Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

W32.Downdup.B, VBS.Runauto

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
dandar
Návštěvník
Návštěvník
Příspěvky: 92
Registrován: 17 zář 2005 10:41

W32.Downdup.B, VBS.Runauto

#1 Příspěvek od dandar »

Dobrý den, požádám o kontrolu logu. Norton hlásí (viz předmět), ale zamrzne. To samé FRST při skenu Memory info se "kousne", ale nějaký log se vytvořil. Děkuji.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Admin (07-05-2021 07:09:48)
Running from C:\Users\Admin\Desktop
Windows 10 Pro Version 2004 19041.928 (X64) (2020-11-02 07:23:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-1522470202-1352138926-4199276785-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1522470202-1352138926-4199276785-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1522470202-1352138926-4199276785-503 - Limited - Disabled)
Guest (S-1-5-21-1522470202-1352138926-4199276785-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1522470202-1352138926-4199276785-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Disabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton 360 (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security (Disabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3027 - Acer Incorporated)
Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3011 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3012 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3000 - Acer Incorporated)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation)
Backup and Sync from Google (HKLM\...\{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 - Google, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.58 - Piriform)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
Documentation Manager (HKLM\...\{FDDF7EA4-D624-4418-B3C5-1CF6247F844D}) (Version: 21.60.2.1 - Intel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
Intel(R) Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6446 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000060-0210-1029-84C8-B8D95FA3C8C3}) (Version: 21.60.0.4 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{91984066-e894-49de-ac7d-b2ef4fe7b446}) (Version: 21.60.2.1 - Intel Corporation) Hidden
IrfanView 4.53 (64-bit) (HKLM\...\IrfanView64) (Version: 4.53 - Irfan Skiljan)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 5.0.3128 - KYOCERA Document Solutions Inc.)
KYOCERA Status Monitor 5 (HKLM\...\{24EE7F6D-C648-463f-9E71-DC5FD2258D17}) (Version: 5.0.62.13 - KYOCERA Document Solutions Inc.)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.4.2 - LG Electronics)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.13929.20296 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1522470202-1352138926-4199276785-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 88.0 (x64 cs) (HKLM\...\Mozilla Firefox 88.0 (x64 cs)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.21.2.50 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7936 - Realtek Semiconductor Corp.)
Tim 9.31.31 (HKLM-x32\...\{44B8FFD5-5D77-44F6-9B19-D459078ABDC5}) (Version: 9.31.31 - Ing. Martin Lenz - HippoSoft)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Vision ERP (HKLM\...\Vision ERP_is1) (Version: - Vision Praha s.r.o.)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: - )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Xerox Phaser 3435 (HKLM-x32\...\Xerox Phaser 3435) (Version: - )

Packages:
=========
abFiles -> C:\Program Files\WindowsApps\AcerIncorporated.abFiles_1.0.7.0_x86__48frkmn4z8aw4 [2018-08-31] (Acer Incorporated)
abPhoto -> C:\Program Files\WindowsApps\AcerIncorporated.6245439DEEE9E_1.0.10.0_x86__48frkmn4z8aw4 [2018-08-31] (Acer Incorporated)
Acer Collection -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollection_1.1.3013.0_x64__48frkmn4z8aw4 [2018-10-20] (Acer Incorporated)
Acer Portal -> C:\Program Files\WindowsApps\AcerIncorporated.AcerPortal_1.1.9.0_x86__48frkmn4z8aw4 [2018-09-01] (Acer Incorporated)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-09] (Autodesk Inc.)
Booking.com -> C:\Program Files\WindowsApps\Booking.com_1.0.1606.2210_x64__96rgg7pjt343r [2017-11-22] (CN=Acer Incorporated)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.3.30.0_x86__kgqvnymyfvs32 [2021-03-22] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.192.300.0_x86__kgqvnymyfvs32 [2021-04-30] (king.com)
eBay -> C:\Program Files\WindowsApps\eBay_1.0.1606.2210_x64__96rgg7pjt343r [2017-11-22] (CN=Acer Incorporated)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.12.6.0_x86__q4d96b2w5wcc2 [2021-05-03] (Evernote)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_126.2.222.0_x64__v10z8vjag6ke6 [2021-04-09] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa [2021-04-29] (Apple Inc.) [Startup Task]
KYOCERA Print Center -> C:\Program Files\WindowsApps\A97ECD55.KYOCERAPrintCenter_2.4.31103.0_x64__kqmhh0ktdt7dg [2020-11-15] (KYOCERA Document Solutions Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4213.0_x64__8wekyb3d8bbwe [2021-04-30] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.22101.0_x64__8wekyb3d8bbwe [2021-04-26] (Microsoft Studios)
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-16] (MAGIX)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-20] (Netflix, Inc.)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2018-08-31] (Plex)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2018-08-31] (Samsung Electronics Co. Ltd.)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.84.0_x64__qt5r5pa5dyg8m [2021-03-01] (WildTangent Games)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-06-01] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1522470202-1352138926-4199276785-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.2.50\NavShExt.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.2.50\NavShExt.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers4: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers4: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0b3e3ed3ace9602a\igfxDTCM.dll [2018-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.2.50\buShell.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.2.50\NavShExt.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2016-06-15 04:36 - 2016-06-15 04:36 - 000050688 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzinw12.dll
2016-06-15 04:36 - 2016-06-15 04:36 - 000066048 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzipm12.dll
2020-04-20 07:06 - 2020-04-20 07:06 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvSubsystems32.dll
2020-04-20 07:06 - 2020-04-20 07:06 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1522470202-1352138926-4199276785-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-1522470202-1352138926-4199276785-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-1522470202-1352138926-4199276785-1001 -> DefaultScope {BEFE635F-0D39-4DB6-989D-26AD27FA9366} URL =
SearchScopes: HKU\S-1-5-21-1522470202-1352138926-4199276785-1001 -> {BEFE635F-0D39-4DB6-989D-26AD27FA9366} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.21.2.50\coIEPlg.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.21.2.50\coIEPlg.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.2.50\coIEPlg.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.21.2.50\coIEPlg.dll [2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 23:03 - 2017-03-18 23:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Vision32\asa\bin64;C:\Program Files\Vision32\asa\bin32;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1522470202-1352138926-4199276785-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-1522470202-1352138926-4199276785-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1522470202-1352138926-4199276785-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EBA5DBD5-8A8F-42DD-A08D-3888A9AE5602}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{1C22CBD7-DF7E-43A8-BE51-37D41C025255}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{CB143E27-8967-48BA-AB79-8CFD03AA9D7F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{9B23DFCD-484F-4DC1-87F0-3DA2BAB9BE24}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{196A1B14-BD49-4570-A939-B9CBFBCBDF33}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe => No File
FirewallRules: [{6FC567BA-0164-4767-BA6C-03A424912B65}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe => No File
FirewallRules: [{79F86C99-416F-46E8-959D-C06B2CBC6384}] => (Allow) C:\Users\Admin\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{1360EDD5-E28A-4F7D-B7E0-747E93B8A02E}] => (Allow) C:\Users\Admin\AppData\Local\Apowersoft\Online Video Converter\Online Video Converter.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{E40CF320-C400-4B5B-99BC-0779B90BF5B4}] => (Allow) C:\Users\Admin\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => No File
FirewallRules: [{DFD104F6-3E4D-40A7-88B3-74076F88F947}] => (Allow) C:\Users\Admin\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => No File
FirewallRules: [{328D9B29-AEC4-4957-8778-62DD44BC9105}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E21D1282-EB22-4FBB-9E82-14527A3B0CC6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5BD586B2-E5EF-40F3-A053-3C7D41E6C0A5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3C0A8C3D-B2CD-42D7-B366-05BFEE7B69C0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{89C6C083-B3EE-4CA3-9F05-98FBB9418108}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{2E95C356-F3C2-498B-9FCA-83F37A018BD9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{8BD38E8A-C9F5-4E43-954F-CA5ECEBFAD50}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [{5A79AADA-2057-4FE3-A2C5-BFC0D9957844}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6F0120E6-28B7-439A-B83D-60199844B77F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{59A8F503-6459-45DF-8CE8-C1BD6154C93C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8B0EEA78-70D1-4B64-9948-4007F8BCEC4D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{65F4B96C-D640-49BB-9391-326A36056A0A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FEBCEAB0-8C50-498A-B6FA-B809D70FE29F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8DE589F6-1D1B-45D6-983A-40AEBEE910AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B06FBED1-8BBC-468E-9E92-0A199E5FE758}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F25D0732-FBFF-44F5-B8E3-A25D41D9B830}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F66C47EE-92EC-46DF-95E5-692626415887}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5FCE96DE-3965-4ABB-BB95-9179859BB650}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{656D1D95-DB37-406C-B2D6-8D47F462A4AB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5302AA31-1078-4522-BED5-907917308037}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{416F7306-7631-4618-8BBB-285B1F1A6CFC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{519DDE05-0181-4CEC-90BC-42D742138316}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{360ABC41-3700-4FBC-AB5D-B2351570855E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9719E4FC-E073-46B4-B8B2-85864F3BB551}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{19A4242E-8463-4A5E-BDF7-1508C7F3C54D}] => (Allow) LPort=9422
FirewallRules: [{E00877D0-3872-4E9D-A876-315FB2384D79}] => (Allow) LPort=9245
FirewallRules: [{92A2F723-9523-49BE-AB66-60DABD2C19D0}] => (Allow) LPort=9246
FirewallRules: [{CD05FB5C-7DD7-45E9-B24F-B5B1B5B11129}] => (Allow) LPort=9247
FirewallRules: [{A2BCE7B3-9FA8-4C07-A1DB-DCC9D751BB6C}] => (Allow) LPort=3702
FirewallRules: [{E476C6E2-6268-4FBB-82C1-F00C785A0EFB}] => (Allow) LPort=9244
FirewallRules: [{7871AF74-4C74-4289-B3C1-CE9C2ABD38DF}] => (Allow) LPort=9444
FirewallRules: [{EC7EDF9E-7C44-4577-BF01-E9333935B93A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B51A0516-AE67-47B4-8713-CAF8E338AE71}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A49D178C-2E8A-4D3A-8743-0376E7067841}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

16-04-2021 06:26:28 Instalační služba modulů systému Windows
26-04-2021 06:44:07 Naplánovaný kontrolní bod
03-05-2021 09:31:13 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/07/2021 07:03:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program NortonSecurity.exe verze 17.2.3.52 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 1d14

Čas spuštění: 01d742f96cfff044

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\Norton Security\Engine\22.21.2.50\NortonSecurity.exe

ID hlášení: 5f01defe-a8d9-4209-bc71-b6656c4bbb7d

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (04/29/2021 03:35:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-BHS3FTNJ.local already in use; will try LAPTOP-BHS3FTNJ-2.local instead

Error: (04/29/2021 03:35:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 LAPTOP-BHS3FTNJ.local. AAAA FE80:0000:0000:0000:1880:D30B:7435:3718

Error: (04/29/2021 03:35:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:1880:D30B:7435:3718:5353 4 LAPTOP-BHS3FTNJ.local. Addr 192.168.1.111

Error: (04/29/2021 03:35:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 LAPTOP-BHS3FTNJ.local. AAAA FE80:0000:0000:0000:1880:D30B:7435:3718

Error: (04/29/2021 03:35:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 LAPTOP-BHS3FTNJ.local. AAAA FE80:0000:0000:0000:1880:D30B:7435:3718

Error: (04/24/2021 12:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-BHS3FTNJ.local already in use; will try LAPTOP-BHS3FTNJ-2.local instead

Error: (04/24/2021 12:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 LAPTOP-BHS3FTNJ.local. AAAA FE80:0000:0000:0000:1880:D30B:7435:3718


System errors:
=============
Error: (05/04/2021 08:43:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240017): KYOCERA Document Solutions Inc. - Printer - 6/6/2013 12:00:00 AM - 10.0.17134.1.

Error: (05/03/2021 06:52:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240017): KYOCERA Document Solutions Inc. - Printer - 6/6/2013 12:00:00 AM - 10.0.17134.1.

Error: (04/29/2021 10:51:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240017): KYOCERA Document Solutions Inc. - Printer - 6/6/2013 12:00:00 AM - 10.0.17134.1.

Error: (04/29/2021 08:00:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240017): KYOCERA Document Solutions Inc. - Printer - 6/6/2013 12:00:00 AM - 10.0.17134.1.

Error: (04/26/2021 06:41:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): ApplicationSet-9PB2MZ1ZMB1S-AppleInc.iTunes.

Error: (04/26/2021 06:40:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240017): KYOCERA Document Solutions Inc. - Printer - 6/6/2013 12:00:00 AM - 10.0.17134.1.

Error: (04/21/2021 06:38:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240017): KYOCERA Document Solutions Inc. - Printer - 6/6/2013 12:00:00 AM - 10.0.17134.1.

Error: (04/16/2021 07:01:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240017): KYOCERA Document Solutions Inc. - Printer - 6/6/2013 12:00:00 AM - 10.0.17134.1.


CodeIntegrity:
===============
Date: 2021-05-07 06:31:29
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.2.50\symamsi.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.11 08/11/2017
Motherboard: Acer BA40_SL
Processor: Intel(R) Core(TM) i3-6006U CPU @ 2.00GHz
Percentage of memory in use: 83%
Total physical RAM: 3976.91 MB
Available physical RAM: 669.89 MB
Total Virtual: 6152.91 MB
Available Virtual: 2101.43 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:445.9 GB) (Free:382.21 GB) NTFS

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by Admin (administrator) on LAPTOP-BHS3FTNJ (Acer Extensa 2540) (07-05-2021 07:07:50)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin
Platform: Windows 10 Pro Version 2004 19041.928 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Windows\Xerox\PanelMgr\caller64.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0b3e3ed3ace9602a\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0b3e3ed3ace9602a\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0b3e3ed3ace9602a\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0b3e3ed3ace9602a\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(KYOCERA Document Solutions Inc.) [File not signed] C:\Program Files\KDService\bin\KDService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <9>
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.2.50\nsWscSvc.exe
(NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.21.2.50\NortonSecurity.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696840 2016-09-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Xerox PanelMgr] => C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe [557056 2009-06-22] () [File not signed]
HKLM\...\Windows x64\Print Processors\hpcpp140: C:\Windows\System32\spool\prtprocs\x64\hpcpp140.DLL [559616 2012-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp190: C:\Windows\System32\spool\prtprocs\x64\hpcpp190.dll [651176 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\...\Windows x64\Print Processors\SXC2MPC: C:\Windows\System32\spool\prtprocs\x64\sxc2mpc.dll [33792 2008-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\Windows\system32\HPMPW081.DLL [127912 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM190: C:\Windows\system32\hpmlm190.dll [310512 2016-08-26] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\KX Language Monitor: C:\Windows\system32\KXPLM64.DLL [117312 2018-09-21] (Microsoft Windows Hardware Compatibility Publisher -> KYOCERA Document Solutions Inc.)
HKLM\...\Print\Monitors\SXC2M Langmon: C:\Windows\system32\sxc2ml6.dll [22016 2008-01-17] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\us008 Langmon: C:\Windows\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-27] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0378CFC6-1AC8-4F46-A117-F763D942B4AD} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [479024 2017-12-14] (Acer Incorporated -> )
Task: {0E28F1EB-4755-4366-9793-A6E45DDD69BD} - System32\Tasks\AmazonAssistantHelper => C:\ProgramData\OEM\Transactional\amazonx@hermes\AmazonX.exe [28464 2018-08-23] (Acer Incorporated -> )
Task: {0FF48911-32C2-49BD-9152-EE70D45B8BA7} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [696304 2021-04-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {14FD949E-5F64-4AAC-9539-01D4F43662B8} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2017-02-22] (Acer Incorporated -> )
Task: {1C420A05-ECB5-45FD-A52A-E8AB57FBCD31} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3985328 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D20CD6B-FC32-4BD5-8019-13102B1DF256} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.15.1.8\SymErr.exe
Task: {1E8C1558-F0BA-4079-A52E-B58FFB62878F} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2767664 2017-02-15] (Acer Incorporated -> Acer Incorporated)
Task: {20E70B51-8812-4B91-A9F0-7C77331F4465} - System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A} => C:\Users\Admin\AppData\Local\Temp\B48B80E2-A0E4-41F0-932C-865F8131BF7D\ga_service.exe <==== ATTENTION
Task: {244F021F-2794-4A40-8678-19EE9818A9E0} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.2.50\SymErr.exe [115640 2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {27B35985-BA30-45C7-8509-0CDCA81D85EC} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [445744 2017-02-15] (Acer Incorporated -> Acer Incorporated)
Task: {2EFB0596-5DF8-4C00-A6DE-E36BCB7A79E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-18] (Google Inc -> Google Inc.)
Task: {3144FFFB-1C23-4A2E-B08A-F9139297BC38} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [417072 2017-12-13] (Acer Incorporated -> Acer Incorporated)
Task: {33BA9B87-8E52-47F3-AB66-41FCE63096F2} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [152880 2016-09-20] (Acer Incorporated -> )
Task: {353355E8-4195-4CE4-956E-3656AF00ACA5} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.15.1.8\SymErr.exe
Task: {36A58B83-6490-4713-A9EC-0F20E6F74A29} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3985328 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {376A4DA5-FFEC-4449-A88D-182DD726BB78} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2017-02-15] (Acer Incorporated -> Acer Incorporated)
Task: {41C71506-E2C5-4D01-917E-CE3D6D276FC6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {4427A36F-DE51-410B-A9D0-C7A51F64DC00} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe
Task: {47F88A8C-03A5-4232-8A65-5B1E97289AF2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {597E786A-C729-425D-A673-09F23CB9AF72} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5D55002A-314D-44A2-B6E9-2A10532AFB92} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4645168 2017-02-22] (Acer Incorporated -> )
Task: {70244B2A-B4D7-4417-AEFC-3265A2B00EA5} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.21.2.50\SymErr.exe [115640 2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {72C50986-DC35-4C6A-B1F2-BE24D79BACBB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {83AADD0C-76E7-4807-942A-32C31C77F57E} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-02-22] (Acer Incorporated -> )
Task: {8B6A3864-015F-4B83-84ED-98801AC9F8BB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {8CA6B3A8-E62B-409B-87C9-1E96E489AB9A} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2344608 2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {9255825F-5742-4F46-B75B-9CB92F7D9989} - System32\Tasks\MonitorAcerPortal => C:\ProgramData\acer\Acer Portal\monitorPortal.exe [32472 2017-06-07] (Acer Incorporated -> )
Task: {9B69251A-9EF4-4682-A256-45347D0BA4F4} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe
Task: {9E63A61A-3FF1-40F7-A2D4-4647B82F2362} - System32\Tasks\PicstreamAgent => C:\Program [Argument = Files (x86)\Acer\AOP Framework\uwplauncher.exe AcerIncorporated.6245439DEEE9E_48frkmn4z8aw4!abPhoto]
Task: {AE6D5F35-F095-4D3B-A08C-086359A5E902} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.15.1.8\SymErr.exe
Task: {B7A1383F-1D78-4FA7-95DD-7C688673FDB2} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.21.2.50\SymErr.exe [115640 2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {C2466FC8-AD00-4055-913F-D3728ACAEAFA} - System32\Tasks\AcerCloud => C:\ProgramData\acer\Acer Portal\launchPortal.exe [25816 2017-06-07] (Acer Incorporated -> )
Task: {D34973D5-F00F-4EE0-9C2F-48C84BE1451F} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {D36A7CBC-BFEC-4F08-8C29-107B3EE14C25} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {D5F3BF66-06D3-4396-AFA8-B4BFE78D92AC} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-27] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {D9528001-59F7-46A8-93AE-531CF24CEC96} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.21.2.50\WSCStub.exe [643584 2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {E1BE0946-37B1-49FE-AFC1-8EED7CD91195} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [215856 2017-02-18] (Acer Incorporated -> TODO: <Company name>)
Task: {EB9BD520-0C1D-4D90-9665-976E1787C407} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe
Task: {EEAF2E6A-6A36-4B0C-A0AC-BAEC612FB9F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {F50F14CE-02BF-4ECC-9842-D840AC68957A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-18] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{405655b1-a030-4f2e-a54c-ffd285d7acb4}: [NameServer] 192.168.1.1,8.8.8.8
Tcpip\..\Interfaces\{f3c2666c-e65f-407b-80e5-a367f81d9452}: [DhcpNameServer] 192.168.1.1 185.219.18.250 185.219.16.250

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-07]

FireFox:
========
FF DefaultProfile: luu8yumh.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\luu8yumh.default [2021-05-07]
FF Homepage: Mozilla\Firefox\Profiles\luu8yumh.default -> www.idnes.cz
FF NetworkProxy: Mozilla\Firefox\Profiles\luu8yumh.default -> type", 1
FF Extension: (Tipli do prohlížeče) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\luu8yumh.default\Extensions\@tipli-do-prohlizece-.xpi [2021-01-28]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\luu8yumh.default\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2019-01-05]
FF Extension: (No Name) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\luu8yumh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-01-29]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nw3llktd.default [2020-10-04]
FF Homepage: Mozilla\Firefox\Profiles\nw3llktd.default -> www.seznam.cz
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nw3llktd.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2018-08-30]
FF Extension: (Mozilla Partner Defaults) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nw3llktd.default\Extensions\partnerdefaults@mozilla.com [2018-08-30] [Legacy]
FF Extension: (User search study) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nw3llktd.default\Extensions\search-nudges@shield.mozilla.org.xpi [2018-08-30] [Legacy]
FF Plugin-x32: @DVR/npplugin,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin_V2\npPlugin.dll [2016-03-16] () [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2015-09-07] () [File not signed]

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2021-03-29]
CHR Extension: (Prezentace) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-18]
CHR Extension: (Dokumenty) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-18]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-13]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-18]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Tabulky) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-29]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-13]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKU\S-1-5-21-1522470202-1352138926-4199276785-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2272472 2017-06-07] (Acer Incorporated -> Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)
R2 KDService; C:\Program Files\KDService\bin\KDService.exe [514560 2018-09-21] (KYOCERA Document Solutions Inc.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.2.50\NortonSecurity.exe [343336 2021-03-27] (NortonLifeLock Inc. -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.2.50\nsWscSvc.exe [1054536 2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-02-15] (Acer Incorporated -> Acer Incorporated)
S3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-02-15] (Acer Incorporated -> Acer Incorporated)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [296752 2017-02-21] (Acer Incorporated -> acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\BASHDefs\20210504.013\BHDrvx64.sys [1995864 2021-03-15] (Symantec Corporation -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\ccSetx64.sys [192248 2021-03-27] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-02-02] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-02-14] (Symantec Corporation -> Broadcom)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\IPSDefs\20210506.061\IDSvia64.sys [1488976 2021-04-06] (Symantec Corporation -> Broadcom)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2019-07-16] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\nsvst.sys [56912 2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\SRTSP64.SYS [890464 2021-03-27] (Symantec Corporation -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\SRTSPX64.SYS [50272 2021-03-27] (Symantec Corporation -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\SYMEFASI64.SYS [2060656 2021-03-27] (Symantec Corporation -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\SymELAM.sys [25080 2021-03-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-21] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.9.2.3\SymPlatform\SymEvnt.sys [712368 2020-01-16] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\Ironx64.SYS [316488 2021-03-27] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\symnets.sys [575328 2021-03-27] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\wpCtrlDrv.sys [1013792 2021-03-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-07 07:07 - 2021-05-07 07:08 - 000025764 _____ C:\Users\Admin\Desktop\FRST.txt
2021-05-07 07:07 - 2021-05-07 07:08 - 000000000 ____D C:\FRST
2021-05-07 07:05 - 2021-05-07 07:05 - 002298368 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2021-05-07 06:53 - 2021-05-07 06:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2021-05-06 13:11 - 2021-05-06 13:33 - 000002130 _____ C:\Users\Admin\Desktop\terimnal-kody_3.csv
2021-05-06 09:13 - 2021-05-06 09:14 - 000000396 _____ C:\Users\Admin\Desktop\terimnal-kody (2).csv
2021-05-05 14:41 - 2021-05-05 14:54 - 000001224 _____ C:\Users\Admin\Desktop\CSV_ANO.xlsx.csv
2021-05-03 06:42 - 2021-05-03 06:42 - 000088389 _____ C:\Users\Admin\Desktop\Test potvrzení.pdf
2021-04-30 18:52 - 2018-09-21 06:06 - 000117312 _____ (KYOCERA Document Solutions Inc.) C:\WINDOWS\system32\KXPLM64.DLL
2021-04-30 11:00 - 2021-04-30 11:00 - 000000000 ____D C:\usr
2021-04-30 11:00 - 2021-04-30 11:00 - 000000000 ____D C:\Users\Default\AppData\Local\Kyocera
2021-04-30 11:00 - 2021-04-30 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kyocera
2021-04-30 11:00 - 2021-04-30 11:00 - 000000000 ____D C:\ProgramData\KDService
2021-04-30 11:00 - 2021-04-30 11:00 - 000000000 ____D C:\Program Files\Kyocera
2021-04-30 11:00 - 2021-04-30 11:00 - 000000000 ____D C:\Program Files\KDService
2021-04-21 17:32 - 2021-04-21 17:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-21 10:50 - 2021-05-05 14:36 - 000008941 _____ C:\Users\Admin\Desktop\CSV_ANO.xlsx
2021-04-21 08:22 - 2021-05-07 06:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-04-20 12:21 - 2021-04-20 12:48 - 002179506 _____ C:\Users\Admin\Desktop\TP_Jarka.xlsx
2021-04-20 08:52 - 2021-04-20 14:39 - 000000075 _____ C:\Users\Admin\Desktop\Eva.csv
2021-04-20 08:26 - 2021-04-20 08:26 - 000245405 _____ C:\Users\Admin\Desktop\VFA Šroubek.pdf
2021-04-20 08:25 - 2021-04-20 08:25 - 000201062 _____ C:\Users\Admin\Desktop\Dodací list _nový.pdf
2021-04-19 13:00 - 2021-04-19 14:19 - 000000435 _____ C:\Users\Admin\Desktop\Bova.csv
2021-04-19 10:22 - 2021-04-19 10:22 - 000000145 _____ C:\Users\Admin\Desktop\zavit.csv
2021-04-17 09:46 - 2021-04-17 09:58 - 000010706 _____ C:\Users\Admin\Desktop\drevene kuly_tabulka.xlsx
2021-04-16 06:50 - 2021-05-07 06:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2021-04-16 06:45 - 2021-04-16 06:45 - 000003376 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2021-04-16 06:45 - 2021-04-16 06:45 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2021-04-16 06:39 - 2021-04-16 06:39 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-16 06:38 - 2021-04-16 06:38 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-16 06:38 - 2021-04-16 06:38 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-15 10:15 - 2021-04-15 10:15 - 000000374 _____ C:\Users\Admin\Desktop\stitky-2021-04-14-2021-04-14.csv
2021-04-15 10:14 - 2021-04-15 10:14 - 000000334 _____ C:\Users\Admin\Desktop\stitky-maloobchody6-2021-04-14-2021-04-14.csv
2021-04-15 06:39 - 2021-04-15 06:39 - 000186810 _____ C:\Users\Admin\Desktop\Podaci_listek_avizovani_vpis.pdf
2021-04-14 12:08 - 2021-04-14 12:08 - 000060616 _____ C:\Users\Admin\Desktop\reservation_info.pdf
2021-04-08 15:41 - 2021-04-08 15:41 - 000008817 _____ C:\Users\Admin\Desktop\TP.xlsx
2021-04-08 14:22 - 2021-04-08 14:37 - 000012117 _____ C:\Users\Admin\Desktop\Kompletace.xlsx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-07 06:57 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-07 06:32 - 2020-11-02 09:20 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-07 06:32 - 2019-12-07 16:43 - 000718024 _____ C:\WINDOWS\system32\perfh005.dat
2021-05-07 06:32 - 2019-12-07 16:43 - 000145166 _____ C:\WINDOWS\system32\perfc005.dat
2021-05-07 06:32 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-07 06:30 - 2020-11-02 09:22 - 000003510 _____ C:\WINDOWS\system32\Tasks\DashlaneUpgradeCheck
2021-05-07 06:29 - 2019-01-30 07:37 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-07 06:29 - 2018-08-30 12:06 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2021-05-07 06:28 - 2020-11-02 09:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-07 06:28 - 2020-11-02 09:09 - 000573408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-07 06:28 - 2020-11-02 09:09 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-07 06:28 - 2019-12-07 11:03 - 000016384 _____ C:\WINDOWS\system32\config\ELAM
2021-05-07 06:28 - 2017-11-22 01:20 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2021-05-07 06:27 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-05-07 06:27 - 2017-11-21 23:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-07 06:25 - 2020-11-02 09:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-07 05:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-06 06:24 - 2018-08-30 13:43 - 000001857 _____ C:\Users\Admin\Desktop\Vision.lnk
2021-05-05 15:10 - 2020-11-23 14:06 - 000000000 ____D C:\Users\Admin\Desktop\Bordel
2021-05-05 09:42 - 2018-08-31 14:11 - 000000000 ____D C:\Tim
2021-05-04 17:52 - 2018-08-30 13:47 - 000002298 ____H C:\Users\Admin\Documents\Default.rdp
2021-05-04 17:49 - 2019-12-07 16:45 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-05-04 15:04 - 2018-11-01 08:02 - 000000000 ____D C:\Users\Admin\Desktop\Nový zaměstnanec
2021-05-04 10:02 - 2018-08-31 14:08 - 000000000 ____D C:\Scan
2021-05-04 06:59 - 2017-11-21 23:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-05-03 11:41 - 2021-04-01 14:22 - 000023283 _____ C:\Users\Admin\Desktop\vzor-import-testy.xlsx
2021-05-03 06:52 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-02 06:50 - 2020-06-03 09:49 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-29 13:16 - 2019-01-18 15:44 - 000000000 ____D C:\Users\Admin\Desktop\Nový zákazník
2021-04-29 06:28 - 2021-01-17 09:58 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1522470202-1352138926-4199276785-1001
2021-04-29 06:28 - 2020-11-02 09:13 - 000002369 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-29 06:28 - 2017-11-22 01:24 - 000000000 ___RD C:\Users\Admin\OneDrive
2021-04-27 05:45 - 2018-09-18 06:45 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-26 06:34 - 2020-05-15 06:55 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-26 05:30 - 2020-11-30 06:43 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b0e836b11c38
2021-04-26 05:30 - 2020-11-02 09:22 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-23 05:54 - 2020-09-30 08:12 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-22 15:35 - 2018-08-30 19:29 - 000000000 ____D C:\Users\Admin\Documents\Práce
2021-04-21 17:32 - 2017-11-21 23:52 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-21 05:05 - 2020-11-02 09:22 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-21 05:05 - 2020-11-02 09:22 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-16 07:11 - 2018-08-31 07:56 - 000000000 ____D C:\Program Files\Common Files\AV
2021-04-16 06:45 - 2018-09-04 05:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2021-04-16 06:44 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-16 06:44 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-16 06:44 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-16 06:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-16 06:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-16 06:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-16 06:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-16 06:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-16 06:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-16 06:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-16 06:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-16 06:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-16 06:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-16 06:42 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-16 06:38 - 2020-11-02 09:10 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-16 06:26 - 2018-08-30 14:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-16 05:45 - 2018-08-30 14:33 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2020-10-27 07:54 - 2020-10-27 07:54 - 000003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15193
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: W32.Downdup.B, VBS.Runauto

#2 Příspěvek od JaRon »

ahoj,
restartuj PC do nudzoveho rezimu a tam vycisti s Norton, CCleaner a ADWCleaner - ak nieco nepojde, pokracuj dalsim :)
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Odpovědět