Prosba Kontrola Logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43248
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosba Kontrola Logu

Příspěvekod jaro3 » 13 dub 2025 14:51

Vypni antivir i firewall, RogueKiller, Malwarebytes Antimalware, windowsDefender
Stáhni zoek:
https://datoid.cz/UeeEYf/zoek1-rar

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.


Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe

(posuvník dolu na download)
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat nyní“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Vykonat“ ( vymazat). Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, klikni vlevo na „zprávy“ a pak na „otevři zprávu“ a zkopíruj sem celý obsah té zprávy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Reklama
Top
Jiri.Met.19!8
nováček
Příspěvky: 20
Registrován: duben 25
Pohlaví: Nespecifikováno

Re: Prosba Kontrola Logu

Příspěvekod Jiri.Met.19!8 » 13 dub 2025 15:25

Informace o kontroly
Název produktu    :  Zemana AntiMalware
Stav kontroly    :  Dokončena
Datum kontroly    :  13.04.2025 15:20:00
Typ kontroly    :  Inteligentní kontrola
Čas trvání    :  00:00:24
Zkontrolované objekty    :  2169
Zjištěné objekty    :  1
Vyloučené objekty    :  0
Automatické odesílání    :  Ne
Operační systém    :  Windows 10 x64
Procesor    :  4X AMD Ryzen 3 1200 Quad-Core Processor
Režim systému BIOS    :  UEFI
Informace o doméně    :  WORKGROUP,False,NetSetupWorkgroupName
CUID    :  14D00569B099B888194EBE


Odhalení
MD5    :  
Stav    :  Zkontrolováno
Objekt    :  c:\users\jm\appdata\local\google\chrome\user data\default\extensions\achogidmbhmofkmpgamphmlebdhgkdhc
Vydavatel    :  
Velikost    :  0
Odhalení    :  HijackExt:ChromePlugin/Soda PDF Viewer: Edit, Convert, Compress PDF files
Akce    :  Vymazat
-----------------------------------------------------------------------
Nahoru
Jiri.Met.19!8
nováček
Příspěvky: 20
Registrován: duben 25
Pohlaví: Nespecifikováno

Re: Prosba Kontrola Logu

Příspěvekod Jiri.Met.19!8 » 13 dub 2025 15:26

ten prvni mi nejde spustit hlásí mi to
,Vaše připojení není soukromé
Útočníci se mohou pokusit ukrást vaše údaje na webu datoid.cz (například hesla, zprávy nebo informace o platebních kartách).

tak to jsem raději nedělal

Chtěl bych se zeptat jak to vypadá
děkuji vám moc
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43248
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosba Kontrola Logu

Příspěvekod jaro3 » 13 dub 2025 15:56

zoek je bezpečný program.

Poslední program:

Vypni antivir i firewall.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
další odkaz:
http://www.bleepingcomputer.com/downloa ... scan-tool/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Jiri.Met.19!8
nováček
Příspěvky: 20
Registrován: duben 25
Pohlaví: Nespecifikováno

Re: Prosba Kontrola Logu

Příspěvekod Jiri.Met.19!8 » 13 dub 2025 17:15

Program zoek i při vypnuti firewall i avg tak nešel mám hned pro vás to posledni
Nahoru
Jiri.Met.19!8
nováček
Příspěvky: 20
Registrován: duben 25
Pohlaví: Nespecifikováno

Re: Prosba Kontrola Logu

Příspěvekod Jiri.Met.19!8 » 13 dub 2025 17:16

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-04-2025
Ran by JM (13-04-2025 17:09:15)
Running from C:\Users\JM\Desktop
Microsoft Windows 10 Home Version 22H2 19045.5737 (X64) (2024-09-28 07:55:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-322305931-481856066-2600299116-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-322305931-481856066-2600299116-503 - Limited - Disabled)
Guest (S-1-5-21-322305931-481856066-2600299116-501 - Limited - Disabled)
JM (S-1-5-21-322305931-481856066-2600299116-1001 - Administrator - Enabled) => C:\Users\JM
WDAGUtilityAccount (S-1-5-21-322305931-481856066-2600299116-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
FW: AVG Antivirus (Disabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adlice Protect version 16.1.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 16.1.2.0 - Adlice Software)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 25.001.20435 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601108}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AIDA64 Extreme v7.35 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 7.35 - FinalWire Ltd.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.133 - Advanced Micro Devices, Inc.) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 6.07.22.037 - Advanced Micro Devices, Inc.)
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.30.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.44 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 24.3.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{a3a3f608-32f7-42e6-abeb-9312016404b4}) (Version: 6.07.22.037 - Advanced Micro Devices, Inc.) Hidden
AVG AntiVirus Free (HKLM\...\AVG Antivirus) (Version: 25.3.9983.2652 - Gen Digital Inc.)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 133.0.29379.143 - Autoři prohlížeče AVG Secure Browser)
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1693.6 - AVG Technologies) Hidden
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 12.1.0.2211 - Disc Soft Ltd)
EAGLE 9.6.2 (HKLM\...\{AUTODESK-EAGLE-9-6-2}_is1) (Version: 9.6.2 - Autodesk, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 135.0.7049.85 - Google LLC)
Heroes of Might and Magic 2 Gold (HKLM-x32\...\1207658785_is1) (Version: 1.01 (2.1) - GOG.com)
HP Dropbox Plugin (HKLM-x32\...\{7B730D4C-A9F2-42BA-90E9-3B1B1FE22D41}) (Version: 36.0.191.0 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{1E00635B-B22C-4953-BBCC-61BAED7C2D85}) (Version: 43.0.191.0 - HP)
HP FTP Plugin (HKLM-x32\...\{68DC53C1-AEE9-460A-A142-C9E8151F489E}) (Version: 43.0.191.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{B67ABBB5-5C0D-4619-A6D6-BA5A5FA422CC}) (Version: 36.0.191.0 - HP)
HP LaserJet MFP M28-M31 Nápověda (HKLM-x32\...\{0DF6621D-67C2-4E12-A5CF-260E985B8743}) (Version: 0.00.0005 - HP)
HP OneDrive Plugin (HKLM-x32\...\{1DE55A9E-B55D-4943-97B6-064B04A57AE2}) (Version: 36.0.191.0 - HP)
HP SFTP Plugin (HKLM-x32\...\{1F0191BF-E339-4192-85D9-C369CA3FE9F1}) (Version: 43.0.191.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{8775F78E-6414-48E3-98D2-76EBB1B8721F}) (Version: 43.0.191.0 - HP)
I.R.I.S OCR (HKLM-x32\...\{39508F29-1E81-40FC-85DA-3182CB04614E}) (Version: 15.2.10.1114 - HP Inc.)
KMPlayer 64X (remove only) (HKLM\...\KMPlayer 64X) (Version: 2024.9.25.12 - PandoraTV)
KompoZer 0.8b3 (HKLM-x32\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version: - KompoZer)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Malwarebytes version 5.2.10.182 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.10.182 - Malwarebytes)
MATLAB R2016a (HKLM\...\Matlab R2016a) (Version: 9.0 - MathWorks)
Microsoft .NET Framework 4.8.1 Developer Pack (HKLM-x32\...\{5feab1d3-2151-48d0-a0a4-d53d248ba533}) (Version: 4.8.9256.5 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8.1 SDK (HKLM-x32\...\{81EF376F-C9A1-42A3-8997-22A1DE4687F0}) (Version: 4.8.09037 - Microsoft Corporation)
Microsoft .NET Framework 4.8.1 Targeting Pack (ENU) (HKLM-x32\...\{A304E528-86BF-476D-AEED-72B7D88CA4BC}) (Version: 4.8.09037 - Microsoft Corporation)
Microsoft .NET Framework 4.8.1 Targeting Pack (HKLM-x32\...\{8DD67B10-D676-4CCF-B141-E17A6B135016}) (Version: 4.8.09037 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 135.0.3179.73 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 135.0.3179.73 - Microsoft Corporation) Hidden
Microsoft Office 2016 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 16.0.18623.20156 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.051.0317.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212 (HKLM-x32\...\{844ECB74-9B63-3D5C-958C-30BD23F19EE4}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212 (HKLM-x32\...\{37B55901-995A-3650-80B1-BBFD047E2911}) (Version: 14.0.24212 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133 (HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30133 (HKLM\...\{E699E009-1C3C-4E50-9B57-2B39F0954C7F}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30133 (HKLM\...\{6CD9E9ED-906D-4196-8DC3-F987D2F6615F}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 137.0.1 (x64 en-US)) (Version: 137.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 130.0.1 - Mozilla)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
PDF Architect 9 (HKLM-x32\...\PDF Architect 9) (Version: 9.1.65.3298 - pdfforge GmbH)
PDF Architect 9 Edit Module (HKLM\...\{8090F59D-2AD0-4F0A-BA7B-5126F967E45A}) (Version: 9.1.71.23005 - Avanquest pdfforge GmbH) Hidden
PDF Architect 9 OCR Module (HKLM\...\{35680DEF-BB94-439D-AF51-07DD6FF65227}) (Version: 9.1.71.23005 - Avanquest pdfforge GmbH) Hidden
PDF Architect 9 OCR TESS Module (HKLM\...\{9C8945C6-8C8C-4176-B00A-3B92B247C094}) (Version: 9.1.71.23005 - Avanquest pdfforge GmbH) Hidden
PDF Architect 9 View Module (HKLM\...\{C75BAEBF-473A-4249-9D3F-DD8C99FF62D4}) (Version: 9.1.71.23005 - Avanquest pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{6F668A7E-FD30-4B9F-A8CD-FC3A0F9AF32A}) (Version: 5.3.1 - Avanquest pdfforge GmbH)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.2.0 - Advanced Micro Devices, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.71.312.2024 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8703.1 - Realtek Semiconductor Corp.)
RyzenMasterSDK (HKLM\...\{BB97BC3F-43CC-42A5-803E-12AB5738163F}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studie vylepšování produktu HP LaserJet MFP M28-M31 (HKLM\...\{A4E991A2-87C7-4E6C-B93D-9694B4192666}) (Version: 46.2.2636.18185 - HP Inc.)
TomTom MyDrive Connect 4.2.13.4348 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.13.4348 - TomTom)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VI Package Manager 2014 (HKLM-x32\...\{612BE9C7-DEE4-4F13-AC87-C6A7C1B721FB}) (Version: 14.0.1941 - JKI)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Základní software zařízení HP LaserJet MFP M28-M31 (HKLM\...\{C9DEFBBD-AC31-4DF6-81C2-385FCAA3B28B}) (Version: 46.2.2636.18185 - HP Inc.)
Zemana AntiMalware verze 3.2.28 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 - Zemana)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_158.2.1134.0_x64__v10z8vjag6ke6 [2025-04-01] (HP Inc.)
OfficePushNotificationsUtility -> C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16 [2025-04-05] ()

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-322305931-481856066-2600299116-1001_Classes\CLSID\{04271989-C4D2-1EA1-C5E8-7D65053C3292} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-322305931-481856066-2600299116-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-322305931-481856066-2600299116-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-322305931-481856066-2600299116-1001_Classes\CLSID\{9A872070-0A06-11D1-90B7-00A024CE2744}\localserver32 -> C:\Program Files\National Instruments\LabVIEW 2014\LabVIEW.exe (National Instruments Corporation -> National Instruments Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2025-04-12] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2025-04-12] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2025-04-12] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers1: [PDFArchitect8_ManagerExt] -> {EC981B88-4DFE-457D-B623-09D6C0E3EE6C} => C:\Program Files\PDF Architect 9\context-menu.dll [2025-02-14] (pdfforge GmbH -> Avanquest pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2022-10-04] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2024-09-26] (AVB Disc Soft, SIA -> Disc Soft FZE LLC)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2025-04-12] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2024-09-26] (AVB Disc Soft, SIA -> Disc Soft FZE LLC)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-04-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncShell64.dll [2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2025-04-12] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-04-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2012-01-26 10:36 - 2012-01-26 10:36 - 000278528 ____R () [File not signed] C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
2012-01-26 10:36 - 2012-01-26 10:36 - 002359296 ____R (Apache Software Foundation) [File not signed] C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-c_2_6.dll
2014-05-15 11:19 - 2014-05-15 11:19 - 001409024 _____ (National Instruments Corp.) [File not signed] C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\nilmClient.dll
2014-05-15 11:19 - 2014-05-15 11:19 - 002237440 _____ (National Instruments Corp.) [File not signed] C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\nilmClient64.dll
2014-06-09 02:20 - 2014-06-09 02:20 - 000566784 _____ (National Instruments Corporation) [File not signed] C:\Program Files (x86)\National Instruments\Shared\LogosXT\nilxtcor.dll
2014-06-06 12:58 - 2014-06-06 12:58 - 000264704 _____ (National Instruments Corporation) [File not signed] C:\Program Files (x86)\National Instruments\Shared\NIAuth\niPortableRegistry.dll
2014-06-09 02:09 - 2014-06-09 02:09 - 000253952 _____ (National Instruments Corporation) [File not signed] C:\Program Files (x86)\National Instruments\Shared\Security\nidm_client_thinauth.dll
2014-06-05 17:30 - 2014-06-05 17:30 - 000095232 _____ (National Instruments Corporation) [File not signed] C:\Program Files (x86)\National Instruments\Shared\TraceEngine\ni_traceengine.dll
2024-11-06 09:14 - 2024-11-06 09:14 - 000196096 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: EAGLESCR => "c:\EAGLE 9.6.2\eagle.exe" -C "" "%1" <==== ATTENTION

==================== Internet Explorer (Whitelisted) =============

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2025-02-02 20:28 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-322305931-481856066-2600299116-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JM\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\8402767007045831571\133890279596578502.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C4BA8C43-2023-445A-821C-CB91AA50D458}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A01DDC16-D5D0-49DD-8A2A-9DEDC0E4C46D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CACDAB77-A304-4655-96EA-ED71C84B9C60}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft FZE LLC)
FirewallRules: [{EE489498-F4D7-4654-B833-4444EA7ADDB7}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft FZE LLC)
FirewallRules: [{974BF562-BDE3-4E91-B1A5-49BEFE3788A2}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{674174D1-E150-4FCA-8AEE-D49E3FC8F204}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{EDC73EB1-8AAC-4E6E-8880-035DE76B5F92}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International B.V. -> TomTom)
FirewallRules: [{B610F576-B851-46CA-92C6-77232C6A6CF6}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe => No File
FirewallRules: [{B724D33D-CDCC-4EE8-99CE-72CF3B9D2488}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe => No File
FirewallRules: [{2FEC413E-50FD-40C7-951F-F747AF249073}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe => No File
FirewallRules: [{2EA30DA3-711D-4C68-9513-A5C24524FD15}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe => No File
FirewallRules: [{5AFAB7EA-20F3-4BBD-8764-9BA359C21E8C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{55A7A9C1-4DD3-4C2A-8828-6D185CC59016}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F8B35F74-1AD4-41E0-A6BB-DAC87EECD67A}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\bin\EWSProxy.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{AD5D4745-96C3-45B2-B2EA-4CF4704D0E93}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{BBF27F9D-897F-43B5-AAF9-AA6AC077A06C}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{F582F1B8-CAE0-4828-83A8-1D83B24997C9}] => (Allow) LPort=5357
FirewallRules: [{0666BFBD-57F5-49A2-BD32-93FF2F82902E}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{A9C2A7E2-75FE-4C61-8B15-6FCD44513AE3}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{22EC3136-CADE-4416-9D77-F40268D55AD2}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{C229CA86-D1D2-4089-A45B-2E31E803BAF1}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{4F08CF52-B016-4A68-944C-1304C9C0BE35}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{CD4A55A3-AC69-4910-B11D-11764353D2A1}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{8A3BB187-468E-4D84-9792-02A814D0A23C}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{DF58609B-7294-4D7B-8E9A-A4EABA727F0B}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{BEC848D8-26A0-4498-A591-B12BCCE8595D}] => (Allow) C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe (James Kring, Inc. DBA JKI -> JKI) [File not signed]
FirewallRules: [{AAD18030-95A5-45EB-BC39-E379B2973456}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4E9D514F-9B0F-4A91-A473-806CDA62CED6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AE14EB61-C23B-4132-9885-19B7CF3E8369}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{89C9C630-62C5-4C11-98EF-D9686105E796}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{654FCC43-F53F-45D1-B7CD-535274C90657}] => (Allow) C:\Program Files\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{A43A7451-BAC3-43F9-964F-DF86B2AE7CC9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F21CF875-F782-4EDA-8BAD-915C2F409DA9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\135.0.3179.73\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

12-04-2025 21:39:39 JRT Pre-Junkware Removal
13-04-2025 00:48:16 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (04/13/2025 04:06:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (G:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/13/2025 04:00:32 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Shotung HDD (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/13/2025 03:51:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Shotung HDD (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/13/2025 03:35:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Shotung HDD (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/13/2025 03:19:24 PM) (Source: AntiMalware) (EventID: 0) (User: )
Description: Application has encountered a problem and needs to be closed. Please contact the adminstrator with the following information:

System.NullReferenceException: Odkaz na objekt není nastaven na instanci objektu.
v Zemana.AntiMalware.UI.Dialogs.dlgList.btnSend_Click(Object sender, EventArgs e) v Z:\Projects\Zemana AntiMalware Staging\Zemana.AntiMalware.UI\Dialogs\dlgList.cs:řádek 72
v System.Windows.Forms.Control.OnClick(EventArgs e)
v System.Windows.Forms.Button.OnClick(EventArgs e)
v System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
v System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
v System.Windows.Forms.Control.WndProc(Message& m)
v System.Windows.Forms.ButtonBase.WndProc(Message& m)
v System.Windows.Forms.Button.WndProc(Message& m)
v System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
v System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
v System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)Odkaz na objekt není nastaven na instanci objektu.

Stack Trace:
v Zemana.AntiMalware.UI.Dialogs.dlgList.btnSend_Click(Object sender, EventArgs e) v Z:\Projects\Zemana AntiMalware Staging\Zemana.AntiMalware.UI\Dialogs\dlgList.cs:řádek 72
v System.Windows.Forms.Control.OnClick(EventArgs e)
v System.Windows.Forms.Button.OnClick(EventArgs e)
v System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
v System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
v System.Windows.Forms.Control.WndProc(Message& m)
v System.Windows.Forms.ButtonBase.WndProc(Message& m)
v System.Windows.Forms.Button.WndProc(Message& m)
v System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
v System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
v System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

Error: (04/13/2025 12:49:23 AM) (Source: MsiInstaller) (EventID: 11606) (User: DESKTOP-17NI7RM)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (04/13/2025 12:49:22 AM) (Source: MsiInstaller) (EventID: 11606) (User: DESKTOP-17NI7RM)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (04/12/2025 09:40:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchApp.exe, verze: 10.0.19041.5678, časové razítko: 0x90c4dc8b
Název chybujícího modulu: chakra.dll, verze: 11.0.19041.4717, časové razítko: 0x919b749f
Kód výjimky: 0x80004005
Posun chyby: 0x00000000002b6b30
ID chybujícího procesu: 0x13d8
Čas spuštění chybující aplikace: 0x01dbabe2ae0313d9
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\chakra.dll
ID zprávy: 1d89e008-8623-4427-952e-462722427c18
Úplný název chybujícího balíčku: Microsoft.Windows.Search_1.14.17.19041_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI


System errors:
=============
Error: (04/13/2025 12:15:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80246007): Hewlett-Packard - USB - 6/1/2018 12:00:00 AM - 46.2.2631.18152.

Error: (04/13/2025 11:59:00 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (04/12/2025 09:11:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/12/2025 09:11:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NI Time Synchronization byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/12/2025 09:11:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba ‪Služba Microsoft Office Klikni a spusť‬ byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (04/12/2025 09:11:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NI System Web Server byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/12/2025 09:11:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/12/2025 09:11:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NI Application Web Server byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
================
Date: 2024-09-28 10:04:02
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:INF/Autorun.gen!A
Závažnost: Vážné
Kategorie: Nástroj
Cesta: file:_G:\autorun.inf
Původ detekce: Místní počítač
Typ detekce: Obecný
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-17NI7RM\JM
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.303.25.0, AS: 1.303.25.0, NIS: 1.303.25.0
Verze modulu: AM: 1.1.16400.2, NIS: 1.1.16400.2

CodeIntegrity:
===============
Date: 2025-04-13 17:09:32
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2025-04-13 16:58:13
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2025-04-13 16:53:33
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. M.90 03/19/2018
Motherboard: Micro-Star International Co., Ltd. B350 GAMING PLUS (MS-7A34)
Processor: AMD Ryzen 3 1200 Quad-Core Processor
Percentage of memory in use: 64%
Total physical RAM: 8146.47 MB
Available physical RAM: 2886.17 MB
Total Virtual: 11346.47 MB
Available Virtual: 2429.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.6 GB) (Free:372.83 GB) (Model: WD_BLACK SN770 500GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:111.79 GB) (Free:58.89 GB) (Model: ADATA SU650) NTFS
Drive e: (Shotung HDD) (Fixed) (Total:931.51 GB) (Free:81.81 GB) (Model: WDC WD10EZEX-08WN4A0) NTFS
Drive g: () (Fixed) (Total:931.51 GB) (Free:742.38 GB) (Model: SAMSUNG HD103SI) NTFS

\\?\Volume{cff6e5e4-5f26-4933-84c5-b5de4df3410c}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{613c4ade-6c6c-4a0d-9c14-3a611b21bfd7}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{fea9f2b7-5108-48af-8ec0-eba44027fb78}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: DE82F443)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6560CAB7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 4 (Size: 931.5 GB) (Disk ID: DE815C1B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Nahoru
Jiri.Met.19!8
nováček
Příspěvky: 20
Registrován: duben 25
Pohlaví: Nespecifikováno

Re: Prosba Kontrola Logu

Příspěvekod Jiri.Met.19!8 » 13 dub 2025 17:16

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2025
Ran by JM (administrator) on DESKTOP-17NI7RM (Micro-Star International Co., Ltd. MS-7A34) (13-04-2025 17:10:05)
Running from C:\Users\JM\Desktop\FRST64.exe
Loaded Profiles: JM
Platform: Microsoft Windows 10 Home Version 22H2 19045.5737 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43248
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosba Kontrola Logu

Příspěvekod jaro3 » 13 dub 2025 18:04

Scan result of Farbar Recovery Scan Tool není celý!
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Jiri.Met.19!8
nováček
Příspěvky: 20
Registrován: duben 25
Pohlaví: Nespecifikováno

Re: Prosba Kontrola Logu

Příspěvekod Jiri.Met.19!8 » 13 dub 2025 18:33

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2025
Ran by JM (administrator) on DESKTOP-17NI7RM (Micro-Star International Co., Ltd. MS-7A34) (13-04-2025 18:29:54)
Running from C:\Users\JM\Desktop\FRST64.exe
Loaded Profiles: JM
Platform: Microsoft Windows 10 Home Version 22H2 19045.5737 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(cmd.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft FZE LLC) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (National Instruments Corporation -> National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(explorer.exe ->) (National Instruments Corporation -> National Instruments Corporation) C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft FZE LLC) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\afwServ.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (National Instruments Corporation -> National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(services.exe ->) (National Instruments Corporation -> National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(services.exe ->) (pdfforge GmbH -> Avanquest pdfforge GmbH) C:\Program Files\PDF Architect 9\activation-service.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2502.2.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9270560 2019-05-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [492872 2025-04-12] (AVG Technologies USA, LLC -> Gen Digital Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-322305931-481856066-2600299116-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5012288 2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-322305931-481856066-2600299116-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [484408 2024-09-26] (AVB Disc Soft, SIA -> Disc Soft FZE LLC)
HKU\S-1-5-21-322305931-481856066-2600299116-1001\...\Run: [AMDNoiseSuppression] => "C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File)
HKU\S-1-5-21-322305931-481856066-2600299116-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2221480 2022-05-02] (TomTom International B.V. -> TomTom)
HKU\S-1-5-21-322305931-481856066-2600299116-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4694624 2025-04-02] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-322305931-481856066-2600299116-1001\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [847000 2013-04-19] (National Instruments Corporation -> )
HKU\S-1-5-21-322305931-481856066-2600299116-1001\...\MountPoints2: {f8c3eb91-7d6e-11ef-af54-309c239de035} - "G:\setup.EXE" /AUTORUN
HKLM\...\Print\Monitors\PDF Architect 9 Monitor: C:\Windows\system32\spool\DRIVERS\x64\architect_pdfpmon_v.6.23.0.2.dll [974120 2025-03-05] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [196096 2024-11-06] (pdfforge GmbH) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files\AVG\Browser\Application\133.0.29379.143\Installer\chrmstp.exe [2025-04-08] (AVG Technologies USA, LLC -> Gen Digital Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\135.0.7049.85\Installer\chrmstp.exe [2025-04-12] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting (64-bit).lnk [2024-10-12]
ShortcutTarget: NI Error Reporting (64-bit).lnk -> C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation -> National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2024-10-12]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation -> National Instruments Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1AC42CCD-55AB-42E0-931F-E200C200FDCE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {41C69810-707B-40C7-9C6C-7588CDF9045D} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2024-02-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {DFC9DEA4-E203-4077-8A5B-ACCA5BE1344C} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2024-02-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {EB7EB277-9F69-40C6-8CB8-22FC1445D14D} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [183736 2024-02-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {5FBBE97D-FFE0-4456-AD20-0F7C3CC85EFB} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {189A822C-03A7-4E73-BB4C-2665E64A7287} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {B3A6B506-8DBE-4837-8B1E-9F4E40142CFF} - System32\Tasks\Avanquest pdfforge GmbH\PDF Architect 9\Installer updater => C:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exe [12189840 2025-03-04] (pdfforge GmbH -> )
Task: {FBBBB1DD-9E33-43BB-9B9F-2C18669E2F84} - System32\Tasks\Avanquest pdfforge GmbH\PDF Architect 9\Update => C:\Program Files\PDF Architect 9\architect.exe [3639744 2025-02-14] (pdfforge GmbH -> Avanquest pdfforge GmbH)
Task: {EEA9F4CB-3E4C-44D8-A1C5-870D4160E08B} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVG\Browser\Application\AVGBrowser.exe [3739592 2025-04-04] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {5327793A-F35F-40FD-951E-CF6A2137425A} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVG\Browser\Application\AVGBrowser.exe [3739592 2025-04-04] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {A74BDFDD-2B62-4082-A185-27AF92476D15} - System32\Tasks\AVG\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5330760 2025-04-12] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {2413E76E-8588-4D09-94B9-D50AFE186773} - System32\Tasks\AVG\AVG Antivirus Patcher => C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe [8618824 2025-03-27] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {E4775E52-4FC6-4B35-9DD8-8F70338C1A29} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2547016 2024-09-28] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {C41F7FA3-2178-4616-A911-D5FCC2B9C594} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209736 2024-09-28] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {8C3D583B-1171-4808-A27E-1580B615C9B3} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209736 2024-09-28] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {3EB9F125-42D3-4B15-8D4D-FF8D4BF5F9FE} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7115.0{C649A2AB-85F9-40E8-8DBD-7A6D43FCC6DB} => C:\Program Files (x86)\Google\GoogleUpdater\137.0.7115.0\updater.exe [7360096 2025-04-08] (Google LLC -> Google LLC)
Task: {4D37016D-0D7A-4D57-BE07-21C44E64DF8A} - System32\Tasks\HPCustParticipation HP LaserJet MFP M28-M31 => C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\HPCustPartic.exe [6662792 2018-07-04] (Hewlett Packard -> HP Inc.)
Task: {F17D08FD-85A4-4BDE-B3D8-05424C8189A6} - System32\Tasks\JKIUpdateTask => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe [545808 2014-04-22] (James Kring, Inc. DBA JKI -> JKI) [File not signed] -> C:\Program Files (x86)\JKI\VI Package Manager\\/silent
Task: {60BC65A0-E2A1-40DA-A672-2EA93C3689B0} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [225400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD46F50E-646D-41CC-9A32-C91E26D03DD4} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [225400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {30AA147D-90BE-4023-916E-4705BC8486B7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29106392 2025-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {09AE1C9E-3FB1-42CF-BB31-65EB0C949E8F} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\opushutil.exe [59600 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {6F14F393-8055-4CAE-8C14-7D6A63910F21} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29106392 2025-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DB58CA8-93BA-4074-ABC1-7952FCB8D53B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [225400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3EC252A-E469-4CD7-A021-E00D0D9B5CCF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [225400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {49333A1C-93BC-4EB1-AA4A-337E85AE499C} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2024-02-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {019A3AEB-D458-49E5-A121-C2F10FBDE780} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-04-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {C9097A1B-405E-497F-B7D2-88033FCF1ED3} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [863008 2014-06-10] (National Instruments Corporation -> National Instruments)
Task: {8762B5D6-D38E-415A-9678-8CB0D115CB7E} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223808 2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A5606C4-A1C7-493A-B807-3B16D9254AFF} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-322305931-481856066-2600299116-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223808 2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {A564F22B-9652-4282-BFCB-A844F6C76F21} - System32\Tasks\OneDrive Startup Task-S-1-5-21-322305931-481856066-2600299116-1001 => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\OneDriveLauncher.exe [674624 2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {473CBB8A-D7C3-4829-8E10-484A5E9631D3} - System32\Tasks\RunAsStdUser Task => C:\Program Files\MATLAB\R2010a\MATLAB R2010a.lnk -> C:\Program Files\MATLAB\R2010a\\-sd $documents\MATLAB -r "setenv('PATH', ['C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\HP\Common\HPDestPlgIn\;C:\Program Files (x86)\HP\IdrsOCR_15.2.10.1114\;C: (the data entry has 82 more characters).
Task: {FFF23440-B7D1-4299-9AC4-75BFA6CEC5A8} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60344 2024-02-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {64B898BE-06BE-4392-A72B-FD34523197E2} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [324024 2024-02-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation -> National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation -> National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7c533d47-3b40-4cab-97d8-cc3d42fe83d0}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\JM\AppData\Local\Microsoft\Edge\User Data\Default [2025-04-13]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\JM\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2025-04-13]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Dokumenty Google offline) - C:\Users\JM\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-13]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\JM\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-10-04]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

FireFox:
========
FF DefaultProfile: 3e7m8k3q.default
FF ProfilePath: C:\Users\JM\AppData\Roaming\Mozilla\Firefox\Profiles\3e7m8k3q.default [2024-09-28]
FF ProfilePath: C:\Users\JM\AppData\Roaming\Mozilla\Firefox\Profiles\pb2n8ud9.default-release [2025-04-13]
FF Extension: (Language: Čeština (Czech)) - C:\Users\JM\AppData\Roaming\Mozilla\Firefox\Profiles\pb2n8ud9.default-release\Extensions\langpack-cs@firefox.mozilla.org.xpi [2025-04-12]
FF ProfilePath: C:\Users\JM\AppData\Roaming\kompozer.net\KompoZer\Profiles\iwnyctjo.default [2025-04-12]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-03-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll [2024-09-28] (AVG Technologies USA, LLC -> Gen Digital Inc.)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1693.6\npAvgBrowserUpdate3.dll [2024-09-28] (AVG Technologies USA, LLC -> Gen Digital Inc.)

Chrome:
=======
CHR Profile: C:\Users\JM\AppData\Local\Google\Chrome\User Data\Default [2025-04-13]
CHR DownloadDir: E:\Downloads
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\JM\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-04-10]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Dokumenty Google offline) - C:\Users\JM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-03-25]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\JM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-04-12]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\JM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-09-28]hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-322305931-481856066-2600299116-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [achogidmbhmofkmpgamphmlebdhgkdhc]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209736 2024-09-28] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [844104 2025-04-12] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [2551624 2025-04-12] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [896328 2025-04-12] (AVG Technologies USA, LLC -> Gen Digital Inc.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7524680 2025-04-12] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [209736 2024-09-28] (AVG Technologies USA, LLC -> Gen Digital Inc.)
S3 AVGSecureBrowserElevationService; C:\Program Files\AVG\Browser\Application\133.0.29379.143\elevation_service.exe [2207096 2025-04-04] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVGWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2024-09-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13860056 2025-04-01] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4938808 2024-09-26] (AVB Disc Soft, SIA -> Disc Soft FZE LLC)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.051.0317.0003\FileSyncHelper.exe [3543888 2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
S2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-01-14] (National Instruments Corporation -> National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53032 2014-06-08] (National Instruments Corporation -> National Instruments Corporation)
S2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation -> National Instruments Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9407072 2025-04-12] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-04-12] (Malwarebytes Inc. -> Malwarebytes)
S2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84280 2014-06-07] (National Instruments Corporation -> National Instruments Corporation)
S2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2014-06-10] (National Instruments Corporation -> National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2014-06-10] (National Instruments Corporation -> National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [569152 2014-06-20] (National Instruments Corporation -> National Instruments Corporation)
S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation -> National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (National Instruments Corporation -> Macrovision Corporation)
S2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation -> National Instruments Corporation)
S2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177536 2014-06-19] (National Instruments Corporation -> National Instruments Corporation)
S2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2014-06-06] (National Instruments Corporation -> National Instruments Corporation)
S2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2014-06-10] (National Instruments Corporation -> National Instruments Corporation)
S2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [692040 2014-06-10] (National Instruments Corporation -> National Instruments Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.051.0317.0003\OneDriveUpdaterService.exe [3891536 2025-04-12] (Microsoft Corporation -> Microsoft Corporation)
R3 PDF Architect 9; C:\Program Files\PDF Architect 9\activation-service.exe [3421120 2025-02-14] (pdfforge GmbH -> Avanquest pdfforge GmbH)
S3 PDF Architect 9 Creator; C:\Program Files\PDF Architect 9\creator-ws.exe [509376 2025-02-14] (pdfforge GmbH -> Avanquest pdfforge GmbH)
S3 PDF Architect 9 Update Service; C:\Program Files\PDF Architect 9\update-service.exe [416192 2025-02-14] (pdfforge GmbH -> Avanquest pdfforge GmbH)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15953464 2025-04-01] (ADLICE -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 AAErrorPort; C:\Users\JM\AppData\Local\Temp\ActiveAnticheat\1223771\aaerrport.exe [X] <==== ATTENTION

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_5f2cd636dbc40dd2\amdfendrmgr.sys [25672 2024-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [33504 2024-07-11] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R2 AMDRyzenMasterDriverV20; C:\Windows\system32\AMDRyzenMasterDriver.sys [48328 2024-02-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_960126269e89c62e\amdsafd.sys [113880 2024-05-10] (Advanced Micro Devices -> Advanced Micro Devices)
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0403852.inf_amd64_63c1d613d771eff0\B400781\amdkmdag.sys [106387968 2024-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2025-04-13] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [20536 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [248376 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [393272 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [296528 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [84560 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgElam; C:\Windows\System32\drivers\avgElam.sys [28280 2024-11-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [37944 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [282680 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [553528 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [98872 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [69688 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [942672 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [1427512 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 avgStm; C:\Windows\System32\drivers\avgStm.sys [207440 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [391760 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2024-09-28] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [63696 2024-09-28] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2025-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
U3 AVG Business Console Client Antivirus Service; no ImagePath
U3 avgBcc; no ImagePath
U3 avgbdisk; no ImagePath
S3 PRProt; \??\C:\Users\JM\AppData\Local\Temp\ActiveAnticheat\1223771\active64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-04-13 17:12 - 2025-04-13 17:12 - 000000000 ____D C:\Users\JM\AppData\Roaming\Microsoft\MMC
2025-04-13 17:05 - 2025-04-13 17:09 - 000041514 _____ C:\Users\JM\Desktop\Addition.txt
2025-04-13 17:03 - 2025-04-13 18:30 - 000032278 _____ C:\Users\JM\Desktop\FRST.txt
2025-04-13 17:03 - 2025-04-13 18:30 - 000000000 ____D C:\FRST
2025-04-13 17:01 - 2025-04-13 17:00 - 002404864 _____ (Farbar) C:\Users\JM\Desktop\FRST64.exe
2025-04-13 17:00 - 2025-04-13 16:59 - 002097152 _____ (Farbar) C:\Users\JM\Desktop\FRST.exe
2025-04-13 15:18 - 2025-04-13 18:30 - 001955121 _____ C:\Windows\ZAM.krnl.trace
2025-04-13 15:18 - 2025-04-13 17:23 - 000002516 _____ C:\Windows\system32\Tasks\AMHelper
2025-04-13 15:18 - 2025-04-13 17:23 - 000002208 _____ C:\Windows\system32\Tasks\AMSkipUAC
2025-04-13 15:18 - 2025-04-13 15:18 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2025-04-13 15:18 - 2025-04-13 15:18 - 000001329 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2025-04-13 15:18 - 2025-04-13 15:18 - 000000000 ____D C:\Users\JM\AppData\Local\Zemana
2025-04-13 15:18 - 2025-04-13 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2025-04-13 15:18 - 2025-04-13 15:18 - 000000000 ____D C:\Program Files (x86)\Zemana
2025-04-13 15:17 - 2025-04-13 15:19 - 000000000 ____D C:\Users\JM\AppData\Local\AMSDK
2025-04-13 15:17 - 2025-04-13 15:17 - 013922376 _____ (Zemana Ltd. ) C:\Users\JM\Desktop\Zemana.AntiMalware.Setup.exe
2025-04-13 12:24 - 2025-04-13 12:24 - 000007764 _____ C:\Users\JM\Desktop\RK.txt
2025-04-13 12:06 - 2025-04-13 12:22 - 000000000 ____D C:\ProgramData\RogueKiller
2025-04-13 12:06 - 2025-04-13 12:06 - 000001223 _____ C:\Users\JM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adlice Protect.lnk
2025-04-13 12:06 - 2025-04-13 12:06 - 000000899 _____ C:\Users\Public\Desktop\Adlice Protect.lnk
2025-04-13 12:06 - 2025-04-13 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2025-04-13 12:06 - 2025-04-13 12:06 - 000000000 ____D C:\Program Files\RogueKiller
2025-04-13 12:05 - 2025-04-13 12:05 - 000000000 ____D C:\Users\JM\AppData\Local\pdfforge
2025-04-13 12:02 - 2025-04-13 12:02 - 051540232 _____ (Adlice Software ) C:\Users\JM\Desktop\RogueKiller_setup.exe
2025-04-13 00:49 - 2025-04-13 00:49 - 000000000 ____D C:\ProgramData\Sophos
2025-04-13 00:48 - 2025-04-13 00:48 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2025-04-13 00:48 - 2025-04-13 00:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2025-04-13 00:48 - 2025-04-13 00:48 - 000000000 ____D C:\Program Files (x86)\Sophos
2025-04-13 00:46 - 2025-04-13 00:46 - 185115928 _____ (Sophos Limited) C:\Users\JM\Desktop\Sophos Virus Removal Tool.exe
2025-04-12 21:41 - 2025-04-12 21:41 - 000001098 _____ C:\Users\JM\Desktop\JRT.txt
2025-04-12 21:37 - 2025-04-12 21:37 - 001790024 _____ (Malwarebytes) C:\Users\JM\Desktop\JRT.exe
2025-04-12 21:28 - 2025-04-12 21:28 - 000001235 _____ C:\Users\JM\Desktop\Malwarebytes Scan Report 2025-04-12 192624.txt
2025-04-12 21:15 - 2025-04-12 21:35 - 000000000 ____D C:\Users\JM\AppData\Local\Malwarebytes
2025-04-12 21:15 - 2025-04-12 21:15 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-04-12 21:15 - 2025-04-12 21:15 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-04-12 21:14 - 2025-04-12 21:14 - 002834160 _____ (Malwarebytes) C:\Users\JM\Desktop\MBSetup.exe
2025-04-12 21:14 - 2025-04-12 21:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-04-12 21:14 - 2025-04-12 21:14 - 000000000 ____D C:\Program Files\Malwarebytes
2025-04-12 21:06 - 2025-04-12 21:06 - 000001453 _____ C:\Users\JM\Desktop\AdwCleaner[S00].txt
2025-04-12 21:05 - 2025-04-12 21:11 - 000000000 ____D C:\AdwCleaner
2025-04-12 21:05 - 2025-04-12 21:04 - 009566696 _____ (Malwarebytes) C:\Users\JM\Desktop\AdwCleaner.exe
2025-04-12 21:02 - 2025-04-13 17:18 - 000009096 _____ C:\Users\JM\Desktop\pomoc hekri.txt
2025-04-12 20:57 - 2025-04-12 20:57 - 000000000 ____D C:\Users\JM\AppData\Roaming\addpcs
2025-04-12 12:51 - 2025-04-12 21:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-04-12 12:07 - 2025-04-12 12:07 - 000000000 ____D C:\inetpub
2025-04-12 12:06 - 2025-04-12 12:06 - 000316232 _____ (Gen Digital Inc.) C:\Windows\system32\avgBoot.exe
2025-04-09 11:22 - 2025-04-09 11:22 - 000000000 ___HD C:\$WinREAgent
2025-03-16 01:38 - 2025-03-16 01:38 - 000001282 _____ C:\Users\Public\Desktop\Heroes of Might and Magic 2 Gold.lnk
2025-03-16 01:38 - 2025-03-16 01:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic 2 Gold [GOG.com]
2025-03-16 01:37 - 2025-03-16 01:37 - 000000000 ____D C:\ProgramData\GOG.com
2025-03-16 01:02 - 2025-03-16 01:05 - 000000000 ____D C:\Users\JM\AppData\Local\Notepad

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-04-13 17:23 - 2025-02-06 21:44 - 000003070 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-322305931-481856066-2600299116-1001
2025-04-13 17:23 - 2024-10-12 22:26 - 000002502 _____ C:\Windows\system32\Tasks\NIUpdateServiceStartupTask
2025-04-13 17:23 - 2024-10-12 22:22 - 000003380 _____ C:\Windows\system32\Tasks\JKIUpdateTask
2025-04-13 17:23 - 2024-09-30 06:52 - 000002652 _____ C:\Windows\system32\Tasks\HPCustParticipation HP LaserJet MFP M28-M31
2025-04-13 17:23 - 2024-09-28 16:26 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2025-04-13 17:23 - 2024-09-28 14:36 - 000002716 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-04-13 17:23 - 2024-09-28 14:05 - 000003482 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2025-04-13 17:23 - 2024-09-28 10:30 - 000002514 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2025-04-13 17:23 - 2024-09-28 10:29 - 000002672 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate
2025-04-13 17:23 - 2024-09-28 10:29 - 000002506 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2025-04-13 17:23 - 2024-09-28 10:29 - 000002400 _____ C:\Windows\system32\Tasks\AMDRyzenMasterSDKTask
2025-04-13 17:23 - 2024-09-28 10:28 - 000002194 _____ C:\Windows\system32\Tasks\StartCN
2025-04-13 17:23 - 2024-09-28 10:28 - 000002114 _____ C:\Windows\system32\Tasks\StartDVR
2025-04-13 17:23 - 2024-09-28 10:23 - 000003062 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-322305931-481856066-2600299116-1001
2025-04-13 17:23 - 2024-09-28 09:53 - 000003568 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-04-13 17:23 - 2024-09-28 09:53 - 000003344 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-04-13 16:53 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-04-13 16:52 - 2024-09-28 09:53 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-04-13 15:10 - 2024-09-28 14:55 - 000000000 ____D C:\Program Files (x86)\Steam
2025-04-13 15:09 - 2024-11-06 09:08 - 000000000 ____D C:\ProgramData\boost_interprocess
2025-04-13 13:59 - 2024-09-28 15:51 - 000000000 ____D C:\Users\JM\AppData\Roaming\vlc
2025-04-13 12:08 - 2024-09-28 10:03 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-04-13 12:03 - 2024-10-04 21:59 - 000000000 ____D C:\Windows\SystemTemp
2025-04-13 12:00 - 2024-09-28 09:53 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-04-12 21:40 - 2024-10-20 14:39 - 000000000 ____D C:\Users\JM\AppData\Local\CrashDumps
2025-04-12 21:23 - 2024-09-28 10:24 - 000000000 ____D C:\Users\JM\AppData\Local\AMD_Common
2025-04-12 21:16 - 2024-09-28 10:03 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-04-12 21:16 - 2024-09-28 10:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-04-12 21:15 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2025-04-12 21:15 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2025-04-12 21:06 - 2024-09-28 10:00 - 001694140 _____ C:\Windows\system32\PerfStringBackup.INI
2025-04-12 21:06 - 2019-12-07 16:41 - 000717008 _____ C:\Windows\system32\perfh005.dat
2025-04-12 21:06 - 2019-12-07 16:41 - 000145186 _____ C:\Windows\system32\perfc005.dat
2025-04-12 21:00 - 2024-09-28 10:34 - 000000000 ____D C:\ProgramData\AVG
2025-04-12 21:00 - 2024-09-28 10:03 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2025-04-12 21:00 - 2024-09-28 09:53 - 000008192 ___SH C:\DumpStack.log.tmp
2025-04-12 21:00 - 2024-09-28 09:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-04-12 21:00 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2025-04-12 12:10 - 2024-09-28 10:35 - 000393272 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2025-04-12 12:09 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-04-12 12:09 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2025-04-12 12:08 - 2024-09-28 18:54 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-04-12 12:08 - 2024-09-28 09:53 - 000452392 _____ C:\Windows\system32\FNTCACHE.DAT
2025-04-12 12:07 - 2024-10-04 21:59 - 000000000 ____D C:\Windows\system32\compatrel
2025-04-12 12:07 - 2019-12-07 16:42 - 000000000 ____D C:\Windows\system32\OpenSSH
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2025-04-12 12:07 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2025-04-12 12:06 - 2024-09-28 10:35 - 001427512 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgSP.sys
2025-04-12 12:06 - 2024-09-28 10:35 - 000942672 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgSnx.sys
2025-04-12 12:06 - 2024-09-28 10:35 - 000553528 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgNetHub.sys
2025-04-12 12:06 - 2024-09-28 10:35 - 000391760 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgVmm.sys
2025-04-12 12:06 - 2024-09-28 10:35 - 000296528 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgbidsh.sys
2025-04-12 12:06 - 2024-09-28 10:35 - 000282680 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgMonFlt.sys
2025-04-12 12:06 - 2024-09-28 10:35 - 000248376 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgArPot.sys
2025-04-12 12:06 - 2024-09-28 10:35 - 000098872 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgRdr2.sys
2025-04-12 12:06 - 2024-09-28 10:35 - 000084560 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgbuniv.sys
2025-04-12 12:06 - 2024-09-28 10:35 - 000069688 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgRvrt.sys
2025-04-12 12:06 - 2024-09-28 10:35 - 000037944 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgKbd.sys
2025-04-12 12:06 - 2024-09-28 10:35 - 000020536 _____ (Gen Digital Inc.) C:\Windows\system32\Drivers\avgArDisk.sys
2025-04-12 12:06 - 2024-09-28 10:35 - 000000000 ____D C:\Windows\system32\Tasks\AVG
2025-04-12 09:54 - 2024-09-28 14:36 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-04-12 09:53 - 2024-09-28 10:33 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-04-12 09:53 - 2024-09-28 10:33 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-04-10 12:33 - 2024-09-28 10:04 - 000000000 ____D C:\Users\JM\AppData\Local\D3DSCache
2025-04-09 11:34 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2025-04-09 11:29 - 2024-09-28 09:57 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-04-09 11:21 - 2024-09-30 16:51 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2025-04-09 09:41 - 2024-09-28 10:36 - 000000000 ____D C:\Users\JM\AppData\Local\AVG
2025-04-09 09:21 - 2024-09-28 15:36 - 000000000 ____D C:\Users\JM\AppData\Roaming\Microsoft\Šablony
2025-04-08 09:19 - 2024-09-28 10:36 - 000002321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk
2025-04-08 09:19 - 2024-09-28 10:36 - 000002286 _____ C:\Users\Public\Desktop\AVG Secure Browser.lnk
2025-04-05 19:39 - 2024-10-26 12:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2025-03-31 13:04 - 2024-10-05 09:48 - 000000000 ____D C:\Program Files\RUXIM
2025-03-21 20:20 - 2024-09-28 14:04 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-03-21 20:20 - 2024-09-28 14:04 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2025-03-16 17:51 - 2024-09-28 10:04 - 000000000 ____D C:\Users\JM\AppData\Local\AMD
2025-03-16 05:54 - 2024-12-08 21:24 - 000000260 _____ C:\Users\JM\Desktop\pamatky praha.txt
2025-03-16 01:03 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2025-03-14 10:23 - 2024-09-28 16:28 - 000000000 ____D C:\Users\JM\AppData\Roaming\Awesomium

==================== Files in the root of some directories ========

2024-09-28 10:36 - 2024-09-28 10:36 - 000000000 _____ () C:\Program Files\AVGBrowser_installer.log
2024-09-28 10:33 - 2024-10-04 19:05 - 000104581 _____ () C:\Program Files\chrome_installer.log
2024-09-28 10:03 - 2024-10-04 19:05 - 000122701 _____ () C:\Program Files\msedge_installer.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Nahoru
Jiri.Met.19!8
nováček
Příspěvky: 20
Registrován: duben 25
Pohlaví: Nespecifikováno

Re: Prosba Kontrola Logu

Příspěvekod Jiri.Met.19!8 » 13 dub 2025 18:34

omlouvám se jsem půlku smazal provedl jsem ho znova
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43248
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosba Kontrola Logu

Příspěvekod jaro3 » 13 dub 2025 19:59

OK.

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\.scr: EAGLESCR => "c:\EAGLE 9.6.2\eagle.exe" -C "" "%1" <==== ATTENTION
FirewallRules: [{B610F576-B851-46CA-92C6-77232C6A6CF6}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe => No File
FirewallRules: [{B724D33D-CDCC-4EE8-99CE-72CF3B9D2488}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe => No File
FirewallRules: [{2FEC413E-50FD-40C7-951F-F747AF249073}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe => No File
FirewallRules: [{2EA30DA3-711D-4C68-9513-A5C24524FD15}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-322305931-481856066-2600299116-1001\...\MountPoints2: {f8c3eb91-7d6e-11ef-af54-309c239de035} - "G:\setup.EXE" /AUTORUN
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3EB9F125-42D3-4B15-8D4D-FF8D4BF5F9FE} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7115.0{C649A2AB-85F9-40E8-8DBD-7A6D43FCC6DB} => C:\Program Files (x86)\Google\GoogleUpdater\137.0.7115.0\updater.exe [7360096 2025-04-08] (Google LLC -> Google LLC)
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [achogidmbhmofkmpgamphmlebdhgkdhc]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
S3 AAErrorPort; C:\Users\JM\AppData\Local\Temp\ActiveAnticheat\1223771\aaerrport.exe [X] <==== ATTENTION
U3 avgBcc; no ImagePath
U3 avgbdisk; no ImagePath
S3 PRProt; \??\C:\Users\JM\AppData\Local\Temp\ActiveAnticheat\1223771\active64.sys [X] <==== ATTENTION
C:\Windows\system32\Tasks\AVAST Software

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

To AVG tak zaprasí počítač, že to není možný. Měl jsem ho jednou. Několik hodin jsem ho musel čistit. A to jsem předtím použil RevoUninstaller.
Pak napiš co problémy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Jiri.Met.19!8
nováček
Příspěvky: 20
Registrován: duben 25
Pohlaví: Nespecifikováno

Re: Prosba Kontrola Logu

Příspěvekod Jiri.Met.19!8 » 13 dub 2025 20:17

tady to je. musel jsem vypnout AVG a vyžadoval restart. Kamoš mi ho doporučil dříve jsem použival avast

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-04-2025
Ran by JM (13-04-2025 20:11:57) Run:1
Running from C:\Users\JM\Desktop
Loaded Profiles: JM
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\.scr: EAGLESCR => "c:\EAGLE 9.6.2\eagle.exe" -C "" "%1" <==== ATTENTION
FirewallRules: [{B610F576-B851-46CA-92C6-77232C6A6CF6}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe => No File
FirewallRules: [{B724D33D-CDCC-4EE8-99CE-72CF3B9D2488}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe => No File
FirewallRules: [{2FEC413E-50FD-40C7-951F-F747AF249073}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe => No File
FirewallRules: [{2EA30DA3-711D-4C68-9513-A5C24524FD15}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-322305931-481856066-2600299116-1001\...\MountPoints2: {f8c3eb91-7d6e-11ef-af54-309c239de035} - "G:\setup.EXE" /AUTORUN
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3EB9F125-42D3-4B15-8D4D-FF8D4BF5F9FE} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7115.0{C649A2AB-85F9-40E8-8DBD-7A6D43FCC6DB} => C:\Program Files (x86)\Google\GoogleUpdater\137.0.7115.0\updater.exe [7360096 2025-04-08] (Google LLC -> Google LLC)
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [achogidmbhmofkmpgamphmlebdhgkdhc]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
S3 AAErrorPort; C:\Users\JM\AppData\Local\Temp\ActiveAnticheat\1223771\aaerrport.exe [X] <==== ATTENTION
U3 avgBcc; no ImagePath
U3 avgbdisk; no ImagePath
S3 PRProt; \??\C:\Users\JM\AppData\Local\Temp\ActiveAnticheat\1223771\active64.sys [X] <==== ATTENTION
C:\Windows\system32\Tasks\AVAST Software

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\.scr\\"Default"="scrfile" => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B610F576-B851-46CA-92C6-77232C6A6CF6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B724D33D-CDCC-4EE8-99CE-72CF3B9D2488}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2FEC413E-50FD-40C7-951F-F747AF249073}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EA30DA3-711D-4C68-9513-A5C24524FD15}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKU\S-1-5-21-322305931-481856066-2600299116-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c3eb91-7d6e-11ef-af54-309c239de035} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3EB9F125-42D3-4B15-8D4D-FF8D4BF5F9FE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EB9F125-42D3-4B15-8D4D-FF8D4BF5F9FE}" => removed successfully
C:\Windows\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7115.0{C649A2AB-85F9-40E8-8DBD-7A6D43FCC6DB} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7115.0{C649A2AB-85F9-40E8-8DBD-7A6D43FCC6DB}" => removed successfully
HKLM\SOFTWARE\Microsoft\Edge\Extensions\bojobppfploabceghnmlahpoonbcbacn => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Edge\Extensions\bojobppfploabceghnmlahpoonbcbacn => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ihcjicgdanjaechkgeegckofjjedodee => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\achogidmbhmofkmpgamphmlebdhgkdhc => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihcjicgdanjaechkgeegckofjjedodee => removed successfully
HKLM\System\CurrentControlSet\Services\AAErrorPort => removed successfully
AAErrorPort => service removed successfully
HKLM\System\CurrentControlSet\Services\avgBcc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbdisk => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\PRProt => removed successfully
PRProt => service removed successfully

"C:\Windows\system32\Tasks\AVAST Software" Folder move:

C:\Windows\system32\Tasks\AVAST Software => moved successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 194502705 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 58306822 B
Windows/system/drivers => 4513692 B
Edge => 0 B
Chrome => 491406774 B
Firefox => 375221144 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 2077374 B
systemprofile32 => 2077374 B
LocalService => 2224424 B
NetworkService => 2226306 B
JM => 37794423 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-04-2025 20:13:17)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\avgBcc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbdisk => could not remove, key could be protected

==== End of Fixlog 20:13:17 ====
Nahoru

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 37 hostů