Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2022 01
Ran by U50457 (14-04-2022 05:47:48)
Running from C:\Users\U50457\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1620 (X64) (2020-10-26 12:32:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3169971691-1478504625-2396636365-500 - Administrator - Enabled)
DefaultAccount (S-1-5-21-3169971691-1478504625-2396636365-503 - Limited - Disabled)
Guest (S-1-5-21-3169971691-1478504625-2396636365-501 - Limited - Disabled)
OEM (S-1-5-21-3169971691-1478504625-2396636365-1001 - Limited - Disabled) => C:\Users\OEM
WDAGUtilityAccount (S-1-5-21-3169971691-1478504625-2396636365-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Symantec Endpoint Protection (Enabled - Up to date) {FC90FA28-5CE6-9068-FC99-1C67339C0047}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Symantec Endpoint Protection (Enabled) {C4AB7B0D-1689-9130-D7C6-B552CD4F473C}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.001.20085 - Adobe)
Altap Salamander 4.0 (x64) (HKLM\...\Altap Salamander 4.0 (x64)) (Version: 4.0 - ALTAP)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{ebb135fb-d587-4f7a-8c91-eca79031d792}) (Version: 21.30.2 - Intel Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.92 - Piriform)
CrystalDiskInfo 8.16.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.16.1 - Crystal Dew World)
Docházka (HKLM-x32\...\{30D67C8D-244A-4A83-90B4-AF541FD8A551}) (Version: 1.0.0 - Třinecké železárny, a. s.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Check Point Identity Agent (HKLM-x32\...\{4BF5B7F6-938A-419A-AA82-6F56F1B798B9}) (Version: 81.023.0000 - Check Point Software Technologies Ltd.)
IBM Notes 9.0.1 Social Edition cs (HKLM-x32\...\{13496F6E-C212-492E-9DA4-C2EB4FBA6B44}) (Version: 9.01.14049 - IBM)
Intel(R) Computing Improvement Program (HKLM\...\{F6B5BD59-21F0-47F8-A6C6-63BAEB1A6569}) (Version: 2.1.03720 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2024.14.0.1655 - Intel Corporation)
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{15998D77-1F78-43EE-96D4-1067ECAA2412}) (Version: 3.5.2247 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{69bc85f1-55f9-44f2-b5df-3840fe07854c}) (Version: 1.61.251.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001050-0200-1029-84C8-B8D95FA3C8C3}) (Version: 20.50.1 - Intel Corporation)
Intel® Online Connect (HKLM-x32\...\{6b556278-d555-4d14-ac99-8ad600578a95}) (Version: 1.3.13.0 - Intel Corporation)
KONICA MINOLTA C360i_C4050i_C4000i_C3320iSeries (HKLM\...\KONICA MINOLTA C360i_C4050i_C4000i_C3320iSeries Installer) (Version: - KONICA MINOLTA)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.23 - Lenovo) Hidden
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.11.20.0 - Lenovo Group Ltd.)
Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\{F6E9C8FB-A147-3917-8574-0400B16CB647}) (Version: 100.0.1185.39 - Microsoft Corporation)
Microsoft Office 2016 pro podnikatele - cs-cz (HKLM\...\HomeBusinessRetail - cs-cz) (Version: 16.0.15028.20160 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3169971691-1478504625-2396636365-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 99.0.1 (x64 cs)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 98.0.2 - Mozilla)
Mp3tag v3.14 (HKLM-x32\...\Mp3tag) (Version: 3.14 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15028.20050 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20094 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
SAP GUI for Windows 7.40 (Patch 13) (HKLM-x32\...\SAPGUI) (Version: 7.40 Compilation 3 - SAP SE)
Symantec Endpoint Protection (HKLM\...\{EDA35EBE-E7E4-42E2-9B20-E3A68DE9B0D0}) (Version: 14.3.5413.3000 - Broadcom)
Thunderbolt™ Software (HKLM-x32\...\{1AA93FF8-C685-4E00-8682-7F2E5D8E8689}) (Version: 17.4.80.550 - Intel Corporation)
TightVNC (HKLM\...\{DEE0B752-52D8-4615-9BEE-1EDA46628960}) (Version: 2.8.8.0 - GlavSoft LLC.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.)
WALTR HEIC Converter version 1.1.4 (HKLM\...\{E312C002-A6C4-5F1E-2BF2-3F6348653080}_is1) (Version: 1.1.4 - Softorino, Inc.)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-03-30] (Microsoft Corporation)
KONICA MINOLTA Print Experience -> C:\Program Files\WindowsApps\KONICAMINOLTAINC.KONICAMINOLTAPrintExperience_2.0.0.3_neutral__s63fsn2sety0r [2021-07-01] (KONICA MINOLTA INC)
Mapy.cz -> C:\Program Files\WindowsApps\949FFEAB.Mapy.cz_8.1.1.0_x64__refxrrjvvv3cw [2022-03-31] (Seznam.cz a.s.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-14] (Microsoft Corporation) [MS Ad]
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe [2021-12-09] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.182.758.0_x86__zpdnekdrzrea0 [2022-03-30] (Spotify AB) [Startup Task]
Windows File Recovery -> C:\Program Files\WindowsApps\Microsoft.WindowsFileRecovery_0.1.20151.0_x64__8wekyb3d8bbwe [2022-03-31] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2326126467-407937288-474921760-20846_Classes\CLSID\{A434F5F0-76CF-4ED2-8D3A-8840D7F0C2D8} -> [iCloud Drive] =>
CustomCLSID: HKU\S-1-5-21-2326126467-407937288-474921760-20846_Classes\CLSID\{C78B614F-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx64.dll (Fine spol. s r.o. -> ALTAP)
CustomCLSID: HKU\S-1-5-21-2326126467-407937288-474921760-20846_Classes\CLSID\{DDEE5329-CDCF-4C31-A3D2-5D39FC757ECA} -> [Fotky na iCloudu] =>
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0801.0008_1\amd64\FileSyncShell64.dll [2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5413.3000.105\Bin64\vpshell2.dll [2022-04-12] (Symantec Corporation -> Broadcom)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2022-03-29] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5413.3000.105\Bin64\vpshell2.dll [2022-04-12] (Symantec Corporation -> Broadcom)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2022-03-29] (Florian Heidenreich) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0801.0008_1\amd64\FileSyncShell64.dll [2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2022-03-29] (Florian Heidenreich) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\19.152.0801.0008_1\amd64\FileSyncShell64.dll [2019-09-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa58b8086803cc6e\igfxDTCM.dll [2022-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5413.3000.105\Bin64\vpshell2.dll [2022-04-12] (Symantec Corporation -> Broadcom)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.ACDV] => ACDV.dll
HKLM\...\Drivers32: [VIDC.CFHD] => CFHD.dll
HKLM\...\Drivers32-x32: [VIDC.ACDV] => ACDV.dll
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-03-29 16:19 - 2022-03-29 16:19 - 000474624 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{9E78FE08-0A10-4910-8555-B47C5C97A7E0}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{A4D3C896-5584-4740-86EC-BA8E4E3D9F26}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{C6B0F072-7178-4655-8ABE-C08EAB73DD16}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{FC2F6DB3-0652-459A-85F4-3A58EB518729}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3169971691-1478504625-2396636365-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17swin10.msn.com/?pc=LJSE
HKU\S-1-5-21-3169971691-1478504625-2396636365-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17swin10.msn.com/?pc=LJSE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2017-04-27] (SAP SE -> SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2017-04-27] (SAP SE -> SAP, Walldorf)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-04-08 05:46 - 2022-04-14 04:07 - 000000813 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2019-08-12 11:41 - 2022-03-23 06:34 - 000000741 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
6 28 10 560
68.137.1 W-SAS-2017082.mshome.net # 2025 3 6 1 4 28 43 770
944
338
761
145
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\CineForm\Tools;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;c:\Program Files\Intel\Intel(R) Management Engine Components\DAL
HKU\S-1-5-21-2326126467-407937288-474921760-20846\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3169971691-1478504625-2396636365-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Signature\Signature01.jpg
DNS Servers: 172.25.11.240 - 172.25.11.241
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled)
Wi-Fi: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CodeMeter.exe => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 2
MSCONFIG\Services: DSAService => 2
MSCONFIG\Services: ESRV_SVC_QUEENCREEK => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) Online Connect => 3
MSCONFIG\Services: Intel(R) Online Connect Helper => 2
MSCONFIG\Services: Intel(R) Online Connect Software Asset Manager => 3
MSCONFIG\Services: Intel(R) SUR QC SAM => 3
MSCONFIG\Services: Intel(R) TechnologyAccessService => 2
MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2
MSCONFIG\Services: Lenovo Instant On => 2
MSCONFIG\Services: LenovoVantageService => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LNSUSvc => 2
MSCONFIG\Services: LPlatSvc => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: PDFProFiltSrvPP => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: ssh-agent => 3
MSCONFIG\Services: SUService => 3
MSCONFIG\Services: SWUpdateService => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: SystemUsageReportSvc_QUEENCREEK => 2
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-2326126467-407937288-474921760-20846\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2326126467-407937288-474921760-20846\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2326126467-407937288-474921760-20846\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_0FA2AAF1B1FBAB38F04D00347C40E9AC"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{CBA39EBE-BD27-4E1B-A9C2-6BB91CE53DAC}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{3504C373-E360-4017-AA02-DD0B267DC7BD}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{CD3C58E5-35FD-4EC3-B153-D799B0EF3FD9}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{A2AEF3F2-E94B-4552-B6CE-13046C141E16}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{879F2A3D-D601-4295-A571-04B388D4020E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A34248D-A17A-489E-A4AF-8B4C43F32846}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{69801EF7-9AA1-4D72-B340-21A6254F4D58}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3A22B7D3-AB04-46E9-B5E7-896DDB01612A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1F7274BD-84A9-4D67-9CB0-7DA6B148FAAA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D36B3314-5C3B-4A2F-B9AE-B7B7081D7C87}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC -> GlavSoft LLC.)
FirewallRules: [{9C02F1C3-4BF9-4CDD-84AC-EE05B72E5BAD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1B506F40-85D7-4C27-81AB-6DB0D8008BE5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{152AB952-C421-4A98-8CDC-F56446DA2E34}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{88078017-6B04-4AB8-ABD3-B718256C7F61}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{463F65C6-6848-4986-AAA9-8FBCA8512B44}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1FA2FCF7-936B-4302-8D4E-3BED08B07417}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D0E6EA61-7B3C-4BBC-B548-FAB30440AD51}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D42DC289-744F-4CE2-9558-26D4B2CE7FB3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{570E1871-69B8-4C42-AEBF-6DC797E4730F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.182.758.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{449F4DFB-464D-48CC-8EF9-07C94E1C1F73}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.182.758.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A63AC743-CFE6-4CDD-AFCE-3F06A4181C97}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.182.758.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D211A8D0-BFD3-4C20-886E-281121C14E6E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.182.758.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D6BB800A-0F70-418B-8F84-F9B575265781}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.182.758.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{45AE72DB-4554-4106-82D9-923E51C00E04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.182.758.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{41B3B290-9568-4C68-88FA-D70396F8CD65}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.182.758.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{15DC8FCA-C216-459F-82C6-AA5B7581640B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.182.758.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{94C8205A-5FDC-425B-A7B7-C1BF90C9C5ED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B2FA4D9C-3834-4B64-9558-70B95119D3E3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A40EEF34-4F10-4587-A6AE-E5527D0282C4}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5413.3000.105\Bin\ccSvcHst.exe (Symantec Corporation -> Broadcom)
FirewallRules: [{3F56FDE4-0875-47D0-8EA9-6A66495CAFD3}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5413.3000.105\Bin\ccSvcHst.exe (Symantec Corporation -> Broadcom)
FirewallRules: [{EF58E4C1-6D74-4DBE-91D9-6CC885CE5F04}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5413.3000.105\Bin64\snac64.exe (Symantec Corporation -> Broadcom)
FirewallRules: [{AA1966DF-71EE-4024-A334-80642E6CE00B}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5413.3000.105\Bin64\snac64.exe (Symantec Corporation -> Broadcom)
==================== Restore Points =========================
28-03-2022 11:48:39 Nainstalováno FormApps Signing Extension.
31-03-2022 06:46:56 Removed ELVIS
31-03-2022 09:34:26 Removed Thunderbolt™ Software
31-03-2022 12:22:41 Driver Booster : Synaptics Pointing Device
31-03-2022 13:21:42 Removed Java 8 Update 321
31-03-2022 13:22:28 Removed Microsoft Edge
01-04-2022 05:43:27 AdwCleaner_BeforeCleaning_01/04/2022_05:43:26
05-04-2022 05:49:30 AdwCleaner_BeforeCleaning_05/04/2022_05:49:30
05-04-2022 05:51:30 JRT Pre-Junkware Removal
05-04-2022 06:20:04 Installed Sophos Virus Removal Tool.
06-04-2022 06:41:37 zoek.exe restore point
06-04-2022 09:40:10 Installed Docházka
12-04-2022 12:32:00 Removed Symantec Endpoint Protection.
12-04-2022 12:55:37 Installed Symantec Endpoint Protection.
13-04-2022 09:31:08 Removed Sophos Virus Removal Tool.
==================== Faulty Device Manager Devices ============
Name: ThinkPad T570 STM TPM Firmware 71.16 (from 71.4/71.12)
Description: ThinkPad T570 STM TPM Firmware 71.16 (from 71.4/71.12)
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: Lenovo Ltd.
Service:
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/13/2022 09:31:08 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny ConvertStringSidToSid(S-1-5-21-2326126467-407937288-474921760-6476.bak) došlo k neočekávané chybě. hr= 0x80070539, Struktura ID zabezpečení není platná.
.
Operace:
Událost OnIdentify
Shromažďování dat modulu pro zápis
Kontext:
Kontext spuštění: Shadow Copy Optimization Writer
ID třídy modulu pro zápis: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Název modulu pro zápis: Shadow Copy Optimization Writer
ID instance modulu pro zápis: {da60f655-a6e6-4df8-9f53-fe6a30c9c7f8}
Error: (04/13/2022 06:04:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.
Error: (04/13/2022 06:04:45 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]
Error: (04/13/2022 06:04:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.
Error: (04/13/2022 06:04:45 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]
Error: (04/13/2022 06:04:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x8007001f, Zařízení připojené k systému nefunguje.
.
Operace:
Spouštění asynchronní operace
Kontext:
Aktuální stav: DoSnapshotSet
Error: (04/13/2022 06:04:17 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny ConvertStringSidToSid(S-1-5-21-2326126467-407937288-474921760-6476.bak) došlo k neočekávané chybě. hr= 0x80070539, Struktura ID zabezpečení není platná.
.
Operace:
Událost OnIdentify
Shromažďování dat modulu pro zápis
Kontext:
Kontext spuštění: Shadow Copy Optimization Writer
ID třídy modulu pro zápis: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Název modulu pro zápis: Shadow Copy Optimization Writer
ID instance modulu pro zápis: {b5574bea-c91b-4cee-a54e-b2f21264bbeb}
Error: (04/13/2022 06:04:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny ConvertStringSidToSid(S-1-5-21-2326126467-407937288-474921760-6476.bak) došlo k neočekávané chybě. hr= 0x80070539, Struktura ID zabezpečení není platná.
.
Operace:
Událost OnIdentify
Shromažďování dat modulu pro zápis
Kontext:
Kontext spuštění: Shadow Copy Optimization Writer
ID třídy modulu pro zápis: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Název modulu pro zápis: Shadow Copy Optimization Writer
ID instance modulu pro zápis: {b5574bea-c91b-4cee-a54e-b2f21264bbeb}
System errors:
=============
Error: (04/13/2022 06:11:50 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
Error: (04/13/2022 06:11:50 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
Error: (04/13/2022 06:11:49 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
Error: (04/13/2022 06:11:49 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
Error: (04/13/2022 06:11:49 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
Error: (04/13/2022 06:11:49 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
Error: (04/13/2022 06:07:09 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
Error: (04/13/2022 06:07:09 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
CodeIntegrity:
===============
Date: 2022-04-14 00:05:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5413.3000.105\Bin64\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2022-04-13 06:08:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5413.3000.105\Bin64\symamsi.dll that did not meet the Microsoft signing level requirements.
Date: 2022-04-13 06:07:33
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.5413.3000.105\Bin\WSCSAvNotifier.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: LENOVO N1VET59W (1.49 ) 12/01/2021
Motherboard: LENOVO 20HAS0B200
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 54%
Total physical RAM: 8015.69 MB
Available physical RAM: 3630.01 MB
Total Virtual: 8527.69 MB
Available Virtual: 3773.06 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:237.23 GB) (Free:133.19 GB) NTFS
\\?\Volume{9a3e8f31-2f3e-4c95-8abd-d24e47b16a30}\ () (Fixed) (Total:0.98 GB) (Free:0.46 GB) NTFS
\\?\Volume{0ed2b81e-c2c6-4c68-aa59-5a4891eb8998}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: C2232F95)
Partition: GPT.
==================== End of Addition.txt =======================
Kontola logu - chyba pluginsd.js Vyřešeno
Re: Kontola logu - chyba pluginsd.js
Vidíš, správce sítě dostává zaplaceno a nepomůže ti. Tady kluci robí zadarmo a dělají zázraky.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontola logu - chyba pluginsd.js
Chtěl jsem log po scriptu s výmazy , ale i tyto nové logy potřebuji.
Ještě jsou tam položky , které odkazují na soubory ,které již neexistují.
Takže ještě jeden script a končíme.
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Ještě jsou tam položky , které odkazují na soubory ,které již neexistují.
Takže ještě jeden script a končíme.
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
Task: {BEBF62D4-6903-4A94-B000-F3EDD1D8328E} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe (No File)
Task: {E6996D20-94A4-4C57-B4D5-1CA026343F34} - \OneDrive Standalone Update Task-S-1-5-21-2326126467-407937288-474921760-6476 -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
EmptyTemp:
End(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontola logu - chyba pluginsd.js
Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version: 18-04-2022 01
Ran by U50457 (19-04-2022 05:44:07) Run:3
Running from C:\Users\U50457\Desktop
Loaded Profiles: U50457 & OEM
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
Task: {BEBF62D4-6903-4A94-B000-F3EDD1D8328E} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe (No File)
Task: {E6996D20-94A4-4C57-B4D5-1CA026343F34} - \OneDrive Standalone Update Task-S-1-5-21-2326126467-407937288-474921760-6476 -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BEBF62D4-6903-4A94-B000-F3EDD1D8328E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEBF62D4-6903-4A94-B000-F3EDD1D8328E}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Power Manager\Background monitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Power Manager\Background monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6996D20-94A4-4C57-B4D5-1CA026343F34}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6996D20-94A4-4C57-B4D5-1CA026343F34}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-2326126467-407937288-474921760-6476" => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.16 => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12683231 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 70629355 B
Edge => 0 B
Firefox => 456460444 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 10366 B
NetworkService => 10366 B
a66096 => 10366 B
U50457 => 10946416 B
a10916 => 10946416 B
A51743 => 10946416 B
OEM => 10946416 B
RecycleBin => 6539 B
EmptyTemp: => 556.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 05:44:27 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 18-04-2022 01
Ran by U50457 (19-04-2022 05:44:07) Run:3
Running from C:\Users\U50457\Desktop
Loaded Profiles: U50457 & OEM
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
Task: {BEBF62D4-6903-4A94-B000-F3EDD1D8328E} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe (No File)
Task: {E6996D20-94A4-4C57-B4D5-1CA026343F34} - \OneDrive Standalone Update Task-S-1-5-21-2326126467-407937288-474921760-6476 -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BEBF62D4-6903-4A94-B000-F3EDD1D8328E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEBF62D4-6903-4A94-B000-F3EDD1D8328E}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Power Manager\Background monitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Power Manager\Background monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6996D20-94A4-4C57-B4D5-1CA026343F34}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6996D20-94A4-4C57-B4D5-1CA026343F34}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-2326126467-407937288-474921760-6476" => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.16 => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12683231 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 70629355 B
Edge => 0 B
Firefox => 456460444 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 10366 B
NetworkService => 10366 B
a66096 => 10366 B
U50457 => 10946416 B
a10916 => 10946416 B
A51743 => 10946416 B
OEM => 10946416 B
RecycleBin => 6539 B
EmptyTemp: => 556.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 05:44:27 ====
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontola logu - chyba pluginsd.js
Stáhni si zde DelFix
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontola logu - chyba pluginsd.js Vyřešeno
# DelFix v1.013 - Logfile created 20/04/2022 at 05:35:47
# Updated 17/04/2016 by Xplode
# Username : U50457 - W-SAS-2017082
# Operating System : Windows 10 Enterprise (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\U50457\Desktop\FRST-OlderVersion
Deleted : C:\zoek-results.log
Deleted : C:\Users\U50457\Desktop\Addition.txt
Deleted : C:\Users\U50457\Desktop\Fixlog.txt
Deleted : C:\Users\U50457\Desktop\FRST.txt
Deleted : C:\Users\U50457\Desktop\FRST64.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Cleaning system restore ...
Deleted : RP #93 [JRT Pre-Junkware Removal | 04/05/2022 03:51:30]
Deleted : RP #94 [Installed Sophos Virus Removal Tool. | 04/05/2022 04:20:04]
Deleted : RP #95 [zoek.exe restore point | 04/06/2022 04:41:37]
Deleted : RP #96 [Installed Docházka | 04/06/2022 07:40:10]
Deleted : RP #99 [Removed Symantec Endpoint Protection. | 04/12/2022 10:32:00]
Deleted : RP #100 [Installed Symantec Endpoint Protection. | 04/12/2022 10:55:37]
Deleted : RP #103 [Removed Sophos Virus Removal Tool. | 04/13/2022 07:31:08]
Deleted : RP #104 [Instalační služba modulů systému Windows | 04/14/2022 04:35:26]
Deleted : RP #105 [Instalační služba modulů systému Windows | 04/14/2022 04:36:10]
New restore point created !
########## - EOF - ##########
THX A LOT!!!
# Updated 17/04/2016 by Xplode
# Username : U50457 - W-SAS-2017082
# Operating System : Windows 10 Enterprise (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\U50457\Desktop\FRST-OlderVersion
Deleted : C:\zoek-results.log
Deleted : C:\Users\U50457\Desktop\Addition.txt
Deleted : C:\Users\U50457\Desktop\Fixlog.txt
Deleted : C:\Users\U50457\Desktop\FRST.txt
Deleted : C:\Users\U50457\Desktop\FRST64.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Cleaning system restore ...
Deleted : RP #93 [JRT Pre-Junkware Removal | 04/05/2022 03:51:30]
Deleted : RP #94 [Installed Sophos Virus Removal Tool. | 04/05/2022 04:20:04]
Deleted : RP #95 [zoek.exe restore point | 04/06/2022 04:41:37]
Deleted : RP #96 [Installed Docházka | 04/06/2022 07:40:10]
Deleted : RP #99 [Removed Symantec Endpoint Protection. | 04/12/2022 10:32:00]
Deleted : RP #100 [Installed Symantec Endpoint Protection. | 04/12/2022 10:55:37]
Deleted : RP #103 [Removed Sophos Virus Removal Tool. | 04/13/2022 07:31:08]
Deleted : RP #104 [Instalační služba modulů systému Windows | 04/14/2022 04:35:26]
Deleted : RP #105 [Instalační služba modulů systému Windows | 04/14/2022 04:36:10]
New restore point created !
########## - EOF - ##########
THX A LOT!!!
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 7 hostů