Dobrý den,
při otevření Chrome vyskakují okna se spamamem a odkazem na ru stranky.
Niže uvádím log z FRST
Děkuji za pomoc
J.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2023
Ran by adaby (administrator) on LAPTOP-RA2OT22C (HP HP Laptop 15s-eq1xxx) (24-10-2023 10:15:51)
Running from C:\Users\adaby\Downloads\FRST64.exe
Loaded Profiles: adaby
Platform: Microsoft Windows 11 Home Version 22H2 22621.2428 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(DriverStore\FileRepository\hpanalyticscomp.inf_amd64_43e3600968234e87\x64\TouchpointAnalyticsClientService.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_43e3600968234e87\x64\TouchpointGpuInfo.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\BridgeCommunication.exe <3>
(DriverStore\FileRepository\u0387389.inf_amd64_995be970e30b8c79\B385477\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0387389.inf_amd64_995be970e30b8c79\B385477\atieclxx.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.39.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_dd4cb97d217df0bc\RtkAudUService64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <33>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\adaby\AppData\Local\Microsoft\OneDrive\23.209.1008.0002\Microsoft.SharePoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\adaby\AppData\Local\Microsoft\Teams\current\Teams.exe <8>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0387389.inf_amd64_995be970e30b8c79\B385477\atiesrxx.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_43e3600968234e87\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\SysInfoCap.exe
(services.exe ->) (JBL) [File not signed] C:\Program Files\JBL\QuantumENGINE\QuantumService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0c755fff65745edd\RtkAudUService64.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(sihost.exe ->) (649690DD-9BE8-48E7-8019-88DCA877AF4E -> McAfee, LLC) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
(svchost.exe ->) (649690DD-9BE8-48E7-8019-88DCA877AF4E -> McAfee LLC) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6\HP.JumpStarts.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\adaby\AppData\Local\Microsoft\OneDrive\23.209.1008.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0c755fff65745edd\RtkAudUService64.exe [1923384 2023-09-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [255896 2023-10-09] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [538160 2023-10-01] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\adaby\AppData\Local\Microsoft\Teams\Update.exe [2589872 2023-10-19] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\Run: [MicrosoftEdgeAutoLaunch_CE2DEBDBE6E6B6A71C4C548BB63EEA28] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4187176 2023-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-497818822-1726466583-137005623-1007\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [538160 2023-10-01] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\118.0.5993.89\Installer\chrmstp.exe [2023-10-20] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {BDBA97A7-BFC3-44A2-AF9B-15834DD8612D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {865FD787-2EF1-4A3D-8B14-8FB03C903046} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5135256 2023-10-09] (Avast Software s.r.o. -> AVAST Software)
Task: {FCE8F0E0-AE2D-4736-8112-1A987E0D24CE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-23] (Avast Software s.r.o. -> Avast Software)
Task: {4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {CA1AACC1-7471-4C0F-8282-A7C8B4F145B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {415F086C-CCD1-4056-BAF7-8E7659BF4C1A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2023-09-15] (HP Inc. -> HP Inc.)
Task: {F78FF70E-17B7-4C9C-863C-BFA125E1014F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-09-15] (HP Inc. -> HP Inc.)
Task: {99A4DF0D-48EB-4DA6-81AF-E427ECB55707} - System32\Tasks\HP\Consent Manager Launcher => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {BF28CF03-286B-45E4-BC53-BD9BFDCEF1B3} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {511FC79E-0A7F-418F-BB69-7C91CB95DBBD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26977976 2023-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {7B8FB049-08DC-4E80-8FBE-7046A74A5C26} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26977976 2023-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {5BC47B5A-F3B5-49EE-B479-56F4BB41F4DC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [160736 2023-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE6A99F5-DF7E-4C35-A90D-1633C8B58654} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [160736 2023-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {CFFD907C-416B-4812-AF9D-0330E6314905} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169136 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {EAF50981-BC0C-47B5-9943-953BC02381EC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [988256 2023-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {21AE26CF-E13B-4D61-AD1C-6A0F631E6DC2} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\WINDOWS\system32\UCPDMgr.exe [58880 2023-09-13] (Microsoft Windows -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {BD67FDCD-7473-4347-A050-21158A335AC1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {779B1E95-A823-452E-9EC2-0AF8EA5EA7BD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {EF1FC437-9079-44F3-A7BD-1886976D8183} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {2F5C0470-4EE7-46DB-9043-46A954B607D7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{19a5b0f0-23f4-437d-8826-ab74a5f5f8f0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d8dd2612-eec9-4760-86e1-2d07ded42d71}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Profile: C:\Users\adaby\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-24]
Edge Extension: (Dokumenty Google offline) - C:\Users\adaby\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-09]
Edge Extension: (Edge relevant text changes) - C:\Users\adaby\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-09]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-10-09] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Default [2023-10-24]
CHR Notifications: Default -> hxxps://bankfs.ru; hxxps://www.eobuv.cz; hxxps://www.facebook.com
CHR Extension: (Dokumenty Google offline) - C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Profile: C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-04-23]
CHR Profile: C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-10-18]
CHR Notifications: Profile 1 -> hxxps://mail.google.com
CHR Extension: (Dokumenty Google offline) - C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-19]
CHR Profile: C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-06]
CHR Profile: C:\Users\adaby\AppData\Local\Google\Chrome\User Data\System Profile [2023-10-22]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [9090968 2023-10-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [776088 2023-10-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2304920 2023-10-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [796568 2023-10-09] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-20] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12860928 2023-10-07] (Microsoft Corporation -> Microsoft Corporation)
S3 CloudBackupRestoreSvc; C:\WINDOWS\System32\CloudRestoreLauncher.dll [1261568 2023-10-11] (Microsoft Windows -> Microsoft Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\AppHelperCap.exe [888272 2023-08-29] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\DiagsCap.exe [886736 2023-08-29] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\NetworkCap.exe [883152 2023-08-29] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\SysInfoCap.exe [886840 2023-08-29] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_43e3600968234e87\x64\TouchpointAnalyticsClientService.exe [497744 2023-08-02] (HP Inc. -> HP Inc.)
R2 QuantumService; C:\Program Files\JBL\QuantumENGINE\QuantumService.exe [1281536 2021-03-15] (JBL) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2909208 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [54776 2023-01-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0387389.inf_amd64_995be970e30b8c79\B385477\amdkmdag.sys [94633328 2023-01-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [127936 2019-07-02] (Alcorlink Corp. -> )
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31528 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [240176 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [392984 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297992 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [96064 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-10-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39760 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [275168 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [559696 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80416 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [950696 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [708048 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [213192 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [319560 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2022-11-28] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-11-28] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218464 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
S3 HarmanAudioService; C:\WINDOWS\System32\drivers\HarmanFilter.sys [42192 2021-03-15] (Harman International Industries, Inc -> Harman International)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
S4 UCPD; C:\WINDOWS\System32\drivers\UCPD.sys [29184 2023-09-13] (Microsoft Windows -> Microsoft Corporation)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2022-05-07] (Microsoft Windows -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [48536 2022-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [438544 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [90384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three months (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-10-24 10:15 - 2023-10-24 10:16 - 000024539 _____ C:\Users\adaby\Downloads\FRST.txt
2023-10-24 10:15 - 2023-10-24 10:16 - 000000000 ____D C:\FRST
2023-10-24 10:15 - 2023-10-24 10:15 - 002383360 _____ (Farbar) C:\Users\adaby\Downloads\FRST64.exe
2023-10-18 19:26 - 2023-10-18 19:26 - 003573760 _____ C:\Users\adaby\Downloads\Obyvatelstvo Evropy.ppt
2023-10-18 19:26 - 2023-10-18 19:26 - 003573760 _____ C:\Users\adaby\Downloads\Obyvatelstvo Evropy (1).ppt
2023-10-13 21:53 - 2023-10-13 21:53 - 004735160 _____ C:\Users\adaby\Downloads\letak_horackova_lamino.pdf
2023-10-13 11:40 - 2023-10-19 16:29 - 000002421 _____ C:\Users\adaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams classic (work or school).lnk
2023-10-12 18:19 - 2023-10-12 18:19 - 000726632 _____ C:\WINDOWS\system32\perfh005.dat
2023-10-12 18:19 - 2023-10-12 18:19 - 000160898 _____ C:\WINDOWS\system32\perfc005.dat
2023-10-12 16:24 - 2023-10-12 16:24 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2023-10-11 18:39 - 2023-10-11 18:39 - 000060462 _____ C:\WINDOWS\SysWOW64\ctac.json
2023-10-11 18:38 - 2023-10-11 18:38 - 000060462 _____ C:\WINDOWS\system32\ctac.json
2023-10-11 18:38 - 2023-10-11 18:38 - 000016239 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2023-10-11 18:31 - 2023-10-11 18:35 - 000000000 ___HD C:\$WinREAgent
2023-10-09 19:38 - 2023-10-09 19:38 - 000313240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-10-04 20:26 - 2023-10-04 20:26 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-09-12 19:37 - 2023-09-12 19:37 - 001015808 _____ C:\Users\adaby\Downloads\2360-ekologie-ekosystem-prirozeny-a-umely.ppt
2023-09-05 17:32 - 2023-09-05 17:32 - 000019781 _____ C:\Users\adaby\Downloads\Seznam 0LA červen23 (1).xlsx
2023-09-03 20:15 - 2023-09-03 20:15 - 000012465 _____ C:\Users\adaby\Downloads\Rozvrh_HN_a_HS_Botevova_A12__šk._rok_2023-24_nástin.xlsx
==================== Three months (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-10-24 10:14 - 2020-09-18 19:39 - 000000000 ____D C:\Users\adaby\AppData\Local\D3DSCache
2023-10-24 10:08 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-10-24 10:08 - 2020-09-18 19:47 - 000000000 ____D C:\Program Files (x86)\Google
2023-10-24 09:30 - 2020-09-18 21:12 - 000000000 ____D C:\Users\adaby\AppData\Roaming\Microsoft\Teams
2023-10-24 09:18 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-24 00:26 - 2022-11-28 23:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-10-23 16:46 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF
2023-10-23 15:42 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-23 15:42 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-10-22 17:28 - 2020-09-20 09:33 - 000000000 ____D C:\Users\adaby\AppData\Roaming\Microsoft\PowerPoint
2023-10-22 15:10 - 2020-09-18 21:05 - 000000000 ____D C:\Users\adaby\AppData\Roaming\Microsoft\Word
2023-10-22 10:47 - 2022-11-29 00:08 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-10-22 10:47 - 2022-11-29 00:08 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-10-22 10:47 - 2022-11-29 00:08 - 000003410 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-10-22 10:47 - 2022-11-29 00:08 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-10-22 10:47 - 2022-11-29 00:08 - 000003186 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-10-22 10:47 - 2022-11-29 00:08 - 000003058 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-497818822-1726466583-137005623-1007
2023-10-22 10:47 - 2022-11-29 00:08 - 000003058 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-497818822-1726466583-137005623-1001
2023-10-22 10:47 - 2022-11-29 00:08 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-497818822-1726466583-137005623-1007
2023-10-22 10:47 - 2022-11-29 00:08 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-497818822-1726466583-137005623-1001
2023-10-22 10:47 - 2022-11-29 00:08 - 000002848 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-497818822-1726466583-137005623-500
2023-10-22 10:47 - 2022-11-29 00:08 - 000002766 _____ C:\WINDOWS\system32\Tasks\HPAudioSwitch
2023-10-22 10:47 - 2022-11-29 00:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-10-22 10:23 - 2020-10-05 18:42 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-21 13:22 - 2020-09-18 19:42 - 000000000 ___RD C:\Users\adaby\OneDrive
2023-10-20 21:15 - 2021-03-31 14:16 - 000002384 _____ C:\Users\adaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-10-20 21:03 - 2022-10-12 19:26 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-10-20 21:03 - 2020-09-18 19:35 - 000000000 ____D C:\Users\adaby\AppData\Local\Packages
2023-10-20 20:57 - 2020-09-18 19:48 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-10-17 17:23 - 2022-11-29 00:08 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-10-14 17:30 - 2020-01-13 15:01 - 000000000 ____D C:\Program Files\Microsoft Office
2023-10-13 21:48 - 2020-09-18 21:05 - 000000000 ____D C:\Users\adaby\AppData\Roaming\Microsoft\Excel
2023-10-13 21:39 - 2021-02-07 12:11 - 000000000 ____D C:\Users\adaby\AppData\Local\CrashDumps
2023-10-12 18:19 - 2022-11-29 00:09 - 001733372 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-10-12 18:17 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-10-12 16:26 - 2020-12-09 22:30 - 000000000 ____D C:\ProgramData\Avast Software
2023-10-12 16:25 - 2022-11-29 00:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-10-12 16:25 - 2022-11-28 23:59 - 000589896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-10-12 16:25 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-10-12 16:25 - 2022-05-07 07:17 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2023-10-12 16:25 - 2021-03-31 14:15 - 000012288 ___SH C:\DumpStack.log.tmp
2023-10-12 16:24 - 2022-11-28 23:44 - 000000000 ____D C:\WINDOWS\HoloShell
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\system32\lxss
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\UUS
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-10-11 18:44 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-10-11 18:39 - 2022-11-29 00:00 - 003210752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-10-11 18:23 - 2020-09-18 20:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-10-11 18:17 - 2020-09-18 20:19 - 181553176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-10-10 20:14 - 2020-04-10 21:54 - 000000000 ____D C:\ProgramData\Packages
2023-10-09 19:38 - 2023-02-16 03:47 - 000031528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2023-10-09 19:38 - 2022-05-07 07:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-10-09 19:38 - 2020-12-09 22:32 - 000950696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000708048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000559696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000392984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000319560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000297992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000275168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000240176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000105248 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000096064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000080416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000039760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2023-10-09 17:27 - 2020-09-19 10:26 - 000000000 ____D C:\Users\adaby\AppData\Local\HP
2023-10-09 17:26 - 2022-11-29 00:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
==================== Files in the root of some directories ========
2020-11-03 19:59 - 2021-01-14 19:44 - 000000220 _____ () C:\Users\adaby\AppData\Roaming\debug.log
==================== SigCheckExt =========================
2020-10-06 10:09 - 2020-10-06 10:09 - 001300353 _____ C:\WINDOWS\unins000.exe
2020-10-06 10:11 - 2020-10-06 10:11 - 001447178 _____ (Igor Pavlov) C:\Users\adaby\Downloads\7z1900-x64.exe
2023-10-24 10:15 - 2023-10-24 10:15 - 002383360 _____ (Farbar) C:\Users\adaby\Downloads\FRST64.exe
2020-12-19 19:04 - 2020-12-19 19:04 - 004411156 _____ C:\Users\adaby\Downloads\VlcTorrentStreamerPlugin_3.0.8.exe
2022-08-01 13:12 - 2022-08-01 13:12 - 001575742 _____ (Igor Pavlov) C:\Users\astro\Downloads\7z2201-x64.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{77332e58-7b64-11ea-8172-806e6f6e6963}
{d6b6c758-7bae-11ea-9b5f-00e04c68bc89}
timeout 0
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {e0cf2e87-6f67-11ed-92cd-ac38ac282f85}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Firmware Application (101fffff)
-------------------------------
identifier {77332e58-7b64-11ea-8172-806e6f6e6963}
device partition=\Device\HarddiskVolume1
description Internal Hard Disk
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {d6b6c758-7bae-11ea-9b5f-00e04c68bc89}
description USB Drive (UEFI)
badmemoryaccess Yes
Windows Boot Loader
-------------------
identifier {165eacb7-9223-11eb-82c7-cca5d75265a5}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{165eacb8-9223-11eb-82c7-cca5d75265a5}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale cs-CZ
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{165eacb8-9223-11eb-82c7-cca5d75265a5}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 11
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {e0cf2e89-6f67-11ed-92cd-ac38ac282f85}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {e0cf2e87-6f67-11ed-92cd-ac38ac282f85}
nx OptOut
bootmenupolicy Standard
hypervisorlaunchtype Auto
Windows Boot Loader
-------------------
identifier {e0cf2e89-6f67-11ed-92cd-ac38ac282f85}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{e0cf2e8a-6f67-11ed-92cd-ac38ac282f85}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale cs-CZ
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{e0cf2e8a-6f67-11ed-92cd-ac38ac282f85}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {e0cf2e87-6f67-11ed-92cd-ac38ac282f85}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
recoverysequence {e0cf2e89-6f67-11ed-92cd-ac38ac282f85}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
custom:21000026 partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Diagnostika paměti systému Windows
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {e0cf2e8a-6f67-11ed-92cd-ac38ac282f85}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== End of FRST.txt ========================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118292
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome
zDRAVÍM!
spusťte tuto utilitu:
spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome
Dobrý den, zasílám vypis z logu AdwCleaner
J.
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-24-2023
# Duration: 00:00:10
# OS: Windows 11 (Build 22621.2428)
# Scanned: 32109
# Detected: 21
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF28CF03-286B-45E4-BC53-BD9BFDCEF1B3}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKU\S-1-5-21-497818822-1726466583-137005623-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKU\S-1-5-21-497818822-1726466583-137005623-1007\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\adaby\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
J.
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-24-2023
# Duration: 00:00:10
# OS: Windows 11 (Build 22621.2428)
# Scanned: 32109
# Detected: 21
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF28CF03-286B-45E4-BC53-BD9BFDCEF1B3}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKU\S-1-5-21-497818822-1726466583-137005623-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKU\S-1-5-21-497818822-1726466583-137005623-1007\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\adaby\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118292
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome
Toto je Ok. Preinstalled jsou jen utility od HP. Potřebuji ještě vidět log Addition. měl by být v C:\Users\adaby\Downloads .Děkuji
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome
Dobrý den, přikládám.
j.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by adaby (24-10-2023 10:18:13)
Running from C:\Users\adaby\Downloads
Microsoft Windows 11 Home Version 22H2 22621.2428 (X64) (2022-11-29 17:35:59)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
adaby (S-1-5-21-497818822-1726466583-137005623-1001 - Administrator - Enabled) => C:\Users\adaby
Administrator (S-1-5-21-497818822-1726466583-137005623-500 - Administrator - Disabled)
astro (S-1-5-21-497818822-1726466583-137005623-1007 - Administrator - Enabled) => C:\Users\astro
DefaultAccount (S-1-5-21-497818822-1726466583-137005623-503 - Limited - Disabled)
Guest (S-1-5-21-497818822-1726466583-137005623-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-497818822-1726466583-137005623-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 22.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2200-000001000000}) (Version: 22.00.00.0 - Igor Pavlov)
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.006.20360 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 23.9.6082 - Avast Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 118.0.5993.89 - Google LLC)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP USB-C Universal Dock (HKLM-x32\...\{98949D53-EC91-4ED0-A330-6E2BAEDFBD4E}_is1) (Version: 1.16.9 - HP)
JBL QuantumENGINE (HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\{35cdeb83-57d1-4692-8264-7b93565f24aa}) (Version: 1.6.0.1053 - JBL)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.16827.20166 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16827.20166 - Microsoft Corporation)
Microsoft 365 - sk-sk (HKLM\...\O365HomePremRetail - sk-sk) (Version: 16.0.16827.20166 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 118.0.2088.61 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 118.0.2088.61 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\OneDriveSetup.exe) (Version: 23.209.1008.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-497818822-1726466583-137005623-1007\...\OneDriveSetup.exe) (Version: 23.142.0709.0001 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\Teams) (Version: 1.6.00.28557 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.23.27002 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.23.207.2018 - Realtek)
R-Link 2 Toolbox (HKU\S-1-5-21-497818822-1726466583-137005623-1007\...\{R-Link 2 Toolbox}}_is1) (Version: 2.1.0 - Renault)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\ZoomUMX) (Version: 5.8.3 (1581) - Zoom Video Communications, Inc.)
Packages:
=========
5A894077.McAfeeSecurity -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2023-09-22] (McAfee LLC.)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-10-20] ()
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2022-11-26] (Amazon.com)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.40031.0_x64__0a9344xs7nr4m [2022-11-30] (Advanced Micro Devices Inc.) [Startup Task]
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2023-01-03] (Advanced Micro Devices Inc.)
Bakaláři – oficiální aplikace -> C:\Program Files\WindowsApps\40325JJones.Bakali_2.2.16.0_x64__gq7k0ca1wra62 [2023-09-06] (JJones)
Booking.com EMEA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comEMEABigsavingso_2.0.5.0_x64__mgae2k3ys4ra0 [2023-09-06] (Priceline Partner Network)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-25] (Microsoft Corporation)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-10] (Microsoft Corporation)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.20.0_x64__xbfy0k16fey96 [2023-09-10] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2022-10-16] (HP Inc.)
Fishdom -> C:\Program Files\WindowsApps\PLRWorldwideSales.FishdomPlayrix_7.6.2.0_x64__1feq88045d2v2 [2023-10-18] (Playrix)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.44.301.0_x64__v10z8vjag6ke6 [2023-10-23] (HP Inc.)
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6 [2023-09-05] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.4.0.0_x64__v10z8vjag6ke6 [2023-10-21] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2023-09-06] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_149.1.1056.0_x64__v10z8vjag6ke6 [2023-09-10] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.30.18.0_x64__v10z8vjag6ke6 [2023-09-26] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.39.0_x64__v10z8vjag6ke6 [2023-10-09] (HP Inc.)
Matchland - Build your Theme Park -> C:\Program Files\WindowsApps\DTeamStudio.Matchland-BuildyourThemePark_1.10.97.0_x64__d1ksdwd7kq768 [2023-09-06] (Plazma)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2310.10002.0_x64__8wekyb3d8bbwe [2023-10-12] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Corp.)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23272.2707.2453.769_x64__8wekyb3d8bbwe [2023-10-20] (Microsoft) [Startup Task]
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-10-12] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2023-09-06] (Random Salad Games LLC)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10160.0_x64__8wekyb3d8bbwe [2023-10-18] (Microsoft Studios) [MS Ad]
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2023-10-20] (Bytedance Pte. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2023-10-20] (Twitter Inc.)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2341.3.0_x64__cv1g1gvanyjgm [2023-10-22] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-10-12] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\adaby\AppData\Local\Microsoft\TeamsMeetingAddin\1.23.27002\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\adaby\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\adaby\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-03-15 09:28 - 2021-03-15 09:28 - 000529408 _____ () [File not signed] C:\Program Files\JBL\QuantumENGINE\FreespaceDeviceProvider.dll
2021-03-15 09:28 - 2021-03-15 09:28 - 000038912 _____ () [File not signed] C:\Program Files\JBL\QuantumENGINE\quantumcrashhandler.dll
2021-03-15 09:28 - 2021-03-15 09:28 - 000633856 _____ () [File not signed] C:\Program Files\JBL\QuantumENGINE\QuantumDeviceProvider.dll
2023-09-14 19:32 - 2023-09-14 19:32 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\f5836eea869011d9f6291cf9b7052643\Interop.IWshRuntimeLibrary.ni.dll
2023-09-14 19:32 - 2023-09-14 19:32 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\2291c400342bb064ac70d3f43f4350d0\Hardcodet.Wpf.TaskbarNotification.ni.dll
2023-09-14 19:32 - 2023-09-14 19:32 - 001701376 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\812bfcdb6de89f4e84e286670a1fecae\NAudio.ni.dll
2023-10-13 10:15 - 2023-10-13 10:15 - 003062272 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\42169599bfe84f556899f55e1a8cb8a7\Newtonsoft.Json.ni.dll
2023-10-13 10:15 - 2023-10-13 10:15 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\1c57748b3b2fd11cd905689020edb288\log4net.ni.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM -> {7894A00B-61EF-4C60-8032-D98189E69671} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {7894A00B-61EF-4C60-8032-D98189E69671} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-497818822-1726466583-137005623-1001 -> {7894A00B-61EF-4C60-8032-D98189E69671} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-09-15] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-09-15] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\sharepoint.com -> hxxps://vos5kvetna-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 06:49 - 2021-03-31 13:26 - 000001058 _____ C:\WINDOWS\system32\drivers\etc\hosts
192.168.0.113 host.docker.internal
192.168.0.113 gateway.docker.internal
127.0.0.1 kubernetes.docker.internal
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-497818822-1726466583-137005623-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-497818822-1726466583-137005623-1007\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{C6E6CCD2-DD75-459A-B1F5-7410A180A6A3}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{2BB395BA-D3D5-4F3F-8F2B-BC901495D25A}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [UDP Query User{77F0CBF1-4B06-45A0-B50F-A850891A7A67}C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7B6F6987-95F0-4284-9711-E9B9A999641C}C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{9D4362AE-2ABB-4D9B-8E8F-0BEB5C8EF341}C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C10ADE7E-7947-4309-9EC0-01DF657B6AE5}C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C2E30EC-66C5-4F36-ACB0-F2603B960DBB}] => (Allow) C:\Users\adaby\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FFB944F5-DF9E-4CC8-BFB0-497CCA380B07}] => (Allow) C:\Users\adaby\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9EB56AB1-C747-4744-B7B1-786736DFFD7D}] => (Allow) C:\Users\adaby\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{96C30111-05A7-469D-9C05-AF28FF478C8D}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8216BE11-1414-4748-B7BD-EC9DA97739AE}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{157FD241-1A84-4661-8A01-C01C2A19FED4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{20A467D0-0F33-4D49-9655-157F4BB0387B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23182.305.2227.4931_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5817AFE-73F3-4D0C-A9AA-C2B328D90049}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23182.305.2227.4931_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{73836157-818D-4821-8C21-FF9731CFAF1F}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23272.2707.2453.769_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{39EE5A1B-BDE7-4D38-8886-CB0C30CF38B6}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23272.2707.2453.769_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C97A79EE-A8C4-4A87-A543-F67CCFA0F00D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0464334C-B560-485C-AF8D-26A180B6D119}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDD5AE07-973A-4EBC-8B2D-7CD7E8CFCF92}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FC6D2244-5819-4D84-8FD3-E9691ACE74E6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1320E78D-F186-449F-AB0C-67A87EE56E49}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CA722CEB-C0F8-4848-8CC3-3B5D79A762F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
17-10-2023 17:24:24 Windows Update
21-10-2023 13:35:41 Windows Update
21-10-2023 13:36:00 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (10/13/2023 09:39:40 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-RA2OT22C)
Description: Název chybující aplikace: bad_module_info, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007ff6c95c3d4b
ID chybujícího procesu: 0x0x2de8
Čas spuštění chybující aplikace: 0x0x1d9fe0cf926e796
Cesta k chybující aplikaci: bad_module_info
Cesta k chybujícímu modulu: unknown
ID zprávy: f945b71e-4199-44ec-9482-efdd839eb837
Úplný název chybujícího balíčku: MSTeams_23257.2620.2442.7817_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MSTeams.Update
Error: (10/12/2023 04:26:03 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 12 Oct 2023 14:26:06 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: ad12ac44-42e7-4453-a99c-0d4d60f062bb
Metoda: GET(547ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (10/10/2023 01:31:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 10 Oct 2023 11:31:20 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 20b95225-4d87-4791-99a6-c6d4c70c7808
Metoda: GET(953ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/18/2023 03:41:18 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 18 Sep 2023 13:41:20 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: ab6e11b3-27f7-4fbd-9a51-998a71f13840
Metoda: GET(375ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/14/2023 05:09:48 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 14 Sep 2023 15:09:48 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: c07aa25e-0330-43e0-861f-fd3849df1a3b
Metoda: GET(375ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/05/2023 01:50:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 05 Sep 2023 11:50:26 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 9f19d094-e5b9-4649-b6de-f596df62f055
Metoda: GET(532ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (08/26/2023 05:54:44 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 26 Aug 2023 15:54:47 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: a6d617df-5a0a-4a55-8830-02998edbc426
Metoda: GET(359ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (08/26/2023 05:53:59 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Název chybující aplikace: svchost.exe_AudioEndpointBuilder, verze: 10.0.22621.1, časové razítko: 0x6dc5c2a5
Název chybujícího modulu: ntdll.dll, verze: 10.0.22621.1848, časové razítko: 0x48d14984
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000002168d
ID chybujícího procesu: 0x0xd50
Čas spuštění chybující aplikace: 0x0x1d9d835864eaa43
Cesta k chybující aplikaci: C:\WINDOWS\System32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 422fb50c-11cc-469e-b729-821c302efebb
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (10/23/2023 04:44:16 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server microsoft.windowscommunicationsapps_16005.14326.21624.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/20/2023 09:00:04 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/18/2023 06:39:32 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server AD2F1837.HPSupportAssistant_9.30.18.0_x64__v10z8vjag6ke6!AD2F1837.HPSupportAssistant.AppXnh1b2twym8n9380b6n50v24as5w5qk0n.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/17/2023 05:24:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.
Error: (10/14/2023 05:27:25 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/13/2023 09:39:43 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server microsoft.windowscommunicationsapps_16005.14326.21606.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/12/2023 06:20:57 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/12/2023 04:25:29 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 124) (User: NT AUTHORITY)
Description: 03225747456
CodeIntegrity:
===============
Date: 2023-10-24 09:44:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.52 09/22/2021
Motherboard: HP 8706
Processor: AMD Athlon Silver 3050U with Radeon Graphics
Percentage of memory in use: 87%
Total physical RAM: 6064.1 MB
Available physical RAM: 749.57 MB
Total Virtual: 10416.1 MB
Available Virtual: 1775.56 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:476.04 GB) (Free:374.03 GB) (Model: SAMSUNG MZVLB512HBJQ-000H1) NTFS
\\?\Volume{1ce64d0e-0b30-427d-a88a-b9d232149c29}\ () (Fixed) (Total:0.62 GB) (Free:0.08 GB) NTFS
\\?\Volume{65c2528c-bcb1-4ad5-950d-fb9023a92b2a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 05977A8C)
Partition: GPT.
==================== End of Addition.txt =======================
j.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by adaby (24-10-2023 10:18:13)
Running from C:\Users\adaby\Downloads
Microsoft Windows 11 Home Version 22H2 22621.2428 (X64) (2022-11-29 17:35:59)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
adaby (S-1-5-21-497818822-1726466583-137005623-1001 - Administrator - Enabled) => C:\Users\adaby
Administrator (S-1-5-21-497818822-1726466583-137005623-500 - Administrator - Disabled)
astro (S-1-5-21-497818822-1726466583-137005623-1007 - Administrator - Enabled) => C:\Users\astro
DefaultAccount (S-1-5-21-497818822-1726466583-137005623-503 - Limited - Disabled)
Guest (S-1-5-21-497818822-1726466583-137005623-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-497818822-1726466583-137005623-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 22.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2200-000001000000}) (Version: 22.00.00.0 - Igor Pavlov)
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.006.20360 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 23.9.6082 - Avast Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 118.0.5993.89 - Google LLC)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP USB-C Universal Dock (HKLM-x32\...\{98949D53-EC91-4ED0-A330-6E2BAEDFBD4E}_is1) (Version: 1.16.9 - HP)
JBL QuantumENGINE (HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\{35cdeb83-57d1-4692-8264-7b93565f24aa}) (Version: 1.6.0.1053 - JBL)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.16827.20166 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16827.20166 - Microsoft Corporation)
Microsoft 365 - sk-sk (HKLM\...\O365HomePremRetail - sk-sk) (Version: 16.0.16827.20166 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 118.0.2088.61 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 118.0.2088.61 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\OneDriveSetup.exe) (Version: 23.209.1008.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-497818822-1726466583-137005623-1007\...\OneDriveSetup.exe) (Version: 23.142.0709.0001 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\Teams) (Version: 1.6.00.28557 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.23.27002 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.23.207.2018 - Realtek)
R-Link 2 Toolbox (HKU\S-1-5-21-497818822-1726466583-137005623-1007\...\{R-Link 2 Toolbox}}_is1) (Version: 2.1.0 - Renault)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\ZoomUMX) (Version: 5.8.3 (1581) - Zoom Video Communications, Inc.)
Packages:
=========
5A894077.McAfeeSecurity -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2023-09-22] (McAfee LLC.)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-10-20] ()
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2022-11-26] (Amazon.com)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.40031.0_x64__0a9344xs7nr4m [2022-11-30] (Advanced Micro Devices Inc.) [Startup Task]
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2023-01-03] (Advanced Micro Devices Inc.)
Bakaláři – oficiální aplikace -> C:\Program Files\WindowsApps\40325JJones.Bakali_2.2.16.0_x64__gq7k0ca1wra62 [2023-09-06] (JJones)
Booking.com EMEA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comEMEABigsavingso_2.0.5.0_x64__mgae2k3ys4ra0 [2023-09-06] (Priceline Partner Network)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-25] (Microsoft Corporation)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-10] (Microsoft Corporation)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.20.0_x64__xbfy0k16fey96 [2023-09-10] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2022-10-16] (HP Inc.)
Fishdom -> C:\Program Files\WindowsApps\PLRWorldwideSales.FishdomPlayrix_7.6.2.0_x64__1feq88045d2v2 [2023-10-18] (Playrix)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.44.301.0_x64__v10z8vjag6ke6 [2023-10-23] (HP Inc.)
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6 [2023-09-05] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.4.0.0_x64__v10z8vjag6ke6 [2023-10-21] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2023-09-06] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_149.1.1056.0_x64__v10z8vjag6ke6 [2023-09-10] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.30.18.0_x64__v10z8vjag6ke6 [2023-09-26] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.39.0_x64__v10z8vjag6ke6 [2023-10-09] (HP Inc.)
Matchland - Build your Theme Park -> C:\Program Files\WindowsApps\DTeamStudio.Matchland-BuildyourThemePark_1.10.97.0_x64__d1ksdwd7kq768 [2023-09-06] (Plazma)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2310.10002.0_x64__8wekyb3d8bbwe [2023-10-12] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Corp.)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23272.2707.2453.769_x64__8wekyb3d8bbwe [2023-10-20] (Microsoft) [Startup Task]
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-10-12] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2023-09-06] (Random Salad Games LLC)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10160.0_x64__8wekyb3d8bbwe [2023-10-18] (Microsoft Studios) [MS Ad]
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2023-10-20] (Bytedance Pte. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2023-10-20] (Twitter Inc.)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2341.3.0_x64__cv1g1gvanyjgm [2023-10-22] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-10-12] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\adaby\AppData\Local\Microsoft\TeamsMeetingAddin\1.23.27002\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\adaby\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\adaby\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-03-15 09:28 - 2021-03-15 09:28 - 000529408 _____ () [File not signed] C:\Program Files\JBL\QuantumENGINE\FreespaceDeviceProvider.dll
2021-03-15 09:28 - 2021-03-15 09:28 - 000038912 _____ () [File not signed] C:\Program Files\JBL\QuantumENGINE\quantumcrashhandler.dll
2021-03-15 09:28 - 2021-03-15 09:28 - 000633856 _____ () [File not signed] C:\Program Files\JBL\QuantumENGINE\QuantumDeviceProvider.dll
2023-09-14 19:32 - 2023-09-14 19:32 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\f5836eea869011d9f6291cf9b7052643\Interop.IWshRuntimeLibrary.ni.dll
2023-09-14 19:32 - 2023-09-14 19:32 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\2291c400342bb064ac70d3f43f4350d0\Hardcodet.Wpf.TaskbarNotification.ni.dll
2023-09-14 19:32 - 2023-09-14 19:32 - 001701376 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\812bfcdb6de89f4e84e286670a1fecae\NAudio.ni.dll
2023-10-13 10:15 - 2023-10-13 10:15 - 003062272 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\42169599bfe84f556899f55e1a8cb8a7\Newtonsoft.Json.ni.dll
2023-10-13 10:15 - 2023-10-13 10:15 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\1c57748b3b2fd11cd905689020edb288\log4net.ni.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM -> {7894A00B-61EF-4C60-8032-D98189E69671} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {7894A00B-61EF-4C60-8032-D98189E69671} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-497818822-1726466583-137005623-1001 -> {7894A00B-61EF-4C60-8032-D98189E69671} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-09-15] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-09-15] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\sharepoint.com -> hxxps://vos5kvetna-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 06:49 - 2021-03-31 13:26 - 000001058 _____ C:\WINDOWS\system32\drivers\etc\hosts
192.168.0.113 host.docker.internal
192.168.0.113 gateway.docker.internal
127.0.0.1 kubernetes.docker.internal
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-497818822-1726466583-137005623-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-497818822-1726466583-137005623-1007\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{C6E6CCD2-DD75-459A-B1F5-7410A180A6A3}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{2BB395BA-D3D5-4F3F-8F2B-BC901495D25A}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [UDP Query User{77F0CBF1-4B06-45A0-B50F-A850891A7A67}C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7B6F6987-95F0-4284-9711-E9B9A999641C}C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{9D4362AE-2ABB-4D9B-8E8F-0BEB5C8EF341}C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C10ADE7E-7947-4309-9EC0-01DF657B6AE5}C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C2E30EC-66C5-4F36-ACB0-F2603B960DBB}] => (Allow) C:\Users\adaby\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FFB944F5-DF9E-4CC8-BFB0-497CCA380B07}] => (Allow) C:\Users\adaby\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9EB56AB1-C747-4744-B7B1-786736DFFD7D}] => (Allow) C:\Users\adaby\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{96C30111-05A7-469D-9C05-AF28FF478C8D}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8216BE11-1414-4748-B7BD-EC9DA97739AE}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{157FD241-1A84-4661-8A01-C01C2A19FED4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{20A467D0-0F33-4D49-9655-157F4BB0387B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23182.305.2227.4931_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5817AFE-73F3-4D0C-A9AA-C2B328D90049}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23182.305.2227.4931_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{73836157-818D-4821-8C21-FF9731CFAF1F}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23272.2707.2453.769_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{39EE5A1B-BDE7-4D38-8886-CB0C30CF38B6}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23272.2707.2453.769_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C97A79EE-A8C4-4A87-A543-F67CCFA0F00D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0464334C-B560-485C-AF8D-26A180B6D119}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDD5AE07-973A-4EBC-8B2D-7CD7E8CFCF92}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FC6D2244-5819-4D84-8FD3-E9691ACE74E6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1320E78D-F186-449F-AB0C-67A87EE56E49}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CA722CEB-C0F8-4848-8CC3-3B5D79A762F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
17-10-2023 17:24:24 Windows Update
21-10-2023 13:35:41 Windows Update
21-10-2023 13:36:00 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (10/13/2023 09:39:40 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-RA2OT22C)
Description: Název chybující aplikace: bad_module_info, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007ff6c95c3d4b
ID chybujícího procesu: 0x0x2de8
Čas spuštění chybující aplikace: 0x0x1d9fe0cf926e796
Cesta k chybující aplikaci: bad_module_info
Cesta k chybujícímu modulu: unknown
ID zprávy: f945b71e-4199-44ec-9482-efdd839eb837
Úplný název chybujícího balíčku: MSTeams_23257.2620.2442.7817_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MSTeams.Update
Error: (10/12/2023 04:26:03 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 12 Oct 2023 14:26:06 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: ad12ac44-42e7-4453-a99c-0d4d60f062bb
Metoda: GET(547ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (10/10/2023 01:31:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 10 Oct 2023 11:31:20 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 20b95225-4d87-4791-99a6-c6d4c70c7808
Metoda: GET(953ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/18/2023 03:41:18 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 18 Sep 2023 13:41:20 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: ab6e11b3-27f7-4fbd-9a51-998a71f13840
Metoda: GET(375ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/14/2023 05:09:48 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 14 Sep 2023 15:09:48 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: c07aa25e-0330-43e0-861f-fd3849df1a3b
Metoda: GET(375ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (09/05/2023 01:50:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 05 Sep 2023 11:50:26 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 9f19d094-e5b9-4649-b6de-f596df62f055
Metoda: GET(532ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (08/26/2023 05:54:44 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 26 Aug 2023 15:54:47 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: a6d617df-5a0a-4a55-8830-02998edbc426
Metoda: GET(359ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (08/26/2023 05:53:59 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Název chybující aplikace: svchost.exe_AudioEndpointBuilder, verze: 10.0.22621.1, časové razítko: 0x6dc5c2a5
Název chybujícího modulu: ntdll.dll, verze: 10.0.22621.1848, časové razítko: 0x48d14984
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000002168d
ID chybujícího procesu: 0x0xd50
Čas spuštění chybující aplikace: 0x0x1d9d835864eaa43
Cesta k chybující aplikaci: C:\WINDOWS\System32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 422fb50c-11cc-469e-b729-821c302efebb
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (10/23/2023 04:44:16 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server microsoft.windowscommunicationsapps_16005.14326.21624.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/20/2023 09:00:04 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/18/2023 06:39:32 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server AD2F1837.HPSupportAssistant_9.30.18.0_x64__v10z8vjag6ke6!AD2F1837.HPSupportAssistant.AppXnh1b2twym8n9380b6n50v24as5w5qk0n.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/17/2023 05:24:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.
Error: (10/14/2023 05:27:25 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/13/2023 09:39:43 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server microsoft.windowscommunicationsapps_16005.14326.21606.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/12/2023 06:20:57 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/12/2023 04:25:29 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 124) (User: NT AUTHORITY)
Description: 03225747456
CodeIntegrity:
===============
Date: 2023-10-24 09:44:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.52 09/22/2021
Motherboard: HP 8706
Processor: AMD Athlon Silver 3050U with Radeon Graphics
Percentage of memory in use: 87%
Total physical RAM: 6064.1 MB
Available physical RAM: 749.57 MB
Total Virtual: 10416.1 MB
Available Virtual: 1775.56 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:476.04 GB) (Free:374.03 GB) (Model: SAMSUNG MZVLB512HBJQ-000H1) NTFS
\\?\Volume{1ce64d0e-0b30-427d-a88a-b9d232149c29}\ () (Fixed) (Total:0.62 GB) (Free:0.08 GB) NTFS
\\?\Volume{65c2528c-bcb1-4ad5-950d-fb9023a92b2a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 05977A8C)
Partition: GPT.
==================== End of Addition.txt =======================
-
Rudy
- Site Admin
- Příspěvky: 118292
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome
Otevřte poznámkový blok a zkopírujte do něj:
Uložte do C:\Users\adaby\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {CA1AACC1-7471-4C0F-8282-A7C8B4F145B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {BD67FDCD-7473-4347-A050-21158A335AC1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {779B1E95-A823-452E-9EC2-0AF8EA5EA7BD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {EF1FC437-9079-44F3-A7BD-1886976D8183} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {2F5C0470-4EE7-46DB-9043-46A954B607D7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\adaby\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome
Dobrý den,
Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by adaby (27-10-2023 16:16:15) Run:1
Running from C:\Users\adaby\OneDrive\Plocha\FRST
Loaded Profiles: adaby & astro
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {CA1AACC1-7471-4C0F-8282-A7C8B4F145B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {BD67FDCD-7473-4347-A050-21158A335AC1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {779B1E95-A823-452E-9EC2-0AF8EA5EA7BD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {EF1FC437-9079-44F3-A7BD-1886976D8183} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {2F5C0470-4EE7-46DB-9043-46A954B607D7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\adaby\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA1AACC1-7471-4C0F-8282-A7C8B4F145B5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA1AACC1-7471-4C0F-8282-A7C8B4F145B5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD67FDCD-7473-4347-A050-21158A335AC1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD67FDCD-7473-4347-A050-21158A335AC1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{779B1E95-A823-452E-9EC2-0AF8EA5EA7BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{779B1E95-A823-452E-9EC2-0AF8EA5EA7BD}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF1FC437-9079-44F3-A7BD-1886976D8183}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF1FC437-9079-44F3-A7BD-1886976D8183}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F5C0470-4EE7-46DB-9043-46A954B607D7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F5C0470-4EE7-46DB-9043-46A954B607D7}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removed successfully
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19047570 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 13937744 B
Edge => 0 B
Chrome => 3714197835 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 327268 B
NetworkService => 327268 B
adaby => 142617018 B
defaultuser100000 => 142624186 B
astro => 266665791 B
defaultuser100000.LAPTOP-RA2OT22C => 266665791 B
RecycleBin => 4743483861 B
EmptyTemp: => 8.7 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 16:21:42 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by adaby (27-10-2023 16:16:15) Run:1
Running from C:\Users\adaby\OneDrive\Plocha\FRST
Loaded Profiles: adaby & astro
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {CA1AACC1-7471-4C0F-8282-A7C8B4F145B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {BD67FDCD-7473-4347-A050-21158A335AC1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {779B1E95-A823-452E-9EC2-0AF8EA5EA7BD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {EF1FC437-9079-44F3-A7BD-1886976D8183} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {2F5C0470-4EE7-46DB-9043-46A954B607D7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\adaby\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA1AACC1-7471-4C0F-8282-A7C8B4F145B5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA1AACC1-7471-4C0F-8282-A7C8B4F145B5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD67FDCD-7473-4347-A050-21158A335AC1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD67FDCD-7473-4347-A050-21158A335AC1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{779B1E95-A823-452E-9EC2-0AF8EA5EA7BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{779B1E95-A823-452E-9EC2-0AF8EA5EA7BD}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF1FC437-9079-44F3-A7BD-1886976D8183}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF1FC437-9079-44F3-A7BD-1886976D8183}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F5C0470-4EE7-46DB-9043-46A954B607D7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F5C0470-4EE7-46DB-9043-46A954B607D7}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removed successfully
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19047570 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 13937744 B
Edge => 0 B
Chrome => 3714197835 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 327268 B
NetworkService => 327268 B
adaby => 142617018 B
defaultuser100000 => 142624186 B
astro => 266665791 B
defaultuser100000.LAPTOP-RA2OT22C => 266665791 B
RecycleBin => 4743483861 B
EmptyTemp: => 8.7 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 16:21:42 ====
-
Rudy
- Site Admin
- Příspěvky: 118292
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome
Dobrý den, okna s reklamou přestala vyskakovat. Díky moc za pomoc
-
Rudy
- Site Admin
- Příspěvky: 118292
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?