\programy\tc up\media\programs\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\programy\tc up\media\programs\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{688D87BB-0AF5-4CD9-95AC-68A8DC76B8CE}C:\programy\tc up\media\programs\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\programy\tc up\media\programs\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{CFB0073B-E086-494F-BB4D-2F2D2835358A}C:\users\fox\appdata\local\temp\_tc\setup.exe] => (Allow) C:\users\fox\appdata\local\temp\_tc\setup.exe => No File
FirewallRules: [UDP Query User{872E9076-EC5A-46D5-95FA-5A5915ADE7AE}C:\users\fox\appdata\local\temp\_tc\setup.exe] => (Allow) C:\users\fox\appdata\local\temp\_tc\setup.exe => No File
FirewallRules: [{9A2ABD6E-0C9F-469B-8376-AB6E895B662B}] => (Allow) LPort=8090
FirewallRules: [{31E6622F-CF28-4EDC-B77F-809E6440E053}] => (Allow) C:\Program Files\Agent\Agent.exe => No File
FirewallRules: [TCP Query User{92343596-856B-48D8-AAC2-2FF0E22028DB}C:\program files\agent\agenttray.exe] => (Allow) C:\program files\agent\agenttray.exe => No File
FirewallRules: [UDP Query User{23335467-A1F4-4ADE-B4F7-17BF1ACE0BB4}C:\program files\agent\agenttray.exe] => (Allow) C:\program files\agent\agenttray.exe => No File
FirewallRules: [{B7B18275-0D77-4794-98FF-79612D1971C6}] => (Allow) C:\Program Files\Agent\Agent.exe => No File
FirewallRules: [{01F6B7BD-3C89-4183-A49B-4AA1917DCB4F}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\VideoConverter.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [{03EB61DC-01D6-475C-988A-678258F24DE7}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\VideoConverter.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [{6D7478FE-4FC3-4CB2-86F9-64ADB2ECCB17}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\Updater.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [{7CA69612-6762-4E15-A8C6-040FDB6C359F}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoConverter\Updater.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [TCP Query User{A79C06FE-267F-414A-874B-F169051A9CA6}C:\programy\3d\creality slicer\crealityslicer.exe] => (Allow) C:\programy\3d\creality slicer\crealityslicer.exe () [File not signed]
FirewallRules: [UDP Query User{7569DBFD-CAF0-4EA6-B6CB-58357C35B2AD}C:\programy\3d\creality slicer\crealityslicer.exe] => (Allow) C:\programy\3d\creality slicer\crealityslicer.exe () [File not signed]
FirewallRules: [TCP Query User{047B58BE-C112-4BCD-879D-1E770839F316}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D900DDBB-B0A0-4E3D-9EFA-6A9DFBA02C01}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{8E674C59-0530-47F7-ACD8-E7205DCA7980}C:\programy\tc up\totalcmd64.exe] => (Allow) C:\programy\tc up\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{35450AD6-F55B-46C0-9288-24BC35876D47}C:\programy\tc up\totalcmd64.exe] => (Allow) C:\programy\tc up\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{7F8F5B19-13C3-4B81-9363-198707928664}C:\users\fox\desktop\active\netfabb.exe] => (Allow) C:\users\fox\desktop\active\netfabb.exe => No File
FirewallRules: [UDP Query User{0EF7CA1C-C0C1-44D3-A07D-958BB07B97AE}C:\users\fox\desktop\active\netfabb.exe] => (Allow) C:\users\fox\desktop\active\netfabb.exe => No File
FirewallRules: [{094DAC17-B4EE-40AA-92C0-6A465F01F4AF}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{8F77E11A-6F4B-4AA5-83D4-44A334704C90}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{1BFB21ED-7EC2-40F3-B435-3A42B9D62D4C}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [File not signed]
FirewallRules: [UDP Query User{925548BA-6F69-416A-9456-F95D6312A5E0}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [File not signed]
FirewallRules: [TCP Query User{C12E708B-F01A-4370-9FFA-B49A3B98F8DB}E:\start.exe] => (Allow) E:\start.exe => No File
FirewallRules: [UDP Query User{500E6930-D264-42E7-B464-4CD37CCE5E1A}E:\start.exe] => (Allow) E:\start.exe => No File
FirewallRules: [{174DF89B-227B-4009-B506-EF3CB2B349BA}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{7E83C82F-7860-4231-B942-4C65DC0EC392}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{8CF434AA-DB10-421A-9252-CEC51D814B04}C:\program files (x86)\cesarftp\server.exe] => (Allow) C:\program files (x86)\cesarftp\server.exe () [File not signed]
FirewallRules: [UDP Query User{C3091409-0F6E-4012-A267-AA0FC08DF4E4}C:\program files (x86)\cesarftp\server.exe] => (Allow) C:\program files (x86)\cesarftp\server.exe () [File not signed]
FirewallRules: [{EB1802F7-1036-4579-8B0C-78D244B9C4B1}] => (Allow) C:\Users\Fox\AppData\Local\Temp\_tc\KonBootInstaller.exe => No File
FirewallRules: [TCP Query User{BC84691B-C6C5-48A9-8F18-0161A4015BA5}C:\program files\vidjuice\vidjuice unitube\vidjuice unitube.exe] => (Allow) C:\program files\vidjuice\vidjuice unitube\vidjuice unitube.exe (Mobee Technology Co., Limited -> Mobee Technology Co., Limited)
FirewallRules: [UDP Query User{97B4DE73-A9BD-403E-9FD2-5E6B71A64EB8}C:\program files\vidjuice\vidjuice unitube\vidjuice unitube.exe] => (Allow) C:\program files\vidjuice\vidjuice unitube\vidjuice unitube.exe (Mobee Technology Co., Limited -> Mobee Technology Co., Limited)
FirewallRules: [{CB34375A-6D06-4656-84B8-0D6A56F36BA9}] => (Allow) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [TCP Query User{B58B80FF-7EB6-44CD-9F6A-ED0D708B2029}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8FA8DC1D-CA2D-44C8-AAAB-287048D6181D}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [{043681AF-06DF-4083-ACF0-DCE59F99F074}] => (Allow) C:\Users\Fox\Desktop\EaseUS.Fixo.Technician.2.0.8_20240902.Portable.KaranPC\App\EaseUS Fixo\Fixo.exe => No File
FirewallRules: [{930F435F-BE96-4579-8DF3-1306294060D8}] => (Allow) C:\Programy\Video-Tv\EaseUS.Fixo.Technician.2.0.8_20240902.Portable.KaranPC\App\EaseUS Fixo\Fixo.exe (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{9af505ec-2aa1-4542-bed3-1b6d690d3910}] => (Allow) C:\ProgramData\Microsoft\Windows\Tools\AI\bgm.exe => No File
FirewallRules: [TCP Query User{DE4E3616-BF42-4F17-83D8-131621D9C1B6}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{4A504044-51DE-47A3-91B0-AB16CF1813F4}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [{06E2B2D2-2055-49B5-BA79-E21982D2B464}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\MirandaNG\Miranda32.exe (Miranda NG team) [File not signed]
FirewallRules: [{941EB4AD-239D-4421-87D9-645867D9BBE8}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\MirandaNG\Miranda32.exe (Miranda NG team) [File not signed]
FirewallRules: [{735967B9-0C04-4F2D-8C36-DA508CD6D4FE}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{17A0F0C3-CC94-4852-9A40-37D48036D75A}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{30FEEF94-69E7-4B93-8FCD-449D12B91F0D}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A49FA409-622E-4BEB-9487-C7E6EB3FCF12}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{273D766E-3B82-43E8-9C22-3A76F40A8711}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{7161B14C-E44C-4E0A-BE57-3CC44550CE25}] => (Allow) C:\Programy\TC UP\MEDIA\Programs\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{A5AF7177-572C-4D2A-A26A-66F13E4D90D4}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{0C91F4B4-F1A7-49D6-96B6-E3344356EF05}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{5CCD8D1E-312D-443C-814A-9EA864D03D85}D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [UDP Query User{27B746EF-EAF9-43B5-9E1D-E398B1968EC3}D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [{B1847561-2796-4A95-9D68-3BC8F64E7BE7}] => (Allow) C:\Programy\Video-Tv\EaseUS.Fixo.Technician.2.0.8_20240902.Portable.KaranPC\App\EaseUS Fixo\Fixo.exe (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [TCP Query User{D57B75DF-B6AC-4DF6-AFB9-A7E981F23D28}C:\program files (x86)\java\jre1.8.0_441\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_441\bin\javaw.exe => No File
FirewallRules: [UDP Query User{E0FF83B8-BAD4-4899-81D7-5FEF928AF6B6}C:\program files (x86)\java\jre1.8.0_441\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_441\bin\javaw.exe => No File
FirewallRules: [TCP Query User{5E7FCC69-8450-4A1E-9A5E-9B5683D3A44D}C:\programy\3d\ultimaker cura\ultimaker cura 5.9.1\ultimaker-cura.exe] => (Allow) C:\programy\3d\ultimaker cura\ultimaker cura 5.9.1\ultimaker-cura.exe => No File
FirewallRules: [UDP Query User{0A4AD823-EDB3-4A83-A9A0-BF26C344795F}C:\programy\3d\ultimaker cura\ultimaker cura 5.9.1\ultimaker-cura.exe] => (Allow) C:\programy\3d\ultimaker cura\ultimaker cura 5.9.1\ultimaker-cura.exe => No File
FirewallRules: [TCP Query User{2C7FE82C-C699-4C2A-9042-E4624F2E2EAB}C:\adbappcontrol-1.8.6\adb\adb.exe] => (Allow) C:\adbappcontrol-1.8.6\adb\adb.exe (Google LLC -> )
FirewallRules: [UDP Query User{10E44A52-2737-4A3D-A256-3883C7439B20}C:\adbappcontrol-1.8.6\adb\adb.exe] => (Allow) C:\adbappcontrol-1.8.6\adb\adb.exe (Google LLC -> )
FirewallRules: [TCP Query User{58B24015-C8F0-497E-BB59-D53413A32CD5}C:\adb_appcontrol\adb\adb.exe] => (Allow) C:\adb_appcontrol\adb\adb.exe (Google LLC -> )
FirewallRules: [UDP Query User{6A1ADF69-0233-4547-9905-A7067F00E9C3}C:\adb_appcontrol\adb\adb.exe] => (Allow) C:\adb_appcontrol\adb\adb.exe (Google LLC -> )
FirewallRules: [{BEAE675C-EF77-4E2D-8C9E-AEE2FC58A7B1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{51E5A682-A9FA-4A3C-AAB8-95BD7A04B204}C:\programy\3d\ultimaker cura\ultimaker cura 5.10.0\ultimaker-cura.exe] => (Allow) C:\programy\3d\ultimaker cura\ultimaker cura 5.10.0\ultimaker-cura.exe => No File
FirewallRules: [UDP Query User{7247441C-F1C0-4A9E-B94E-9A46E308578F}C:\programy\3d\ultimaker cura\ultimaker cura 5.10.0\ultimaker-cura.exe] => (Allow) C:\programy\3d\ultimaker cura\ultimaker cura 5.10.0\ultimaker-cura.exe => No File
FirewallRules: [TCP Query User{CB5C981B-4464-46DB-AB07-2F2CBCD9486E}C:\program files (x86)\java\jre1.8.0_451\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_451\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DC0B785E-556A-4D17-9AC3-B05F7AFE21E3}C:\program files (x86)\java\jre1.8.0_451\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_451\bin\javaw.exe => No File
FirewallRules: [{B79FEC59-B287-4D2E-A7C2-E1225DA1C961}] => (Allow) C:\Programy\Video-Tv\EaseUS.Fixo.Technician.2.0.8_20240902.Portable.KaranPC\App\EaseUS Fixo\Fixo.exe (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
FirewallRules: [{7E72EEA9-3EA4-42B5-BB6B-541799FCDDFD}] => (Allow) C:\Programy\3D\UltiMaker Cura\UltiMaker-Cura.exe (Ultimaker B.V. -> )
FirewallRules: [{E0C8E67D-148D-4600-BC95-56E423470644}] => (Allow) C:\Programy\3D\UltiMaker Cura\CuraEngine.exe (Ultimaker B.V. -> Ultimaker BV.)
FirewallRules: [TCP Query User{32F157FE-6D3B-4430-ABE3-6A99E6B3D1D4}C:\program files (x86)\java\jre1.8.0_461\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_461\bin\javaw.exe
FirewallRules: [UDP Query User{6A7C4DCE-B1C2-431B-AF19-561118036246}C:\program files (x86)\java\jre1.8.0_461\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_461\bin\javaw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

28-08-2025 10:54:01 Revo Uninstaller Pro's restore point - Malwarebytes version 5.3.7.209

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/28/2025 03:33:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 21.8.2025.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 146c

Čas spuštění: 01dc182025644f40

Čas ukončení: 21

Cesta k aplikaci: C:\Users\Fox\Desktop\FRST64.exe

ID hlášení: 3345e120-0305-478f-ba4d-22558050f5b5

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (08/28/2025 12:34:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HiJackThis.exe, verze: 2.9.0.26, časové razítko: 0x5b7e5787
Název chybujícího modulu: MSVBVM60.DLL, verze: 6.0.98.48, časové razítko: 0x5ea8e7bc
Kód výjimky: 0xc0000005
Posun chyby: 0x00031f42
ID chybujícího procesu: 0x2494
Čas spuštění chybující aplikace: 0x01dc18075b9ed334
Cesta k chybující aplikaci: C:\Users\Fox\Desktop\HiJackThis.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\MSVBVM60.DLL
ID zprávy: 4126d943-4c90-4689-8c02-82201b921eca
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (08/28/2025 12:34:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HiJackThis.exe, verze: 2.9.0.26, časové razítko: 0x5b7e5787
Název chybujícího modulu: HiJackThis.exe, verze: 2.9.0.26, časové razítko: 0x5b7e5787
Kód výjimky: 0xc00001a5
Posun chyby: 0x00006ab0
ID chybujícího procesu: 0x2494
Čas spuštění chybující aplikace: 0x01dc18075b9ed334
Cesta k chybující aplikaci: C:\Users\Fox\Desktop\HiJackThis.exe
Cesta k chybujícímu modulu: C:\Users\Fox\Desktop\HiJackThis.exe
ID zprávy: 51fd4027-a1e9-4239-bc41-a3d14b674787
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (08/28/2025 10:55:08 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (08/28/2025 10:53:59 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {a7c71db1-b298-45f9-8531-e3b43596d988}

Error: (08/27/2025 04:44:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/27/2025 04:02:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: nnsvc.exe, verze: 0.0.0.0, časové razítko: 0x66db3af2
Název chybujícího modulu: nnsvc.dll, verze: 0.0.0.0, časové razítko: 0x66cf5f2a
Kód výjimky: 0xc0000409
Posun chyby: 0x0009192e
ID chybujícího procesu: 0xa00
Čas spuštění chybující aplikace: 0x01dc174c5d6d31ee
Cesta k chybující aplikaci: C:\ProgramData\Microsoft\Windows\Tools\{181e11ad-596a-4b9c-b600-03d18e7129e4}\nnsvc.exe
Cesta k chybujícímu modulu: C:\ProgramData\Microsoft\Windows\Tools\{181e11ad-596a-4b9c-b600-03d18e7129e4}\nnsvc.dll
ID zprávy: c9715507-a941-4cd2-95ca-35adff1756e9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (08/27/2025 03:42:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Repocket.exe, verze: 1.0.0.0, časové razítko: 0x6720f3fa
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x053944c7
ID chybujícího procesu: 0x2f60
Čas spuštění chybující aplikace: 0x01dc17568b44efe7
Cesta k chybující aplikaci: C:\Windows\Copilot\current\Repocket.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 3b8eaeb4-63ae-4a5c-97ed-dabae3caccfa
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (08/28/2025 03:33:53 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (08/28/2025 01:24:50 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (08/28/2025 01:24:50 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (08/28/2025 01:21:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Aktualizace Google (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (08/28/2025 01:21:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Aktualizace Google (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (08/28/2025 01:21:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Agent neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (08/28/2025 01:19:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (08/28/2025 01:19:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\VD_FileDisk.SYS


Windows Defender:
================
Date: 2025-08-28 09:00:19
Description:
Antivirová ochrana v programu Microsoft Defender ŝĉàʼn нåš ъè℮η śţőррзð веƒσге ćóмрľ℮ŧĭσň.%и %ťŚĉăй ĪÐ:%в{5F36607A-545E-4103-B14D-D75587A84B5A}%ʼn %тŜċàή Τỳφέ:%ьAntimalwarový program%ň %ŧЅĉăп Рàřáméŧėяѕ:%ъÚplné prohledávání%ή %ŧЦŝèя:%ъDESKTOP-9B6JPPE\Fox%ʼn %тŞтøр Ŕęаśòή:%ь∆вôŕŧěð ъў ŧĥέ сŀίέⁿŧ

Date: 2025-08-27 17:01:09
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.AB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: containerfile:_D:\ipacket\Vypálit\Vypalování+Kopírování\CloneDVD 2.8.5.1\Keygen.zip; file:_D:\ipacket\Vypálit\Vypalování+Kopírování\CloneDVD 2.8.5.1\Keygen.zip->SlysoftCloneDVD2Keygen.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.435.418.0, AS: 1.435.418.0, NIS: 1.435.418.0
Verze modulu: AM: 1.1.25070.4, NIS: 1.1.25070.4

Date: 2025-08-27 17:01:09
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Adware:Win32/Adrepack
Závažnost: Vysoké
Kategorie: Software placený zobrazováním reklamy
Cesta: file:_D:\Downloads\Bitcomet\[FTUApps.com] - F-Secure Freedome VPN v2.71.176.0 Multilingual RePack\F-Secure Freedome VPN 2.71.176.0 RePack by KpoJIuK\F-Secure.Freedome.VPN.v2.71.176.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.435.418.0, AS: 1.435.418.0, NIS: 1.435.418.0
Verze modulu: AM: 1.1.25070.4, NIS: 1.1.25070.4

Date: 2025-08-27 17:01:08
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Trickbot
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: containerfile:_D:\Downloads\Bitcomet\Tag&Rename v3.9.15.7z; file:_D:\Downloads\Bitcomet\Tag&Rename v3.9.15.7z->v1 patch.7z->tagrename-3.9.x-patch.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.435.418.0, AS: 1.435.418.0, NIS: 1.435.418.0
Verze modulu: AM: 1.1.25070.4, NIS: 1.1.25070.4

Date: 2025-08-27 17:01:08
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:MSIL/Heracles.ARA!MTB
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: containerfile:_D:\Downloads\Bitcomet\EaseUS Data Recovery Wizard Technician v16.0.0.0 Build 20230328 + Fix.zip; file:_D:\Downloads\Bitcomet\EaseUS Data Recovery Wizard Technician v16.0.0.0 Build 20230328 + Fix.zip->EaseUS Data Recovery Wizard Technician v16.0.0.0 Build 20230328 + Fix/Setup/setup.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.435.418.0, AS: 1.435.418.0, NIS: 1.435.418.0
Verze modulu: AM: 1.1.25070.4, NIS: 1.1.25070.4
Event[0]:

Date: 2025-08-28 09:01:31
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o obnovení položky z karantény.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/crack
Závažnost: Vysoké
Kategorie: Nástroj
Uživatel: DESKTOP-9B6JPPE\Fox
Kód chyby: 0x80508014
Popis chyby: Položku v karanténě nelze obnovit.
Verze bezpečnostních informací: AV: 1.435.437.0, AS: 1.435.437.0
Verze modulu: 1.1.25070.4

Date: 2025-06-18 11:36:04
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Monitorování chování
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: Ovladač filtru vyžaduje ke správnému fungování aktuální modul. Pokud chcete povolit ochranu v reálném čase, je nutné nainstalovat nejnovější aktualizace bezpečnostních informací.

Date: 2024-12-10 10:26:31
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Monitorování chování
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: Ovladač filtru vyžaduje ke správnému fungování aktuální modul. Pokud chcete povolit ochranu v reálném čase, je nutné nainstalovat nejnovější aktualizace bezpečnostních informací.

Date: 2024-11-14 17:32:54
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Monitorování chování
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: Ovladač filtru vyžaduje ke správnému fungování aktuální modul. Pokud chcete povolit ochranu v reálném čase, je nutné nainstalovat nejnovější aktualizace bezpečnostních informací.

Date: 2024-10-17 09:41:14
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.547.0
Předchozí verze bezpečnostních informací: 1.419.417.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80004004
Popis chyby: Operace přerušena

CodeIntegrity:
===============
Date: 2025-08-28 13:19:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2025-08-28 10:55:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.

Date: 2025-08-28 10:55:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.

Date: 2025-08-28 10:55:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. E16GCIMS.216 11/15/2013
Motherboard: Micro-Star International Co., Ltd. MS-16GC
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16304.02 MB
Available physical RAM: 12907.09 MB
Total Virtual: 17328.02 MB
Available Virtual: 14056.64 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:111.18 GB) (Free:28.4 GB) (Model: KINGSTON SMS200S3120G) NTFS
Drive d: (DATA) (Fixed) (Total:465.76 GB) (Free:266.29 GB) (Model: TOSHIBA MQ01ABF050) NTFS

\\?\Volume{541abc26-796e-473c-96dd-49b855f83705}\ () (Fixed) (Total:0.5 GB) (Free:0.48 GB) NTFS
\\?\Volume{0b53f683-334c-4854-8082-363a61caf971}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5F5AC42E)

Partition: GPT.

==========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 96FA0516)

Partition: GPT.

==================== End of Addition.txt =======================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752208 2025-06-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\...\Run: [Agent Tray] => C:\Program Files\Agent\AgentTray.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {40365F9E-39B1-4773-8D7D-4B559A2DC8F5} - System32\Tasks\Microsoft\Office\Copilot Optimization => C:\ProgramData\Microsoft\Windows\Tools\OfficeAI\aisvchost.exe [13312 2024-11-22] () [File not signed] <==== ATTENTION
Task: {DBCFB613-D6CA-4901-BAED-E630AB0AAE3F} - System32\Tasks\Microsoft\Windows\Copilot\Copilot Update => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [455680 2024-02-14] (Microsoft Windows -> Microsoft Corporation) -> -ExecutionPolicy Bypass C:\Windows\Copilot\update.ps1 <==== ATTENTION
Task: {7BDA8E1D-7654-4359-9DC1-B02842648DB0} - System32\Tasks\Microsoft\Windows\Defrag\Defrag Engine => C:\ProgramData\Microsoft\Windows\Tools\{b2cbd99e-3b5c-4c90-ae82-365bb56722cc}\desvchost.exe [27320 2024-09-02] (KUCHIKU LTD -> ) <==== ATTENTION
Task: {DF909F1D-E9CE-4792-8147-B249DB5003BF} - System32\Tasks\Microsoft\Windows\Defrag\Fragmentation Manager => C:\ProgramData\Microsoft\Windows\Tools\{85c559a7-e331-49d6-a96a-73f1be4e7e30}\fm.exe (No File) <==== ATTENTION
Task: {0685E0C6-CCD8-49DA-B87E-A4C60C7C80B1} - System32\Tasks\Microsoft\Windows\Experimental\Experimental Host => C:\ProgramData\Microsoft\Windows\Tools\{b77d01b7-e05f-445d-8363-897f3fe182d0}\sdkhost.exe [22200 2024-09-02] (KUCHIKU LTD -> ) <==== ATTENTION
Task: {81B7F7D4-5A90-47C6-89D7-EFAD3B5EDA4C} - System32\Tasks\Microsoft\Windows\NetTrace\Net Neutrality Service => C:\ProgramData\Microsoft\Windows\Tools\{181e11ad-596a-4b9c-b600-03d18e7129e4}\nnsvc.exe [22712 2024-09-14] (KUCHIKU LTD -> ) <==== ATTENTION
Task: {F23FAFB3-E33E-456B-86B6-7F3026683A95} - System32\Tasks\Microsoft\Windows\OneDrive\OneDrive Sync => C:\Program Files\nodejs\node.exe [69763224 2024-07-08] (OpenJS Foundation -> Node.js) -> C:\Windows\OneDrive\onedrivesync.js <==== ATTENTION
Task: {E7A9449E-A008-4B5B-A662-EF32F8D8832A} - System32\Tasks\Microsoft\Windows\Remote Assistant Host => C:\ProgramData\Microsoft\Windows\Tools\{3a40afdb-daa7-4812-8494-a3e3075ff2c9}\rasvc.exe (No File) <==== ATTENTION
Task: {A929B2D1-1CAF-483E-B8CA-C13E1D28A9DE} - System32\Tasks\Microsoft\Windows\SyncCenter\SyncX SDK => C:\ProgramData\Microsoft\Windows\Tools\{2c8cdec6-997a-44ff-9271-c0877b2f688a}\sxhost.exe [24248 2024-09-14] (KUCHIKU LTD -> ) <==== ATTENTION
S3 HWiNFO_204; \??\C:\Users\Fox\AppData\Local\Temp\HWiNFO_x64_204.sys [X] <==== ATTENTION
U4 npcap_wifi; no ImagePath
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{b4175fb1-dff3-c216-a4be-a80de0dc90cf}\localserver32 -> "C:\Users\Fox\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1220654465-1674008627-1598820287-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
ContextMenuHandlers4-x32: [DiskInternals_cd_recovery] -> {6DD33479-D4D0-4666-93C8-F6DC46668518} => C:\PROGRA~2\DISKIN~1\CDANDD~1\contmenu.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-1220654465-1674008627-1598820287-1001\Software\Classes\.cmd: => <==== ATTENTION
FirewallRules: [{1BE9E6D3-AA95-4011-A452-BF2CE357C382}] => (Allow) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe => No File
FirewallRules: [{F373A20E-E92E-4E75-A73F-838CBE1AB42D}] => (Allow) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe => No File
FirewallRules: [{84B80410-CABE-4E5B-939C-BEF7A3EBD5E6}] => (Allow) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe => No File
FirewallRules: [{FB8B4D0B-7D9E-4FB1-B8DE-2C38DA23D31D}] => (Allow) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe => No File
FirewallRules: [TCP Query User{8043DDEE-1C36-4D0F-9372-70AB4B2A4FBE}D:\games\bobb\binaries\win64\bobb-win64-shipping.exe] => (Allow) D:\games\bobb\binaries\win64\bobb-win64-shipping.exe => No File
FirewallRules: [UDP Query User{368042EB-E179-4397-BB8B-A5200815F804}D:\games\bobb\binaries\win64\bobb-win64-shipping.exe] => (Allow) D:\games\bobb\binaries\win64\bobb-win64-shipping.exe => No File
FirewallRules: [{FA684627-4579-44F1-A4BB-A6D5AAE94B0F}] => (Allow) D:\Games\BOBB.exe => No File
FirewallRules: [{357B5088-EFC4-4E79-9C40-615BB51B8EBE}] => (Allow) D:\Games\BOBB.exe => No File
FirewallRules: [{1F955F67-6AB5-49E8-ACD1-2990F7995F1B}] => (Allow) D:\Games\BOBB.exe => No File
FirewallRules: [{AB9838DE-F129-4929-8708-36645582CC38}] => (Allow) D:\Games\BOBB.exe => No File
FirewallRules: [TCP Query User{FC365856-4156-4812-A116-1B0903C974CA}D:\downloads\bitcomet\black.one.blood.brothers.university.early.access\black one blood brothers\bobb\binaries\win64\bobb-win64-shipping.exe] => (Allow) D:\downloads\bitcomet\black.one.blood.brothers.university.early.access\black one blood brothers\bobb\binaries\win64\bobb-win64-shipping.exe => No File
FirewallRules: [UDP Query User{B1691DA0-9820-4C22-B0F1-843B5CAB4A62}D:\downloads\bitcomet\black.one.blood.brothers.university.early.access\black one blood brothers\bobb\binaries\win64\bobb-win64-shipping.exe] => (Allow) D:\downloads\bitcomet\black.one.blood.brothers.university.early.access\black one blood brothers\bobb\binaries\win64\bobb-win64-shipping.exe => No File
FirewallRules: [TCP Query User{CFB0073B-E086-494F-BB4D-2F2D2835358A}C:\users\fox\appdata\local\temp\_tc\setup.exe] => (Allow) C:\users\fox\appdata\local\temp\_tc\setup.exe => No File
FirewallRules: [UDP Query User{872E9076-EC5A-46D5-95FA-5A5915ADE7AE}C:\users\fox\appdata\local\temp\_tc\setup.exe] => (Allow) C:\users\fox\appdata\local\temp\_tc\setup.exe => No File
FirewallRules: [{31E6622F-CF28-4EDC-B77F-809E6440E053}] => (Allow) C:\Program Files\Agent\Agent.exe => No File
FirewallRules: [TCP Query User{92343596-856B-48D8-AAC2-2FF0E22028DB}C:\program files\agent\agenttray.exe] => (Allow) C:\program files\agent\agenttray.exe => No File
FirewallRules: [UDP Query User{23335467-A1F4-4ADE-B4F7-17BF1ACE0BB4}C:\program files\agent\agenttray.exe] => (Allow) C:\program files\agent\agenttray.exe => No File
FirewallRules: [{B7B18275-0D77-4794-98FF-79612D1971C6}] => (Allow) C:\Program Files\Agent\Agent.exe => No File
FirewallRules: [TCP Query User{7F8F5B19-13C3-4B81-9363-198707928664}C:\users\fox\desktop\active\netfabb.exe] => (Allow) C:\users\fox\desktop\active\netfabb.exe => No File
FirewallRules: [UDP Query User{0EF7CA1C-C0C1-44D3-A07D-958BB07B97AE}C:\users\fox\desktop\active\netfabb.exe] => (Allow) C:\users\fox\desktop\active\netfabb.exe => No File
FirewallRules: [TCP Query User{C12E708B-F01A-4370-9FFA-B49A3B98F8DB}E:\start.exe] => (Allow) E:\start.exe => No File
FirewallRules: [UDP Query User{500E6930-D264-42E7-B464-4CD37CCE5E1A}E:\start.exe] => (Allow) E:\start.exe => No File
FirewallRules: [TCP Query User{B58B80FF-7EB6-44CD-9F6A-ED0D708B2029}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8FA8DC1D-CA2D-44C8-AAAB-287048D6181D}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [{043681AF-06DF-4083-ACF0-DCE59F99F074}] => (Allow) C:\Users\Fox\Desktop\EaseUS.Fixo.Technician.2.0.8_20240902.Portable.KaranPC\App\EaseUS Fixo\Fixo.exe => No File
FirewallRules: [{9af505ec-2aa1-4542-bed3-1b6d690d3910}] => (Allow) C:\ProgramData\Microsoft\Windows\Tools\AI\bgm.exe => No File
FirewallRules: [TCP Query User{5CCD8D1E-312D-443C-814A-9EA864D03D85}D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [UDP Query User{27B746EF-EAF9-43B5-9E1D-E398B1968EC3}D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) D:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [TCP Query User{D57B75DF-B6AC-4DF6-AFB9-A7E981F23D28}C:\program files (x86)\java\jre1.8.0_441\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_441\bin\javaw.exe => No File
FirewallRules: [UDP Query User{E0FF83B8-BAD4-4899-81D7-5FEF928AF6B6}C:\program files (x86)\java\jre1.8.0_441\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_441\bin\javaw.exe => No File
FirewallRules: [TCP Query User{5E7FCC69-8450-4A1E-9A5E-9B5683D3A44D}C:\programy\3d\ultimaker cura\ultimaker cura 5.9.1\ultimaker-cura.exe] => (Allow) C:\programy\3d\ultimaker cura\ultimaker cura 5.9.1\ultimaker-cura.exe => No File
FirewallRules: [UDP Query User{0A4AD823-EDB3-4A83-A9A0-BF26C344795F}C:\programy\3d\ultimaker cura\ultimaker cura 5.9.1\ultimaker-cura.exe] => (Allow) C:\programy\3d\ultimaker cura\ultimaker cura 5.9.1\ultimaker-cura.exe => No File
FirewallRules: [TCP Query User{51E5A682-A9FA-4A3C-AAB8-95BD7A04B204}C:\programy\3d\ultimaker cura\ultimaker cura 5.10.0\ultimaker-cura.exe] => (Allow) C:\programy\3d\ultimaker cura\ultimaker cura 5.10.0\ultimaker-cura.exe => No File
FirewallRules: [UDP Query User{7247441C-F1C0-4A9E-B94E-9A46E308578F}C:\programy\3d\ultimaker cura\ultimaker cura 5.10.0\ultimaker-cura.exe] => (Allow) C:\programy\3d\ultimaker cura\ultimaker cura 5.10.0\ultimaker-cura.exe => No File
FirewallRules: [TCP Query User{CB5C981B-4464-46DB-AB07-2F2CBCD9486E}C:\program files (x86)\java\jre1.8.0_451\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_451\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DC0B785E-556A-4D17-9AC3-B05F7AFE21E3}C:\program files (x86)\java\jre1.8.0_451\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_451\bin\javaw.exe => No File
D:\ipacket\Vypálit\Vypalování+Kopírování\CloneDVD 2.8.5.1\Keygen.zip
D:\Downloads\Bitcomet\[FTUApps.com] - F-Secure Freedome VPN v2.71.176.0 Multilingual RePack\F-Secure Freedome VPN 2.71.176.0 RePack by KpoJIuK\F-Secure.Freedome.VPN.v2.71.176.exe
D:\Downloads\Bitcomet\Tag&Rename v3.9.15.7z; file:_D:\Downloads\Bitcomet\Tag&Rename v3.9.15.7z->v1 patch.7z->tagrename-3.9.x-patch.exe
D:\Downloads\Bitcomet\EaseUS Data Recovery Wizard Technician v16.0.0.0 Build 20230328 + Fix.zip

EmptyTemp:
Hosts:

End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[foxy]

Raději teď jako *.rar. Ztrácím se.

Fixlog.rar

(4.89 KiB) Staženo 5 x

[Rudy]

Bylo smazáno. Nastala nějaká změna?

[foxy]

"Mailmon" u poskytovatele mlčí, stejně tak "Viroměr."
Stařičký ntb MSI z roku snad 2014, říká se darovanýmu koni..., ale měl jsem. Měl jsem předělat systém, jenže jsem měl obavy o ovladače. Takže teď to vypadá O.K.
Díky moc, já jdu rozbít prasátko a přispět

[Rudy]

Ovladače by měly jít stáhnout z webu. Jsem rád, že je to vyřešené. Za příspěvek děkujeme a vy nemáte zač!