Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Rusové útočí

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
tata22
Návštěvník
Návštěvník
Příspěvky: 197
Registrován: 11 říj 2004 08:14
Bydliště: Č.Budějovice

Rusové útočí

#1 Příspěvek od tata22 »

Dobrý den, jsem tu znovu s prosbou o pomoc. Dceři se do NTB do Chromu dostal nějaký ruský vyhledávač. Sice jsem to přepnul zpět na Google ale raději bych to odstranil úplně. Předem dík za pomoc. Posílám oba logy:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2021
Ran by HP (administrator) on LAPTOP-ERLFPQSH (HP OMEN by HP Laptop 15-ce0xx) (19-05-2021 17:26:21)
Running from C:\Users\HP\Desktop
Loaded Profiles: HP
Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam8\YouCamService8.exe
(Discord Inc. -> Discord Inc.) C:\Users\HP\AppData\Local\Discord\app-1.0.9001\Discord.exe <6>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_eb7ea98d07646ece\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\SysInfoCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_c0309a48bef2b923\x64\OmenCap.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\StreamerV2\omen.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki130350.inf_amd64_696b7c6764071b63\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki130350.inf_amd64_696b7c6764071b63\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki130350.inf_amd64_696b7c6764071b63\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki130350.inf_amd64_696b7c6764071b63\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [118496 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-04-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320056 2019-08-28] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtsCM] => C:\windows\RTSCM64.EXE [196824 2021-01-17] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324592 2017-10-31] (HP Inc. -> HP)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [707624 2018-08-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [YouCam Service8] => C:\Program Files (x86)\CyberLink\YouCam8\YouCamService8.exe [405176 2019-02-19] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [287648 2021-04-06] (IDSA Production signing key 2021 -> Intel)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2795632099-1143490015-279500104-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33698888 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2795632099-1143490015-279500104-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-02-24] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-2795632099-1143490015-279500104-1001\...\Run: [Discord] => C:\Users\HP\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKLM\...\Windows x64\Print Processors\Canon TS5000 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDF.DLL [30720 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5300 series: C:\windows\system32\CNMLMAT.DLL [385024 2012-03-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS5000 series: C:\windows\system32\CNMLMDF.DLL [485376 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS5000 series XPS: C:\windows\system32\CNMXLMDF.DLL [487424 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\windows\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-14] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\90.0.9316.94\Installer\chrmstp.exe [2021-05-05] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\...\Authentication\Credential Providers: [{765458F5-7207-46a2-ABD6-A5F11C0D141B}] -> C:\Program Files (x86)\CyberLink\YouCam8\CLCredProv\x64\CLCredProv.dll [2019-02-19] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{765458F5-7207-46a2-ABD6-A5F11C0D141B}] -> C:\Program Files (x86)\CyberLink\YouCam8\CLCredProv\x64\CLCredProv.dll [2019-02-19] (CyberLink Corp. -> CyberLink)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DCBF42-D5E7-4A5F-824E-DD60F6680FFA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4699872 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
Task: {012E5551-17D1-493D-A621-0574F2BB5712} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1362464 2017-03-13] (HP Inc. -> HP Development Company, L.P.)
Task: {0174DF69-9704-4D9F-A482-80676E9EC265} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => cmd /c start hpdiags://BCF
Task: {03F38499-6550-4388-8FC5-255E2FD981BC} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => cmd /c start hpdiags://BatteryStatusError
Task: {0D3C603B-F569-4671-A41D-11C73A381F24} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {0F642BCE-DF55-41F5-AC36-DDF8F5EBDB55} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3985328 2021-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {1616F616-AE0F-4012-88D1-AF523C533394} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {176B33F2-C72E-4D5E-B9C4-2BF98DF7D8EE} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. -> )
Task: {1CB3460A-1766-4C29-B38E-C6FBDD8454E9} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => cmd /c start hpdiags:
Task: {1FAC0C01-EE99-4883-BD87-3F93A9A80C78} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {2043E051-106A-4AF6-8294-FFF07DAB65AA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F2B3C8B-386A-4368-83A9-D5FD618A1EFC} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\8.4.0\Scheduler.exe [156696 2021-04-09] (IObit CO., LTD -> IObit)
Task: {3142FA00-F1E4-44AC-A839-B2D5B29D07CE} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => cmd /c start hpdiags://SmartCheckTest
Task: {365B7EED-57BE-4ABA-9F70-C11EA586DCF4} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => cmd /c start hpdiags://SmartCheckError
Task: {3E751D32-1D44-4772-9B7B-D6AD00237C84} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => cmd /c start hpdiags://BHM2
Task: {4CE116E9-5138-4460-AE85-F884DBF0BAB3} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4DC9D9E2-E9E1-4EDC-9B64-FAE258CB3AE5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)
Task: {509D28BC-6633-458A-B2FC-818D8BF729A4} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {51DEC868-9098-494E-AC6E-441E26C2B12A} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => cmd /c start hpdiags://BHM1
Task: {5A7C20E7-77A0-49ED-B2F9-FE0FF43B53A9} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6EEE9169-DF5F-4485-9D27-CDE421E7130C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-05] (Google Inc -> Google Inc.)
Task: {73957504-AACC-450A-908D-1A0906E8E477} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7847B0F9-A26C-41EB-92C9-24BF73B9BABC} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-27] (Avast Software s.r.o. -> AVAST Software)
Task: {8C321BF9-D467-429E-BED3-B094912333EC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {8CF216D7-7856-434B-A1AA-461E18225E05} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => cmd /c start hpdiags://BatteryStatusTest
Task: {91317FAC-F2FE-4E45-8F2E-7993EA17FF49} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {946C981B-6A09-4C55-9F97-A6A3D6CA7983} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [616232 2016-11-28] (Dropbox, Inc -> DropboxOEM)
Task: {966C06F7-8EFE-4EB2-B423-A62D85A043D8} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => cmd /c start hpdiags://LaunchUI
Task: {97F90284-E750-466B-9AEF-4EB29984137C} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-27] (Avast Software s.r.o. -> AVAST Software)
Task: {9EFDCC4E-C293-418E-A19D-5CF1DC8CA358} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {9F16E753-BD0A-4918-AA78-3227608368BA} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A4453B38-7A21-46C0-A75D-37DC64EDF352} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [135000 2020-10-01] (HP Inc. -> HP Inc.)
Task: {A620A932-AC2E-4E3B-B599-3633BE7F23AD} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {A6B98208-6D78-42FB-89ED-8BCB78A0D519} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {AE147F94-763B-4F39-8231-B100CC5EBFC5} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2229072 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
Task: {AE1DF906-A0AD-4EDE-BF2A-EFDB46093C46} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B854B20B-AC88-4453-AF4B-65E24FD3297B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B9D46A70-807E-41B6-AC19-EE777B15A05E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-05] (Google Inc -> Google Inc.)
Task: {CAEC7BF0-20D5-4E5E-A2AE-08B37422272F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {CE8323FA-88AA-4D50-B01C-E30DB0D9C354} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D39257F9-DD52-4FAE-B8FB-8A6B5C7802D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3985328 2021-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {D3AF6303-C1A7-4358-8DD3-7AB442CC100D} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\8.4.0\AutoUpdate.exe [2285592 2021-04-09] (IObit CO., LTD -> IObit)
Task: {DDBD7AD8-D487-4693-A362-21C7CF570093} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => cmd /c start hpdiags://ABO
Task: {E2F3389D-45E7-4613-B108-A737AB8A5FA2} - System32\Tasks\Driver Booster SkipUAC (HP) => C:\Program Files (x86)\IObit\Driver Booster\8.4.0\DriverBooster.exe [8243224 2021-04-22] (IObit CO., LTD -> IObit)
Task: {E465ED72-FFB7-4152-85E5-F137E473A7B3} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {E60961EC-A7D6-42EB-A9FF-6250E3639EA0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114000 2021-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {E9103714-3999-4693-B278-70B4CB6C4F23} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {F94B8F03-059A-49B7-8CF5-29ED635F0619} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {FD43264D-8607-4E97-8A7B-7D1449285B0B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FFD01BB1-E474-4BED-9646-58254ACEF8A6} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2229072 2021-04-27] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20
Tcpip\..\Interfaces\{94aa0b46-cd69-40de-a625-84679ced601a}: [DhcpNameServer] 10.255.255.10 10.255.255.20
Tcpip\..\Interfaces\{abe4f5a4-93fa-4b96-8a35-cb451d0d1241}: [DhcpNameServer] 10.255.255.10 10.255.255.20

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\HP\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-19]

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-11-27] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-11-27] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2021-05-19]
CHR Notifications: Default -> hxxps://assassinscreed.ubisoft.com; hxxps://calendar.google.com; hxxps://meet.google.com; hxxps://old.reddit.com; hxxps://webmail.blueboard.cz; hxxps://www.facebook.com; hxxps://www.netflix.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.modnipeklo.cz/
CHR StartupUrls: Default -> "hxxp://search.toggle.com/?lang=en&cid=adfaa7a7","hxxp://www.google.com/","hxxps://www.google.co ... kid=sp-006"
CHR Extension: (Prezentace) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-05]
CHR Extension: (Dokumenty) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-05]
CHR Extension: (Disk Google) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-05]
CHR Extension: (uBlock Origin) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-05-08]
CHR Extension: (Adobe Acrobat) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-12]
CHR Extension: (Convertio) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\eppjkefeiehhflmgkhdooajgbkkegpcl [2019-10-22]
CHR Extension: (Tabulky) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-12]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-05-03]
CHR Extension: (Avast Online Security) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-02-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-03-05]
CHR Extension: (Shinigami Eyes) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijcpiojgefnkmcadacmacogglhjdjphj [2021-03-18]
CHR Extension: (New XKit) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2020-05-21] [UpdateUrl:hxxps://new-xkit.github.io/XKit/Extensions/dist/page/FirefoxUpdate.json] <==== ATTENTION
CHR Extension: (HP Network Check Launcher) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2019-10-15]
CHR Extension: (View image) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2021-04-12]
CHR Extension: (Hola ad remover) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lalfpjdbhpmnhfofkckdpkljeilmogfl [2021-05-19]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2021-05-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-24]
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-03-25]
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\System Profile [2021-03-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7894040 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [606944 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [1281760 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [356064 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-11-27] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\90.0.9316.94\elevation_service.exe [1396968 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56920 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2019-05-06] (BitRaider LLC -> BitRaider, LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-28] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-05] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-03-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [12872144 2021-05-19] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2019-12-19] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\AppHelperCap.exe [731152 2021-03-24] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\DiagsCap.exe [728608 2021-03-24] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\NetworkCap.exe [728608 2021-03-24] (HP Inc. -> HP Inc.)
R2 HPOmenCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_c0309a48bef2b923\x64\OmenCap.exe [688888 2020-12-23] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077752 2016-09-28] (HP Inc. -> HP)
R2 hpsrv; C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe [28192 2017-11-20] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\SysInfoCap.exe [729608 2021-03-24] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_eb7ea98d07646ece\x64\TouchpointAnalyticsClientService.exe [480280 2021-03-17] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2520376 2020-10-08] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474240 2020-10-08] (Electronic Arts, Inc. -> Electronic Arts)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [526800 2021-05-19] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-02-24] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [212192 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [365024 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250336 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99288 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17352 2021-04-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41296 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [180448 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522896 2021-05-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107792 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82872 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850632 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467720 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215352 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326992 2021-04-26] (Avast Software s.r.o. -> AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2019-06-04] (BitRaider -> BitRaider)
R3 clwvd8; C:\WINDOWS\System32\drivers\clwvd8.sys [61056 2018-08-23] (CyberLink Corp. -> CyberLink Corporation)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [76744 2021-05-19] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [23960 2018-07-06] (HP Inc. -> HP Inc.)
R3 HPOmenCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpomencustomcapdriver.inf_amd64_326f2e1d16385daf\x64\hpomencustomcapdriver.sys [24056 2018-10-22] (HP Inc. -> HP Inc.)
R2 HpPortIo; C:\Windows\System32\drivers\HpPortIox64.sys [49176 2021-05-19] (HP Inc. -> HP Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-03-08] (Martin Malik - REALiX -> REALiX(tm))
R1 rtf64; C:\WINDOWS\system32\DRIVERS\rtf64x64.sys [70560 2020-10-11] (Realtek Semiconductor Corp. -> Realtek)
R3 ViGEmBus; C:\WINDOWS\System32\DriverStore\FileRepository\vigembus.inf_amd64_e84845c70c38fbe7\x64\ViGEmBus.sys [74648 2018-08-01] (HP Inc. -> Benjamin Höglinger-Stelzer)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-12-17] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-19 17:26 - 2021-05-19 17:27 - 000040451 _____ C:\Users\HP\Desktop\FRST.txt
2021-05-19 17:26 - 2021-05-19 17:26 - 000000000 ____D C:\FRST
2021-05-19 17:24 - 2021-05-19 17:24 - 002299904 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2021-05-19 17:18 - 2021-05-19 17:16 - 002216448 _____ (TODO: <Company name>) C:\WINDOWS\system32\wlanCliDLL.dll
2021-05-19 17:18 - 2021-05-19 17:16 - 000343552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtBWCtrl.dll
2021-05-19 17:18 - 2021-05-19 17:16 - 000126336 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtFDrvIOCtrl.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 001304128 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\IntelOverclockingSDK.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000876096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr110.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000795712 _____ C:\WINDOWS\SysWOW64\IccSdk.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000645184 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\HardwareAccess.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000535616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000425024 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\Common.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000391768 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuApplication.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000212032 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\HardwareServices.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000154176 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\IntelBenchmarkSDK.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000123488 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuCoreServer.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000086080 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\HardwareServiceInterfaces.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000081472 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuService.exe
2021-05-19 17:16 - 2021-05-19 17:16 - 000077376 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\ProfileHelperModel.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000075328 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\HardwareAccessInterfaces.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000074336 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\PlatformDetection.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000072768 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuInterface.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000068192 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuApplicationInterfaces.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000047784 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iocbios2.sys
2021-05-19 17:16 - 2021-05-19 17:16 - 000041144 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ICCWDT.sys
2021-05-19 17:16 - 2021-05-19 17:16 - 000036928 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\PerfTuneAppMutex.dll
2021-05-19 17:16 - 2021-05-19 17:16 - 000029784 _____ ( ) C:\WINDOWS\SysWOW64\Interop.IccProxy.dll
2021-05-19 08:31 - 2021-05-19 08:31 - 000076744 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2021-05-19 08:31 - 2021-05-19 08:31 - 000001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
2021-05-19 08:31 - 2021-05-19 08:31 - 000001066 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2021-05-19 08:31 - 2021-05-19 08:31 - 000001066 _____ C:\ProgramData\Desktop\SpyHunter5.lnk
2021-05-19 08:31 - 2021-05-19 08:31 - 000000000 ____D C:\sh5ldr
2021-05-19 08:31 - 2021-05-19 08:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2021-05-19 08:31 - 2021-05-19 08:31 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2021-05-19 08:31 - 2021-05-19 08:31 - 000000000 ____D C:\Program Files\EnigmaSoft
2021-05-19 08:30 - 2021-05-19 08:30 - 006602192 _____ (EnigmaSoft Limited) C:\Users\HP\Downloads\SpyHunter-Installer.exe
2021-05-14 12:29 - 2021-05-14 12:29 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-14 12:29 - 2021-05-14 12:29 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-14 12:29 - 2021-05-14 12:29 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-14 12:29 - 2021-05-14 12:29 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-14 12:29 - 2021-05-14 12:29 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-14 12:29 - 2021-05-14 12:29 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-14 12:29 - 2021-05-14 12:29 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-14 12:29 - 2021-05-14 12:29 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-14 12:29 - 2021-05-14 12:29 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-14 12:29 - 2021-05-14 12:29 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-14 12:28 - 2021-05-14 12:28 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-14 12:28 - 2021-05-14 12:28 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-14 12:16 - 2021-05-14 12:16 - 000522896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-05-12 11:55 - 2021-05-12 11:55 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-07 19:48 - 2021-05-07 19:48 - 000000222 _____ C:\Users\HP\Desktop\Amazing Cultivation Simulator.url
2021-05-07 17:24 - 2021-05-07 17:24 - 125580994 _____ C:\Users\HP\Downloads\Star.Wars.The.Bad.Batch.S01E02.720p.WEBRip.x265-MiNX[eztv.re].mkv
2021-04-30 16:38 - 2021-04-30 16:38 - 000224674 _____ C:\Users\HP\Downloads\Smlouva o investicnich sluzbach.pdf
2021-04-30 12:44 - 2021-04-30 12:44 - 000295771 _____ C:\Users\HP\Downloads\jízdenka vlak.pdf
2021-04-30 08:21 - 2021-04-30 12:47 - 000000000 ____D C:\Users\HP\Documents\obrázky sken
2021-04-30 08:14 - 2021-04-30 08:16 - 000000000 ___HD C:\ProgramData\CanonIJMIG
2021-04-30 08:14 - 2021-04-30 08:14 - 000000000 ___HD C:\ProgramData\CanonIJScan
2021-04-29 17:13 - 2021-05-11 23:03 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-04-28 17:27 - 2021-04-28 17:27 - 000576772 _____ C:\Users\HP\Downloads\2021_04_Vacková_Irena_SR_KZ.pdf
2021-04-28 17:27 - 2021-04-28 17:27 - 000565966 _____ C:\Users\HP\Downloads\2021_4_Vacek_Bohuslav_SR_KZ.pdf
2021-04-28 17:26 - 2021-04-28 17:26 - 000576772 _____ C:\Users\HP\Downloads\2021_04_Vacková_SR_KZ.pdf
2021-04-27 20:04 - 2021-04-27 20:04 - 000985308 _____ C:\Users\HP\Downloads\Prezentace - obecná - klient.pptx
2021-04-27 20:03 - 2021-04-27 20:03 - 002218778 _____ C:\Users\HP\Downloads\Prez - návod na vytvoření požadavku - přepis.pptx
2021-04-27 20:03 - 2021-04-27 20:03 - 001638348 _____ C:\Users\HP\Downloads\Prez - návod na vytvoření požadavku - tlumočení.pptx
2021-04-27 20:03 - 2021-04-27 20:03 - 000880117 _____ C:\Users\HP\Downloads\Prezentace - obecná - organizace.pptx
2021-04-27 20:01 - 2021-04-27 20:02 - 002217724 _____ C:\Users\HP\Downloads\Prezentace - návod na vytvoření požadavku - org.pptx
2021-04-26 17:14 - 2021-04-26 17:14 - 000011524 _____ C:\Users\HP\Downloads\ECI(2020)000005-receipt.pdf
2021-04-26 17:10 - 2021-05-19 08:15 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-04-26 17:10 - 2021-04-26 17:10 - 000850632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-04-26 17:10 - 2021-04-26 17:10 - 000467720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-04-26 17:10 - 2021-04-26 17:10 - 000365024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-04-26 17:10 - 2021-04-26 17:10 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-04-26 17:10 - 2021-04-26 17:10 - 000326992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-04-26 17:10 - 2021-04-26 17:10 - 000250336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-04-26 17:10 - 2021-04-26 17:10 - 000215352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-04-26 17:10 - 2021-04-26 17:10 - 000212192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-04-26 17:10 - 2021-04-26 17:10 - 000180448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-04-26 17:10 - 2021-04-26 17:10 - 000107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-04-26 17:10 - 2021-04-26 17:10 - 000099288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-04-26 17:10 - 2021-04-26 17:10 - 000082872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-04-26 17:10 - 2021-04-26 17:10 - 000041296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-04-26 17:10 - 2021-04-26 17:10 - 000017352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-04-26 12:26 - 2021-04-26 12:26 - 026940400 _____ (IObit ) C:\Users\HP\Downloads\driver_booster_setup.exe
2021-04-21 09:28 - 2021-04-21 09:28 - 011607625 _____ C:\Users\HP\Downloads\Rozsudek Josef Tourek 2019.pdf
2021-04-20 08:30 - 2021-04-20 08:30 - 000012327 _____ C:\Users\HP\Downloads\Zaučování Lucka.xlsx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-19 17:25 - 2018-03-08 18:23 - 000000762 _____ C:\Users\HP\Desktop\Stažené soubory.lnk
2021-05-19 17:18 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-19 17:18 - 2018-03-06 19:26 - 000000000 ____D C:\Users\HP\AppData\Roaming\discord
2021-05-19 17:16 - 2021-03-03 18:12 - 000000000 ____D C:\hpswsetup
2021-05-19 17:16 - 2020-10-11 08:47 - 000127624 _____ () C:\WINDOWS\OMENSDK_Ver.exe
2021-05-19 17:16 - 2020-10-11 08:47 - 000049176 _____ (HP Inc.) C:\WINDOWS\system32\Drivers\HpPortIox64.sys
2021-05-19 17:16 - 2017-05-22 04:18 - 000000000 ____D C:\ProgramData\NVIDIA
2021-05-19 17:14 - 2018-03-08 18:15 - 000000000 ____D C:\Program Files\CCleaner
2021-05-19 17:14 - 2018-03-06 19:26 - 000000000 ____D C:\Users\HP\AppData\Local\Discord
2021-05-19 17:13 - 2017-05-22 04:56 - 000000000 __SHD C:\Users\HP\IntelGraphicsProfiles
2021-05-19 10:14 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-19 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-19 08:47 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-19 08:44 - 2018-05-15 16:32 - 000000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-05-19 08:44 - 2018-05-15 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-05-19 08:44 - 2018-05-15 16:32 - 000000000 ____D C:\Program Files\WinRAR
2021-05-19 08:44 - 2018-03-27 20:00 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-05-19 08:44 - 2018-03-27 20:00 - 000000923 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-05-19 08:22 - 2020-10-12 15:00 - 000000000 ____D C:\Users\HP\AppData\Roaming\uTorrent
2021-05-19 08:16 - 2018-03-05 17:49 - 000000000 ____D C:\Users\HP\AppData\Local\CrashDumps
2021-05-17 08:52 - 2020-11-07 12:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-17 08:40 - 2020-06-15 19:04 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-17 08:40 - 2020-06-15 19:04 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-17 08:40 - 2020-06-15 19:04 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-17 08:37 - 2020-11-07 12:25 - 001841550 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-17 08:37 - 2019-12-07 16:41 - 000766654 _____ C:\WINDOWS\system32\perfh005.dat
2021-05-17 08:37 - 2019-12-07 16:41 - 000170398 _____ C:\WINDOWS\system32\perfc005.dat
2021-05-17 08:30 - 2021-02-18 19:58 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-17 08:30 - 2020-11-07 12:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-17 08:30 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-17 08:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-05-17 08:30 - 2018-03-05 18:48 - 000000000 ____D C:\ProgramData\AVAST Software
2021-05-14 15:10 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-05-14 15:09 - 2020-11-07 12:13 - 000538544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-14 15:09 - 2017-05-22 03:46 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-05-14 15:09 - 2017-05-22 03:46 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-05-14 15:08 - 2019-12-07 16:42 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-14 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-14 12:42 - 2018-03-05 19:08 - 000000000 ____D C:\Program Files (x86)\Steam
2021-05-14 12:31 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-14 12:22 - 2018-03-05 19:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-14 12:20 - 2017-05-22 03:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-05-14 12:18 - 2018-03-05 19:06 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-14 12:17 - 2018-03-05 18:37 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-14 12:17 - 2018-03-05 18:37 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-14 12:17 - 2018-03-05 18:37 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-11 23:03 - 2021-03-12 13:42 - 000002564 _____ C:\WINDOWS\system32\Tasks\Driver Booster Scheduler
2021-05-11 23:03 - 2021-03-12 13:42 - 000002550 _____ C:\WINDOWS\system32\Tasks\Driver Booster Update
2021-05-11 23:03 - 2021-03-12 13:42 - 000002384 _____ C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (HP)
2021-05-11 23:03 - 2021-02-09 20:44 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-05-11 23:03 - 2021-02-05 19:04 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-11 23:03 - 2021-02-05 19:04 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-11 23:03 - 2021-02-05 19:03 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-11 23:03 - 2021-02-05 19:03 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-11 23:03 - 2021-02-05 19:03 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-11 23:03 - 2021-02-05 19:03 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-11 23:03 - 2021-02-05 19:03 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-11 23:03 - 2021-02-05 19:03 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-11 23:03 - 2021-02-05 19:03 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-11 23:03 - 2021-02-05 19:03 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-05-11 23:03 - 2020-11-28 10:38 - 000003318 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b4ef8bfbc006
2021-05-11 23:03 - 2020-11-07 12:21 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-11 23:03 - 2020-11-07 12:21 - 000003462 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-05-11 23:03 - 2020-11-07 12:21 - 000003400 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-05-11 23:03 - 2020-11-07 12:21 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-05-11 23:03 - 2020-11-07 12:21 - 000003238 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-05-11 23:03 - 2020-11-07 12:21 - 000003176 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-05-11 23:03 - 2020-11-07 12:21 - 000002218 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-05-11 23:03 - 2020-11-07 12:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-05-07 17:56 - 2018-03-27 20:01 - 000000000 ____D C:\Users\HP\AppData\Roaming\vlc
2021-05-07 10:57 - 2019-04-18 15:45 - 000000000 ____D C:\Users\HP\Documents\YouCam
2021-05-05 17:06 - 2020-11-27 20:00 - 000002517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-05-04 19:11 - 2017-05-22 03:39 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-02 20:59 - 2021-02-27 16:15 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-04-30 22:01 - 2020-10-01 13:36 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-30 08:14 - 2021-02-27 16:17 - 000000000 ____D C:\Users\HP\AppData\Roaming\Canon
2021-04-29 20:38 - 2018-03-11 13:27 - 000000000 ____D C:\Users\HP\AppData\Local\Battle.net
2021-04-27 20:07 - 2018-05-24 15:50 - 000000000 ____D C:\Users\HP\AppData\Local\PlaceholderTileLogoFolder
2021-04-26 17:10 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-26 12:27 - 2018-03-08 18:27 - 000000000 ____D C:\ProgramData\ProductData
2021-04-26 12:27 - 2018-03-08 18:26 - 000000000 ____D C:\Users\HP\AppData\Roaming\IObit
2021-04-26 12:27 - 2018-03-08 18:26 - 000000000 ____D C:\ProgramData\IObit
2021-04-23 08:14 - 2020-11-07 12:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-04-21 20:47 - 2018-06-28 14:09 - 000000000 ____D C:\Users\HP\AppData\Local\D3DSCache
2021-04-20 08:31 - 2018-03-07 20:21 - 000000000 ____D C:\Users\HP\AppData\Local\Packages

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

tata22
Návštěvník
Návštěvník
Příspěvky: 197
Registrován: 11 říj 2004 08:14
Bydliště: Č.Budějovice

Re: Rusové útočí

#2 Příspěvek od tata22 »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2021
Ran by HP (19-05-2021 17:27:48)
Running from C:\Users\HP\Desktop
Windows 10 Home Version 20H2 19042.985 (X64) (2020-11-07 10:21:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2795632099-1143490015-279500104-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2795632099-1143490015-279500104-503 - Limited - Disabled)
Guest (S-1-5-21-2795632099-1143490015-279500104-501 - Limited - Disabled)
HP (S-1-5-21-2795632099-1143490015-279500104-1001 - Administrator - Enabled) => C:\Users\HP
WDAGUtilityAccount (S-1-5-21-2795632099-1143490015-279500104-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 21.3.2459 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 90.0.9316.94 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Canon TS5000 series Elektronická příručka (HKLM-x32\...\Canon TS5000 series Elektronická příručka) (Version: 1.1.0 - Canon Inc.)
Canon TS5000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS5000_series) (Version: 1.03 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform)
CyberLink YouCam 8 (HKLM-x32\...\{704F43D3-B221-4379-A878-355DFED0FC2B}) (Version: 8.0.1411.0 - CyberLink Corp.)
Discord (HKU\S-1-5-21-2795632099-1143490015-279500104-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
DisplayLink Graphics Driver (HKLM\...\{D60A2F8B-FEA3-4C61-AD7F-BCD8EA6C1A13}) (Version: 8.4.3485.0 - DisplayLink Corp.)
Documentation Manager (HKLM\...\{0203C24C-452D-4344-871F-DE3C7B49C328}) (Version: 22.40.0.7 - Intel Corporation) Hidden
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.459.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - epubfilereader.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Heroes of Might and Magic IV Gold verze 3.0c (HKLM-x32\...\{67FA88C6-ECC7-45AD-9615-3FB4AFE3E131}_is1) (Version: 3.0c - )
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.16.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{AC154691-D9B6-4CD9-BB9B-ACDAF61367E5}) (Version: 2.22.1 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Port Replicator Software Installer (HKLM-x32\...\{6313BCDF-1109-4682-A19D-413189817787}) (Version: 1.3.58 - HP)
HP System Event Utility (HKLM-x32\...\{57058272-92B0-4EFA-8FDD-ED3E5D689D37}) (Version: 1.4.32 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{119A6F59-D6D4-4091-A593-019EB9C9300E}) (Version: 1.1.22.1 - HP)
Intel Driver && Support Assistant (HKLM-x32\...\{AA6F2D8D-DB19-4A2F-AF32-701EF96BDB2B}) (Version: 21.2.13.9 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10500.5526 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6344 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.7.0.1006 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000060-0210-1029-84C8-B8D95FA3C8C3}) (Version: 21.60.0.4 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{a25ff316-2534-4b53-94fc-80c3deaadbf4}) (Version: 21.2.13.9 - Intel)
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{AA90D357-23D3-44C1-954D-7105B0C08F38}) (Version: 17.7.0.1006 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{3933e30f-0de2-4fee-8a5e-28c71ea7f121}) (Version: 22.40.0.7 - Intel Corporation) Hidden
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.9 - PandoraTV)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.13929.20372 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2795632099-1143490015-279500104-1001\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2795632099-1143490015-279500104-1001\...\Teams) (Version: 1.3.00.28779 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM-x32\...\{3e04c2ef-ccc7-4fe6-a32f-f36572af0f42}) (Version: 3.1.8.29220 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.13929.20372 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.85.44831 - Electronic Arts, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.320.170 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.18.526.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8940.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10296 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon TS5000 series (HKLM-x32\...\Registrace uživatele zařízení Canon TS5000 series) (Version: - ‭Canon Inc.)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.10.10.233 - EnigmaSoft Limited)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 3 Ultimate Collection verze 1.67.2 (HKLM-x32\...\The Sims 3 Ultimate Collection_is1) (Version: 1.67.2 - EA Games)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 38.2 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{663d577d-5b70-46e2-84fc-17b0d88a4db5}) (Version: 7.0.2417.4248 - Lavasoft)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 6.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version: - Blizzard Entertainment)
Zoom (HKU\S-1-5-21-2795632099-1143490015-279500104-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-30] (Microsoft Corporation)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.41.4102.0_x86__ytsefhwckbdv6 [2021-05-07] (G5 Entertainment AB)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.378.0_x64__v10z8vjag6ke6 [2017-05-22] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.8.0_x64__v10z8vjag6ke6 [2021-01-28] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2021-04-10] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.7.290.0_x64__v10z8vjag6ke6 [2021-04-22] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6 [2020-09-06] (HP Inc.)
Magnificent Japanese Flora -> C:\Program Files\WindowsApps\Microsoft.MagnificentJapaneseFlora_1.0.0.0_neutral__8wekyb3d8bbwe [2020-01-12] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-12] (Microsoft Studios) [MS Ad]
OMEN Gaming Hub -> C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6 [2021-05-19] (HP Inc.) [Startup Task]
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2021-02-11] (Plex)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0 [2021-05-03] (Spotify AB) [Startup Task]
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-14] (Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2795632099-1143490015-279500104-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2795632099-1143490015-279500104-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key 2021 -> Intel)
CustomCLSID: HKU\S-1-5-21-2795632099-1143490015-279500104-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-08-07] (Intel(R) Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-26] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-08-07] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki130350.inf_amd64_696b7c6764071b63\igfxDTCM.dll [2018-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-01-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-03-17 13:58 - 2021-03-17 13:58 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2021-03-08 09:48 - 2021-03-08 09:48 - 000348160 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\f42538764609df3801e3476b67a39c2a\CleanStartController.ni.dll
2021-03-08 09:48 - 2021-03-08 09:48 - 000072704 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NativeInterop\2fc0ed576f78780f7ee9b09f6232fded\NativeInterop.ni.dll
2021-02-27 16:17 - 2015-09-15 17:07 - 000318464 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2021-02-27 16:19 - 2017-07-05 14:49 - 000593920 _____ (CANON INC.) [File not signed] [File is in use] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2021-02-27 16:17 - 2015-09-01 19:11 - 000194560 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2021-02-27 16:17 - 2015-06-17 17:01 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_CSY.DLL
2021-02-27 16:17 - 2015-06-17 17:00 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2021-02-27 16:17 - 2015-05-26 10:44 - 000141312 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnwidsd.dll
2021-02-27 16:19 - 2017-07-05 14:43 - 000561152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2018-03-09 19:59 - 2012-03-14 06:00 - 000385024 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLMAT.DLL
2018-03-09 20:00 - 2012-06-14 18:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2020-05-12 16:34 - 2020-05-12 16:34 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2021-03-08 09:48 - 2021-03-08 09:48 - 000134656 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\4b06a391f488eb9b011d39d8026e7604\CommonPortable.ni.dll
2021-04-06 07:56 - 2021-04-06 07:56 - 000129536 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll
2020-10-26 12:45 - 2020-09-05 20:29 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-10-26 12:45 - 2020-09-05 20:29 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-10-26 12:45 - 2020-09-05 20:29 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-10-26 12:45 - 2020-09-05 20:29 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-10-26 12:45 - 2020-09-05 20:29 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-10-26 12:45 - 2020-09-05 20:29 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-10-26 12:45 - 2020-09-05 20:29 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-10-26 12:45 - 2020-09-05 20:29 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-10-26 12:45 - 2020-09-05 20:29 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
HKU\S-1-5-21-2795632099-1143490015-279500104-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2020-10-12 01:02:20&bName=
HKU\S-1-5-21-2795632099-1143490015-279500104-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
SearchScopes: HKU\S-1-5-21-2795632099-1143490015-279500104-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2019-12-19] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2019-12-19] (HP Inc. -> HP Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-02] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2795632099-1143490015-279500104-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2795632099-1143490015-279500104-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 23:03 - 2019-01-04 17:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2018-05-09 15:48 - 2018-08-29 13:18 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-2795632099-1143490015-279500104-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.255.255.10 - 10.255.255.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Realtek LightWeight Filter (NDIS6.40) -> nt_rtf64 (enabled)
Ethernet: Realtek LightWeight Filter (NDIS6.40) -> nt_rtf64 (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4F72E0AC-30A2-4AFB-AC7F-FF7735B276F2}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{5E4B222F-E573-461F-AD70-349A0BDC7263}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{A9286687-381F-4DC8-B4DD-4A519277E8BE}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{CBCE676E-F4C0-416C-9C27-1E33799BC60C}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [UDP Query User{145498F3-CCCE-4917-9473-5A155E06E560}D:\utorrent.exe] => (Allow) D:\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [TCP Query User{EC979286-D336-4D78-8F92-254DF4A7CFEC}D:\utorrent.exe] => (Allow) D:\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{DADDF9C2-B93E-430C-8DF6-44DC514B3CA9}] => (Allow) D:\\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{2E6529A1-F2DC-49BE-994E-B3DB9E0212CA}] => (Allow) D:\\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{8C3FDF9E-3853-4A72-886B-07DE88E611DD}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{476FC629-1E5D-4BA3-BEE4-CEB74F9C936F}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [UDP Query User{17DD55A4-8CB5-4B8E-98A6-1D3A63DAE09C}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File
FirewallRules: [TCP Query User{3475DE72-6CF9-41DB-89C8-3E5DC1BAF97E}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File
FirewallRules: [UDP Query User{6D7264AA-9F65-48BE-88D8-0B8B154CC051}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe => No File
FirewallRules: [TCP Query User{780C1E6E-B180-4DFB-AACE-FBAB993DE94C}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe => No File
FirewallRules: [{6ECF7E8D-4364-4236-BF75-22A925EDE356}] => (Allow) D:\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{76336261-6930-41CF-A0E9-A2256DAEDF06}] => (Allow) D:\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [UDP Query User{469AE127-15A5-4C9B-8B50-2ABBD759B2BA}D:\steamlibrary\steamapps\common\pathologic\pathologic.exe] => (Allow) D:\steamlibrary\steamapps\common\pathologic\pathologic.exe () [File not signed]
FirewallRules: [TCP Query User{424F8D72-DDCE-49E6-92C1-9E0876FE848D}D:\steamlibrary\steamapps\common\pathologic\pathologic.exe] => (Allow) D:\steamlibrary\steamapps\common\pathologic\pathologic.exe () [File not signed]
FirewallRules: [{CED09CDB-93A5-4CB1-B6B6-EF630AE08F71}] => (Allow) D:\SteamLibrary\steamapps\common\LEGO Lord of the Rings\LEGOLOTR.exe (Travellers Tales (UK) Ltd -> Warner Bros. Interactive Entertainment)
FirewallRules: [{4609FE13-CA14-402F-ADCA-BC2DECB36242}] => (Allow) D:\SteamLibrary\steamapps\common\LEGO Lord of the Rings\LEGOLOTR.exe (Travellers Tales (UK) Ltd -> Warner Bros. Interactive Entertainment)
FirewallRules: [{A285AB5B-C2E8-479A-BD1E-408E350E789B}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes of Might and Magic 5\bina1\testapp.exe () [File not signed]
FirewallRules: [{3B8E5F6F-566B-4E31-A930-8794F64C393F}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes of Might and Magic 5\bina1\testapp.exe () [File not signed]
FirewallRules: [{2D8581C0-FEE4-49C1-8B60-0C4C6D8B0909}] => (Allow) D:\SteamLibrary\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe (PopCap Games -> )
FirewallRules: [{CD877FFC-CD36-443E-B5FC-0F30CE7D5A97}] => (Allow) D:\SteamLibrary\steamapps\common\Plants Vs Zombies\PlantsVsZombies.exe (PopCap Games -> )
FirewallRules: [{34EED717-1F11-4989-B9CA-7EECFC27FCCD}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes of Might and Magic 5 Tribes of the East\bin\H5_Game.exe () [File not signed]
FirewallRules: [{8DAC80E9-C545-4D15-9D28-0FC6BD0EAB1B}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes of Might and Magic 5 Tribes of the East\bin\H5_Game.exe () [File not signed]
FirewallRules: [{FF0378F3-BD46-4AAB-B04A-C96748DAAE5E}] => (Allow) D:\SteamLibrary\steamapps\common\Sherlock Holmes - The Devil's Daughter\Binaries\Win64\Sherlock.exe (FROGWARES IRELAND LIMITED -> Frogwares, Inc.)
FirewallRules: [{06F8BE27-D728-4540-A61C-79AFDBB70948}] => (Allow) D:\SteamLibrary\steamapps\common\Sherlock Holmes - The Devil's Daughter\Binaries\Win64\Sherlock.exe (FROGWARES IRELAND LIMITED -> Frogwares, Inc.)
FirewallRules: [{677EAF05-A8FE-4A88-AAF0-C18FEF75CD10}] => (Allow) D:\SteamLibrary\steamapps\common\Thronebreaker The Witcher Tales\Thronebreaker.exe () [File not signed]
FirewallRules: [{0ED9227B-57B0-4E8B-8717-9FC9DC3C99D3}] => (Allow) D:\SteamLibrary\steamapps\common\Thronebreaker The Witcher Tales\Thronebreaker.exe () [File not signed]
FirewallRules: [{56C956CE-D4B8-45AC-80B1-A75828EFB792}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes of Might and Magic 5\bin\H5_Game.exe () [File not signed]
FirewallRules: [{152EBF8B-5E6B-4E75-B529-BCE1E1D96C67}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes of Might and Magic 5\bin\H5_Game.exe () [File not signed]
FirewallRules: [{9800522D-5774-48B0-8DC3-40C6B96522B8}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{E5B4BFCE-7458-493E-A2D9-B63D7F15777C}] => (Allow) D:\SteamLibrary\steamapps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{B205F538-E8D3-41E1-9557-9E582A054323}] => (Allow) D:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{0844EC54-C94D-4626-8A6F-F197B3415B7E}] => (Allow) D:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{53034571-902E-45F6-B353-623085EE645F}] => (Allow) D:\SteamLibrary\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe (Obsidian Entertainment, Inc. -> )
FirewallRules: [{B98E2AFE-784E-4799-92E3-4B7411C20970}] => (Allow) D:\SteamLibrary\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe (Obsidian Entertainment, Inc. -> )
FirewallRules: [{7ED4B08C-9C71-4E38-B86E-A039812EBAB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5BF8F2B7-76BB-4379-922A-1BE73E2D8264}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CF5AA3B3-A0BD-4344-BB9F-4CB98F36A6C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C35A7DBC-A8D8-445D-8B1B-16EC3F2AA44E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F69E7DEA-7E0B-4BC1-8202-83E9709E9F14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9DFFCFB8-C0F1-45C7-ADC8-48F67547E19D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{209C54E3-0366-47CF-BF32-9AE930B5C514}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9B364B0C-DE8E-4BD0-B3C8-5B0B4022625B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5F023526-BFB1-4B0F-9D25-20593ADFE346}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CFF29C5F-64C4-475A-9C75-FDE678F8CC96}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{19EAB815-6D29-4376-BC16-0E41BBDE7F6D}] => (Allow) D:\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{1E89C0AB-76A7-4413-840A-6CCA8CBAC754}] => (Allow) D:\SteamLibrary\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{4316434F-D7C7-41F8-86DC-CECAEF822632}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{CF5AF3DA-B60B-4A69-8A6B-7E0392C36E1C}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{BC53295F-E0C6-4820-B4F1-6FDA77198466}] => (Allow) D:\SteamLibrary\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe (Larian Studios -> Larian Studios)
FirewallRules: [{32C8685A-7AE9-4E49-ABA6-CA83CF25078B}] => (Allow) D:\SteamLibrary\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe (Larian Studios -> Larian Studios)
FirewallRules: [{71E6F216-69CE-46DF-811A-023BA99CD94F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5EBA948F-62E5-4600-8F04-0F42EC9AF98C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2759908A-2566-4811-9095-D0592BE06503}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8BB177AA-10AD-456C-B8FD-F5C3831C0F2B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D17CB00E-B5EA-43FE-A2AE-FB377584559C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{C8E81FD3-423F-4463-AD58-BB04B6AC400B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{C88342E5-A707-484E-AE36-319413F68D00}D:\steamlibrary\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) D:\steamlibrary\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{3D8EC27E-D489-4DB5-827C-7BF881DD4035}D:\steamlibrary\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) D:\steamlibrary\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [{3C0F6B99-A40D-4C21-A6F0-6921D48C14B0}] => (Allow) D:\SteamLibrary\steamapps\common\Thea 2 The Shattering\Thea2.exe () [File not signed]
FirewallRules: [{CFEF298E-0269-4D24-A471-75329578E4CD}] => (Allow) D:\SteamLibrary\steamapps\common\Thea 2 The Shattering\Thea2.exe () [File not signed]
FirewallRules: [TCP Query User{58C8CC25-1DD8-4F29-8066-E6B551900436}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{2135C44D-FC25-4852-A6CB-F9D7FE79896D}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{C19C8597-1909-4AE2-A01D-72C723F2DE90}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{598B8215-F393-44DF-A902-8391E3910CD2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{88C47FDB-07A5-433C-8CC1-D06EF574F5F9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [TCP Query User{FB348DD0-3E40-40F6-A00A-D5EEC4943310}D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{755BE5CD-9C25-4D69-B603-2C595BC12664}D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{820848CF-B312-474E-9004-9F41DEA8464B}D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{941E315B-622E-435A-989B-D22399A486FB}D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{0463DD3E-FCFB-4B5E-8214-EB98E97CC535}] => (Allow) D:\SteamLibrary\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox) [File not signed]
FirewallRules: [{779F426A-E49E-4283-A75A-374CFC73A4E8}] => (Allow) D:\SteamLibrary\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox) [File not signed]
FirewallRules: [{552DAE3E-5C60-4F53-9CB9-05D19D71A9CA}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{A4BBBC9A-E277-427B-B8AD-1429FFB6487F}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{A2C0907D-6721-41A3-8257-59665DB91839}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{C77ABF00-A1E1-46DF-BADD-63538C545484}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{598FF019-E76B-47BC-B49F-BB5A40C62D25}] => (Allow) D:\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{5FBFF319-5DF6-4713-80DA-A3980A34A0E8}] => (Allow) D:\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{C5DF7ABD-B2FF-49E2-9914-5A9C06AC6BB8}] => (Allow) D:\Games\Star Wars-The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{E97C7CD4-F45C-43CA-9D65-666384B6EA0D}] => (Allow) D:\Games\Star Wars-The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{CA619FAB-94FA-4F1A-8C2E-F7892706161D}] => (Allow) D:\Games\Star Wars-The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{D43E2DFD-EE67-4E77-9660-FA1CF79EB521}] => (Allow) D:\Games\Star Wars-The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{246B641B-872C-417B-8195-DAC1B62E8C9F}] => (Allow) D:\SteamLibrary\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [{42EB9772-3616-4574-99E3-28382D1D86CD}] => (Allow) D:\SteamLibrary\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [{FE99995F-687A-4168-89A3-B907D6F1821C}] => (Allow) D:\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{64176130-0080-4300-8B3C-FC27E9B8BFA1}] => (Allow) D:\SteamLibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [TCP Query User{CDECE0F7-EFE2-4F2B-AABF-8E764EDC4FFA}D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{B674AEED-F92C-40AB-9EA7-4BB96A2901D7}D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{85C41A3C-0325-416C-9D18-65351ECF6EB0}D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{D0739880-3F17-43C1-98ED-1D1540CCB7FD}D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe] => (Allow) D:\world of warcraft\_classic_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{FD33AB3C-1158-4D16-A896-8637D5736F8B}] => (Allow) D:\SteamLibrary\steamapps\common\Project P\Torment.exe (Overhaul Games™) [File not signed]
FirewallRules: [{2D66B2ED-5DB1-4CD3-84F3-AE7ED9998666}] => (Allow) D:\SteamLibrary\steamapps\common\Project P\Torment.exe (Overhaul Games™) [File not signed]
FirewallRules: [TCP Query User{549F196A-CD1E-434B-8146-BF60CBEB93CC}C:\users\hp\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\hp\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{50F630E5-4DA9-4B30-A1F8-BBA009004D3C}C:\users\hp\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\hp\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3ED64F09-832B-4918-A691-1B24BF37738B}] => (Allow) D:\SteamLibrary\steamapps\common\Sunless Skies\Sunless Skies.exe () [File not signed]
FirewallRules: [{FBD07FE9-0CE5-41A6-A8A0-98628FE5BAE7}] => (Allow) D:\SteamLibrary\steamapps\common\Sunless Skies\Sunless Skies.exe () [File not signed]
FirewallRules: [{81F48C21-2828-481D-B45F-86BB8841DF47}] => (Allow) D:\SteamLibrary\steamapps\common\SunlessSea\Sunless Sea.exe () [File not signed]
FirewallRules: [{4531C9CB-3FFA-4969-8964-6BCF6FE96088}] => (Allow) D:\SteamLibrary\steamapps\common\SunlessSea\Sunless Sea.exe () [File not signed]
FirewallRules: [{558BA8CF-F8B8-4211-A318-A8DF92C8B4C2}] => (Allow) C:\Users\HP\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{512FFDE8-ADEE-4E59-8D88-00DAA64C8163}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FB165482-9858-419A-B8C8-E3FC8F3267C4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A59B0E4-C55E-4320-A81C-D22FC010BC4B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{969EE17F-7004-4B56-97AE-0C37728F276A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F806B8DC-3666-4732-B6C0-5B5E59EB8FD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{40CBDE50-6349-462D-AFFA-99D70ACAF3F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B128DFFD-E5D9-489B-9B86-1D28AD6DB912}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DD2D4F77-92C9-430A-B0D4-AEF277AE8DCA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F91363B0-892B-4C8F-AB71-DBF6E9F1CCBC}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\StreamerV2\omen.exe (HP Inc. -> HP Inc)
FirewallRules: [{2C588D73-6FAA-485A-B816-4AFD6557D1EF}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\StreamerV2\omen.exe (HP Inc. -> HP Inc)
FirewallRules: [{90D4B7F9-DD2B-48E5-9DB6-8F273E51AA80}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\StreamerV2\omen.exe (HP Inc. -> HP Inc)
FirewallRules: [{A736CCD5-1239-427D-A5EF-18F30177897A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\StreamerV2\omen.exe (HP Inc. -> HP Inc)
FirewallRules: [{829C0530-CBC9-4F0D-8317-593BFBF8AF45}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{FFE29A17-BE84-4393-BBA5-C54B3F5FD00C}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{D0978B6E-737B-4D6D-8144-BAB6F442E32D}] => (Allow) D:\SteamLibrary\steamapps\common\Graveyard Keeper\Graveyard Keeper.exe () [File not signed]
FirewallRules: [{8476163F-9C03-44C4-88A6-FBEC5A0EFBAC}] => (Allow) D:\SteamLibrary\steamapps\common\Graveyard Keeper\Graveyard Keeper.exe () [File not signed]
FirewallRules: [{54145119-173F-428A-95A5-A2164DB9EAA2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7B76088B-6149-48AC-839C-F20C165BC01D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{798484F0-8A80-4323-AEAD-439BE5EC37F7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9A3329EF-8D91-4CCC-95AA-2DE660ADA38A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{158F670F-97C1-400F-B1E6-C285BBE5CE1B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BCF8542C-3883-4511-AFDA-5226EC765844}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE91D2D4-765C-4188-BD50-3EDE74138900}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0A000BCB-B1C9-4260-92B0-3CCA21E5B316}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6E43CB10-BF8F-42AE-A681-F2E29228194B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{038B69B0-ADE3-4127-A00E-E9E2A244C03B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{37CFD992-9610-4691-8447-BE7359E94D86}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7E32C181-3655-4FEE-8C7C-B034FA327747}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{3EC9E719-F652-4F48-B7A9-66278E29B39F}] => (Allow) D:\SteamLibrary\steamapps\common\AmazingCultivationSimulator\Amazing Cultivation Simulator.exe () [File not signed]
FirewallRules: [{C8385BB2-439B-4E83-8ED8-85CE72566B2C}] => (Allow) D:\SteamLibrary\steamapps\common\AmazingCultivationSimulator\Amazing Cultivation Simulator.exe () [File not signed]
FirewallRules: [{A7FF6DD8-82F8-490B-97AF-1F25A9B8CA30}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8090FF0D-ADCB-486B-82BC-869BB5D0AE97}] => (Allow) D:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{9D8F51A6-7578-4710-8662-109E1B393086}] => (Allow) D:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{17289499-F859-4EC7-A451-019CE98DA908}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\StreamerV2\Omen.exe (HP Inc. -> HP Inc)
FirewallRules: [{F5BEB6F8-E777-4133-AFF0-DE3E5B77895F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\StreamerV2\Omen.exe (HP Inc. -> HP Inc)
FirewallRules: [{BF1AAB45-8E6F-4660-8E7F-97F0F7831860}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\StreamerV2\Omen.exe (HP Inc. -> HP Inc)
FirewallRules: [{B9C2C536-2390-4316-B8AB-686AF29F7EB8}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\StreamerV2\Omen.exe (HP Inc. -> HP Inc)
FirewallRules: [{9CFD19F4-119B-4D40-B9D5-25635979E405}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{C4D52466-CAC2-459A-85E9-B77E43D4CD9B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{BA021717-D3F1-4E71-875F-DDFBB067B679}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{CFB2F22C-4BA5-49D7-902C-F5DC516BBECE}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{EBC82A25-C8C1-4D7F-9739-672E9974E30F}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{1BD18853-947E-4E95-B0CB-EA9610BAFE53}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{06B5DE80-A25C-4411-868E-9C284E063FF1}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{7A9FC6B5-F884-4A63-8F73-D1EC0F2377C1}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{D6FBD152-E9BC-482A-9D2B-6EB8D426CE2E}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{608DA347-15CD-4DC0-B742-92A402DA6798}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{34367941-E1B0-4915-BC7A-4CDB09463787}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{018BC804-11A4-4CE3-81F0-F0126149D6F5}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{9F81EFAF-10A4-4969-8FA6-5194919D0FE1}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{25C9A862-BA75-44EE-A737-E83B11A0CF1A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\HP.Omen.OmenCommandCenter.exe (HP Inc. -> HP Inc.)
FirewallRules: [{6670935A-37A2-4172-A229-586F1E5CCCE0}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\OmenCommandCenterBackground.exe (HP Inc. -> HP Inc.)
FirewallRules: [{154CF57F-6D9C-42DE-8407-EBE020082893}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_11.5.1.0_x64__v10z8vjag6ke6\win32\OmenCommandCenterBackground.exe (HP Inc. -> HP Inc.)

==================== Restore Points =========================

14-05-2021 12:22:15 Instalační služba modulů systému Windows
14-05-2021 12:23:33 Instalační služba modulů systému Windows
19-05-2021 17:15:30 HPSF Applying updates

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/19/2021 08:16:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HpHwDiag.exe, verze: 1.6.8.0, časové razítko: 0x601066c3
Název chybujícího modulu: WindowsBase.ni.dll, verze: 4.8.4341.0, časové razítko: 0x60230dd6
Kód výjimky: 0xc00000fd
Posun chyby: 0x0000000000160169
ID chybujícího procesu: 0x4f38
Čas spuštění chybující aplikace: 0x01d74c767d78cf3a
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.8.0_x64__v10z8vjag6ke6\HpHwDiag.exe
Cesta k chybujícímu modulu: C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\WindowsBase\053647405075f5df1cebe1ca4e285ef7\WindowsBase.ni.dll
ID zprávy: 7309a8ed-fb02-42cb-a09c-2b5d5465c8d5
Úplný název chybujícího balíčku: AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.8.0_x64__v10z8vjag6ke6
ID aplikace související s chybujícím balíčkem: HPPCHardwareDiagnosticsWindows

Error: (05/17/2021 08:52:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na RECOVERY (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (05/17/2021 08:52:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (05/17/2021 08:30:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DSATray.exe, verze: 21.2.13.9, časové razítko: 0x606c82d3
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.964, časové razítko: 0x11253621
Kód výjimky: 0xe0434352
Posun chyby: 0x0012a6e2
ID chybujícího procesu: 0x337c
Čas spuštění chybující aplikace: 0x01d74ae62ae1e745
Cesta k chybující aplikaci: C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: b16f56e6-a9e3-41a6-aa13-00e62e43002e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/17/2021 08:30:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: DSATray.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.Exception
na NotifyIcon.Win32.Error.ThrowAsException()
na NotifyIcon.Win32.NotificationAreaIcon.AddOrModify()
na NotifyIcon.Win32.NotificationAreaIcon.ShowIcon()
na NotifyIcon.Wpf.NotifyIconComponent.ShowIcon()
na DSATray.App.OnStartup(System.Windows.StartupEventArgs)
na System.Windows.Application.<.ctor>b__1_0(System.Object)
na System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
na System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
na System.Windows.Threading.DispatcherOperation.InvokeImpl()
na System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
na MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Windows.Threading.DispatcherOperation.Invoke()
na System.Windows.Threading.Dispatcher.ProcessQueue()
na System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
na MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
na MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
na System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
na System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
na System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
na MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
na MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
na System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
na System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
na System.Windows.Application.RunDispatcher(System.Object)
na System.Windows.Application.RunInternal(System.Windows.Window)
na System.Windows.Application.Run(System.Windows.Window)
na DSATray.App.Main()

Error: (05/14/2021 03:10:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/14/2021 03:10:41 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/14/2021 03:10:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.


System errors:
=============
Error: (05/19/2021 05:18:17 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: Rozhraní TCP/IP IPv4 s indexem 3 nedokázalo vytvořit vazbu na svého poskytovatele.

Error: (05/19/2021 05:18:17 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: Rozhraní TCP/IP IPv6 s indexem 3 nedokázalo vytvořit vazbu na svého poskytovatele.

Error: (05/19/2021 05:18:13 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: Rozhraní TCP/IP IPv4 s indexem 3 nedokázalo vytvořit vazbu na svého poskytovatele.

Error: (05/19/2021 05:18:13 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: Rozhraní TCP/IP IPv6 s indexem 3 nedokázalo vytvořit vazbu na svého poskytovatele.

Error: (05/19/2021 05:16:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Omen HSA Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (05/19/2021 05:14:01 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-ERLFPQSH)
Description: Nelze spustit server DCOM: Microsoft.AAD.BrokerPlugin_1000.19041.964.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\WINDOWS\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

Error: (05/19/2021 05:14:01 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-ERLFPQSH)
Description: Nelze spustit server DCOM: Microsoft.AAD.BrokerPlugin_1000.19041.964.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\WINDOWS\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

Error: (05/19/2021 10:14:50 AM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-ERLFPQSH)
Description: Nelze spustit server DCOM: Microsoft.AAD.BrokerPlugin_1000.19041.964.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\WINDOWS\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider


CodeIntegrity:
===============
Date: 2021-05-19 17:23:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-05-19 17:23:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F.19 04/18/2019
Motherboard: HP 838F
Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 64%
Total physical RAM: 8070.9 MB
Available physical RAM: 2889.95 MB
Total Virtual: 14214.9 MB
Available Virtual: 6922.11 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.24 GB) (Free:23.16 GB) NTFS
Drive d: (DATA) (Fixed) (Total:918.29 GB) (Free:384.09 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:13.22 GB) (Free:1.37 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{01ce6ee0-8343-483f-86ab-1e2e08540dff}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.37 GB) NTFS
\\?\Volume{7ae2c82f-d80e-4c48-a484-e3e6d80b88eb}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15192
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Rusové útočí

#3 Příspěvek od JaRon »

Ahoj
Vycisti PC s Adwcleanerom -log sem
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

tata22
Návštěvník
Návštěvník
Příspěvky: 197
Registrován: 11 říj 2004 08:14
Bydliště: Č.Budějovice

Re: Rusové útočí

#4 Příspěvek od tata22 »

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-03-22.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-19-2021
# Duration: 00:00:20
# OS: Windows 10 Home
# Cleaned: 68
# Failed: 0


***** [ Services ] *****

Deleted WCAssistantService

***** [ Folders ] *****

Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\HP\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\HP\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\HP\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F2B3C8B-386A-4368-83A9-D5FD618A1EFC}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{663d577d-5b70-46e2-84fc-17b0d88a4db5}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{663d577d-5b70-46e2-84fc-17b0d88a4db5}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{663d577d-5b70-46e2-84fc-17b0d88a4db5}|UninstallString
Deleted HKLM\System\Setup\FirstBoot\Services\WCAssistantService
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{509D28BC-6633-458A-B2FC-818D8BF729A4}
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Deleted Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Deleted Preinstalled.HPCeement Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForHP
Deleted Preinstalled.HPCoolSense Folder C:\Program Files (x86)\HP\HP COOLSENSE
Deleted Preinstalled.HPCoolSense Folder C:\Users\HP\AppData\Local\HP\HP COOLSENSE
Deleted Preinstalled.HPCoolSense Folder C:\Windows\System32\Tasks\HP\HP COOLSENSE
Deleted Preinstalled.HPCoolSense Registry HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7}
Deleted Preinstalled.HPJumpStartBridge Folder C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Deleted Preinstalled.HPJumpStartBridge Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}
Deleted Preinstalled.HPJumpStartLaunch Folder C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{176B33F2-C72E-4D5E-B9C4-2BF98DF7D8EE}
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}
Deleted Preinstalled.HPJumpStartLaunch Task C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH
Deleted Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\HP\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\HP\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F322B446-B157-4257-B44F-4F22D41F8EDB}
Deleted Preinstalled.HPSureConnect Folder C:\Program Files (x86)\HP INC\HP SURE CONNECT
Deleted Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Deleted Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Deleted Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Deleted Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1437 octets] - [09/12/2018 19:08:01]
AdwCleaner[C00].txt - [1585 octets] - [09/12/2018 19:08:15]
AdwCleaner[S01].txt - [8878 octets] - [19/05/2021 17:54:52]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15192
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Rusové útočí

#5 Příspěvek od JaRon »

Zbytocny balast bol zmazany, ak nie su problemý tak hotovo
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

tata22
Návštěvník
Návštěvník
Příspěvky: 197
Registrován: 11 říj 2004 08:14
Bydliště: Č.Budějovice

Re: Rusové útočí

#6 Příspěvek od tata22 »

V Chromu ale pořád zůstává tenhle vyhledávač i když jsem ho vypnul. Odstranit ale nejde... Nevíte jak se ho zbavit ?

Poshukach Engin Search (Předvolba)
poshukach engin search
https://poshukach.com/search?q=%s&fr=ps ... &altserp=1

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15192
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Rusové útočí

#7 Příspěvek od JaRon »

FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

tata22
Návštěvník
Návštěvník
Příspěvky: 197
Registrován: 11 říj 2004 08:14
Bydliště: Č.Budějovice

Re: Rusové útočí

#8 Příspěvek od tata22 »

Píši z jiného PC. Pustil jsem ten doporučený program ZOEC a po dlouhém skenování mi najednou vyskočilo okno AVASTU, že se nějaký program snaží získat moje přihlašovací údaje do AVAST. Tak jsem to bloknul. Je možné, že by to byl ten ZOEC ?

tata22
Návštěvník
Návštěvník
Příspěvky: 197
Registrován: 11 říj 2004 08:14
Bydliště: Č.Budějovice

Re: Rusové útočí

#9 Příspěvek od tata22 »

ZOEK, omlouvám se

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15192
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Rusové útočí

#10 Příspěvek od JaRon »

Ked si pozriesten odkaz nizsie, stava sa, ze AV sa zoek nepaci
Pred spustenim zoek vypni antivir
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

tata22
Návštěvník
Návštěvník
Příspěvky: 197
Registrován: 11 říj 2004 08:14
Bydliště: Č.Budějovice

Re: Rusové útočí

#11 Příspěvek od tata22 »

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by HP on st 19. 05. 2021 at 19:50:15,83.
Microsoft Windows 10 Home 10.0.19042 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\HP\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2021-05-19-165823.log 114868 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Users\HP\AppData\Local\CrashDumps deleted successfully
C:\Users\HP\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

"C:\DumpStack.log.tmp" not deleted
"C:\Users\HP\AppData\Roaming\discord\Cookies" not deleted
"C:\Users\HP\AppData\Roaming\discord\Cookies-journal" not deleted
"C:\Users\HP\AppData\Roaming\discord\lockfile" not deleted
"C:\Users\HP\AppData\Roaming\discord\Cache\data_0" deleted
"C:\Users\HP\AppData\Roaming\discord\Cache\data_1" deleted
"C:\Users\HP\AppData\Roaming\discord\Cache\data_2" deleted
"C:\Users\HP\AppData\Roaming\discord\Cache\data_3" deleted
"C:\Users\HP\AppData\Roaming\discord\Cache\index" deleted
"C:\Users\HP\AppData\Roaming\discord\Dictionaries\cs-CZ-3-0.bdic" not deleted
"C:\Users\HP\AppData\Roaming\discord\GPUCache\data_0" deleted
"C:\Users\HP\AppData\Roaming\discord\GPUCache\data_1" deleted
"C:\Users\HP\AppData\Roaming\discord\GPUCache\data_2" deleted
"C:\Users\HP\AppData\Roaming\discord\GPUCache\data_3" deleted
"C:\Users\HP\AppData\Roaming\discord\GPUCache\index" deleted
"C:\Users\HP\AppData\Roaming\discord\Session Storage\000003.log" not deleted
"C:\Users\HP\AppData\Roaming\discord\Session Storage\LOCK" not deleted
"C:\Users\HP\AppData\Roaming\discord\Session Storage\LOG" not deleted
"C:\Users\HP\AppData\Roaming\discord\Session Storage\MANIFEST-000001" not deleted
"C:\Users\HP\AppData\Roaming\discord\VideoDecodeStats\000003.log" not deleted
"C:\Users\HP\AppData\Roaming\discord\VideoDecodeStats\LOCK" not deleted
"C:\Users\HP\AppData\Roaming\discord\VideoDecodeStats\LOG" not deleted
"C:\Users\HP\AppData\Roaming\discord\VideoDecodeStats\MANIFEST-000001" not deleted
"C:\Users\HP\AppData\Roaming\discord\Local Storage\leveldb\000003.log" not deleted
"C:\Users\HP\AppData\Roaming\discord\Local Storage\leveldb\LOCK" not deleted
"C:\Users\HP\AppData\Roaming\discord\Local Storage\leveldb\LOG" not deleted
"C:\Users\HP\AppData\Roaming\discord\Local Storage\leveldb\MANIFEST-000001" not deleted
"C:\Users\HP\AppData\Roaming\discord\shared_proto_db\metadata\000003.log" not deleted
"C:\Users\HP\AppData\Roaming\discord\shared_proto_db\metadata\LOCK" not deleted
"C:\Users\HP\AppData\Roaming\discord\shared_proto_db\metadata\LOG" not deleted
"C:\Users\HP\AppData\Roaming\discord\shared_proto_db\metadata\MANIFEST-000001" not deleted
"C:\Users\HP\AppData\Roaming\discord" not deleted
"C:\Users\HP\AppData\Roaming\discord\Cache" not deleted
"C:\Users\HP\AppData\Roaming\discord\Dictionaries" not deleted
"C:\Users\HP\AppData\Roaming\discord\GPUCache" not deleted
"C:\Users\HP\AppData\Roaming\discord\Local Storage" not deleted
"C:\Users\HP\AppData\Roaming\discord\Session Storage" not deleted
"C:\Users\HP\AppData\Roaming\discord\shared_proto_db" not deleted
"C:\Users\HP\AppData\Roaming\discord\VideoDecodeStats" not deleted
"C:\Users\HP\AppData\Roaming\discord\Local Storage\leveldb" not deleted
"C:\Users\HP\AppData\Roaming\discord\shared_proto_db\metadata" not deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
jkfpchpiljkaemlpmpebnglgkomamfeo - No path found[]

Chrome Media Router - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... TR&pc=HCTE"

==== Reset Google Chrome ======================

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\HP\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\HP\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\HP\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\HP\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\HP\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7245 folders=1978 1023285649 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\HP\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted
"C:\Users\HP\AppData\Local\AVAST Software\APM\HPFfl2.dat" not found
"C:\Users\HP\AppData\Local\AVAST Software\APM\HP\kv_pam.db" not found
"C:\DumpStack.log.tmp" not deleted
"C:\Users\HP\AppData\Roaming\discord\Cookies" not found
"C:\Users\HP\AppData\Roaming\discord\Cookies-journal" not found
"C:\Users\HP\AppData\Roaming\discord\lockfile" not found
"C:\Users\HP\AppData\Roaming\discord\Dictionaries\cs-CZ-3-0.bdic" not found
"C:\Users\HP\AppData\Roaming\discord\Session Storage\000003.log" not found
"C:\Users\HP\AppData\Roaming\discord\Session Storage\LOCK" not found
"C:\Users\HP\AppData\Roaming\discord\Session Storage\LOG" not found
"C:\Users\HP\AppData\Roaming\discord\Session Storage\MANIFEST-000001" not found
"C:\Users\HP\AppData\Roaming\discord\VideoDecodeStats\000003.log" not found
"C:\Users\HP\AppData\Roaming\discord\VideoDecodeStats\LOCK" not found
"C:\Users\HP\AppData\Roaming\discord\VideoDecodeStats\LOG" not found
"C:\Users\HP\AppData\Roaming\discord\VideoDecodeStats\MANIFEST-000001" not found
"C:\Users\HP\AppData\Roaming\discord\Local Storage\leveldb\000003.log" not found
"C:\Users\HP\AppData\Roaming\discord\Local Storage\leveldb\LOCK" not found
"C:\Users\HP\AppData\Roaming\discord\Local Storage\leveldb\LOG" not found
"C:\Users\HP\AppData\Roaming\discord\Local Storage\leveldb\MANIFEST-000001" not found
"C:\Users\HP\AppData\Roaming\discord\shared_proto_db\metadata\000003.log" not found
"C:\Users\HP\AppData\Roaming\discord\shared_proto_db\metadata\LOCK" not found
"C:\Users\HP\AppData\Roaming\discord\shared_proto_db\metadata\LOG" not found
"C:\Users\HP\AppData\Roaming\discord\shared_proto_db\metadata\MANIFEST-000001" not found
"C:\Users\HP\AppData\Local\AVAST Software" not found
"C:\Users\HP\AppData\Roaming\discord" not found

==== EOF on st 19. 05. 2021 at 20:08:56,40 ======================

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15192
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Rusové útočí

#12 Příspěvek od JaRon »

Mozes este pouzit junkware z odkazu
Potom restart a napis, ci je nejakyproblem ?
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

tata22
Návštěvník
Návštěvník
Příspěvky: 197
Registrován: 11 říj 2004 08:14
Bydliště: Č.Budějovice

Re: Rusové útočí

#13 Příspěvek od tata22 »

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by HP (Administrator) on st 19. 05. 2021 at 20:37:21,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (HP) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Update (Task)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 19. 05. 2021 at 20:40:39,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

tata22
Návštěvník
Návštěvník
Příspěvky: 197
Registrován: 11 říj 2004 08:14
Bydliště: Č.Budějovice

Re: Rusové útočí

#14 Příspěvek od tata22 »

Tak snad vše OK. Děkuji za pomoc

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15192
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Rusové útočí

#15 Příspěvek od JaRon »

Rado sa stalo
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Odpovědět