Procesor na 100%

[qwert29]

Předem zdravím a přeji hezký den,
kamarádka mi přinesla na kontrolu laptot. protože se ji při napojení na nabíječku přehřívá. Původně jsem od boku střelil, že je chyba v nabíječce. Ale po zkouknutí měním názor a přesouvám se do oblasti softwaru.
Zjištění: přesto, že není otevřené žádné okno, chrome vytěžuje procesor přes 80% (kontrola v Crome -> Správce úloh neukazuje žádné vytížení). Jako druhý proces co vytěžuje procesor do 100% je Průzkumník Windows který navíc obsadí skoro 4GB paměti. Pokud se podívám do Systém -> Aktualizace a zabezpečení -> Zabezpečení Windows měl bych vidět stav ochrany před viry a pod. Ale tam je pouze prázdné okno. Po vložení flash disku do USB je disk vždy nečitelný a vytvoří se na něm nějaké zástupce. Podíváte se prosím na logy a poradíte jaký problém (vir) by tam mohl být? Zatím nechci reinstalovat ntb aby nepřišli o data co tam mají.
Děkuji

[qwert29]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2021
Ran by Uživatel (11-12-2021 09:56:07)
Running from C:\Users\Uživatel\Desktop\FRST
Microsoft Windows 10 Home Version 20H2 19042.1288 (X64) (2021-07-10 09:01:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3467691670-3120493318-3463764219-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3467691670-3120493318-3463764219-503 - Limited - Disabled)
Guest (S-1-5-21-3467691670-3120493318-3463764219-501 - Limited - Disabled)
Uživatel (S-1-5-21-3467691670-3120493318-3463764219-1001 - Administrator - Enabled) => C:\Users\Uživatel
WDAGUtilityAccount (S-1-5-21-3467691670-3120493318-3463764219-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version: - Ubisoft)
Assassin's Creed Syndicate (HKLM-x32\...\Uplay Install 1875) (Version: - Ubisoft)
Discord (HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.93 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}) (Version: 1.0.154.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1908.12.0.1231 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.0.1000 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1841.2 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Java 8 Update 192 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180192F0}) (Version: 8.0.1920.12 - Oracle Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.14701.20226 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14701.20226 - Microsoft Corporation)
Microsoft 365 - sk-sk (HKLM\...\O365HomePremRetail - sk-sk) (Version: 16.0.14701.20226 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30135 (HKLM-x32\...\{fa7f6d52-f85e-48ef-8f56-a37268aa5772}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation)
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 462.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 462.80 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 82.0.4227.23 (HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Opera 82.0.4227.23) (Version: 82.0.4227.23 - Opera Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.32.1206.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8619 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TLauncher (HKLM-x32\...\TLauncher2.8) (Version: 2.8 - TLauncher Inc.)
Twitch (HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 123.1.10526 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{3800CCFC-4006-4B30-A103-416AF26A885C}) (Version: 2.71.0.0 - Microsoft Corporation)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.656 - McAfee, LLC)
Windows Manager (HKLM-x32\...\{C845414C-903C-4218-9DE7-132AB97FDF62}) (Version: 1.0.0 - AW Manager) <==== ATTENTION
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)

Packages:
=========
Asphalt 9: Legends -> C:\Program Files\WindowsApps\A278AB0D.Asphalt9_3.1.300.2_x86__h6adky7gbf63m [2021-09-22] (Gameloft SE)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-18] (Microsoft Corporation)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2021-11-02] (Dropbox Inc.)
ELAN Touchpad Setting -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTouchpadSetting_11.2.63.0_x64__stws0m115j6hg [2021-11-02] (ELAN Microelectronics Corporation)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2021-11-02] (HP Inc.)
HP CoolSense -> C:\Program Files\WindowsApps\ad2f1837.hpcoolsense_1.0.6.0_x64__v10z8vjag6ke6 [2019-03-19] (HP Inc.)
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6 [2021-11-03] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.8.0.0_x64__v10z8vjag6ke6 [2021-10-15] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2021-11-02] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.1.257.0_x64__v10z8vjag6ke6 [2021-11-03] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.9.58.0_x64__v10z8vjag6ke6 [2021-10-07] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.11.0_x64__v10z8vjag6ke6 [2021-08-04] (HP Inc.)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\appup.intelgraphicscontrolpanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-07-10] (INTEL CORP)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.0.1.0_neutral__w1wdnht996qgy [2021-07-10] (LinkedIn)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy [2021-11-03] (McAfee LLC.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-03] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-09-20] (Netflix, Inc.)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2021-11-03] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0 [2021-10-30] (Spotify AB) [Startup Task]
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.1.0_neutral__6yccndn6064se [2021-10-20] (Bytedance Pte. Ltd.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Uživatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Sngiv\Tczqael\3890E156"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Sngiv\Tczqael\3890E156"

==================== Loaded Modules (Whitelisted) =============

2021-10-30 19:10 - 2021-08-12 02:24 - 003982848 _____ () [File not signed] C:\Program Files (x86)\WbwLdFBvPzv\WbwLdFBvPzv.dll
2021-07-08 12:07 - 2021-07-08 12:07 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\e_sqlite3.dll
2021-10-18 17:49 - 2021-10-18 17:49 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\773f79b291d5dc6961a0eb96212f7555\Interop.IWshRuntimeLibrary.ni.dll
0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ () <==== ATTENTION [zero byte File/Folder] \\?\C:\Users\Uživatel\AppData\Roaming\Java\jre8\bin\java.exe:jll
2021-10-18 17:48 - 2021-10-18 17:48 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\271a13bbd689b8a9d526976f6dc14005\Hardcodet.Wpf.TaskbarNotification.ni.dll
2020-10-15 22:37 - 2020-10-15 22:37 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.11.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2021-10-18 17:49 - 2021-10-18 17:49 - 001591808 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\96e7e3144746aabd9f83b918359420a4\NAudio.ni.dll
2021-09-15 20:02 - 2021-09-15 20:03 - 016744448 _____ (McAfee LLC) [File not signed] C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\mcafee-security.dll
2021-10-18 17:49 - 2021-10-18 17:49 - 003127808 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\724ad261ce2b4e6709b2189ed6c9706a\Newtonsoft.Json.ni.dll
2021-10-18 17:48 - 2021-10-18 17:48 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\080b5521fcdbb4c7192f671464274f9b\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {C2070E25-5216-4F10-A77A-8C8E1F02504D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {C2070E25-5216-4F10-A77A-8C8E1F02504D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3467691670-3120493318-3463764219-1001 -> {C2070E25-5216-4F10-A77A-8C8E1F02504D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-12-11] (McAfee, LLC -> McAfee, LLC)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2020-10-15] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_192\bin\ssv.dll [2021-07-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-12-11] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_192\bin\jp2ssv.dll [2021-07-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2020-10-15] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2021-10-30 18:50 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Uživatel\Desktop\Obrázky\paralel.jpg
DNS Servers: 82.144.128.1 - 82.144.129.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{0A1A1B75-0E49-4C9B-B971-D47FAB5F7BD5}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Block) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe => No File
FirewallRules: [TCP Query User{906E269C-C02B-4470-B07D-F98498C90984}C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Block) C:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe => No File
FirewallRules: [UDP Query User{4F791E24-25BA-4D2B-B0A8-73B009A473AB}C:\users\uživatel\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Block) C:\users\uživatel\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{EEE33079-65E3-484C-B0F5-D2EF9E87F3B1}C:\users\uživatel\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Block) C:\users\uživatel\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [{3BAA3B71-07F3-48DC-9478-658B642BCFBE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8A856F24-5FB7-4BDA-9563-40EF77FF850F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{64BAFE98-F961-41DF-A274-9E01A47D47C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5775446B-50A7-4776-A6ED-0F845633262F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{35482520-82A3-415E-B013-8813D1FA5BAA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Syndicate\ACS.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{A605C1E6-D99E-4EAE-A89A-525263F93830}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{503F6E75-8837-4571-A731-CA870E126F35}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5A9CD244-811E-4B8B-A5D9-0BCE826E8552}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{62159206-0309-4167-B6AC-01C9E13CA506}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5AB0B8FF-B9DB-4B33-869A-69DE63E35C5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C1F7EE53-E157-4839-A4C8-1DDB45B03BBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DE6B34CD-40A2-45BA-8609-7A4B3C96DB38}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{0500B7E7-3293-448A-9705-DD5E995B20E0}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{FB477D02-FA96-4A5D-87F2-E1D23457534B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe (Ubisoft Entertainment -> )
FirewallRules: [{58F37886-785C-497E-B1DA-A627B41AD7DF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe (Ubisoft Entertainment -> )
FirewallRules: [{C70C1687-9780-4EF9-8C8B-6118F427532E}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{35EAB324-8641-4E97-B519-19AC44B8F195}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{C9638A15-95D2-4815-A848-6D618D0933E1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{3E0019D4-5102-4B8C-8CAC-E4CF971FDA98}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{DEC49194-8524-49B4-8EEA-669C5D5BA76E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{B7C8739D-3F70-4C66-81CA-4595C81B1BFD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [TCP Query User{A8285551-6F1A-430C-A0DF-9BCCCE48ED87}C:\users\uživatel\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Block) C:\users\uživatel\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{914616AD-B9AB-4380-82FD-E1EAF8110C94}C:\users\uživatel\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Block) C:\users\uživatel\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{B302C8FF-B422-42F0-8BA4-3707F629D0BF}C:\users\uživatel\desktop\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) C:\users\uživatel\desktop\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe => No File
FirewallRules: [UDP Query User{B64FDAD1-FFE8-4162-9D7E-1842618DB8A1}C:\users\uživatel\desktop\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) C:\users\uživatel\desktop\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe => No File
FirewallRules: [TCP Query User{8AA7A296-8BFF-451D-88A6-2D3A4B009877}C:\users\uživatel\desktop\soubory\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe] => (Block) C:\users\uživatel\desktop\soubory\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe => No File
FirewallRules: [UDP Query User{001C8EDF-089F-4F62-A100-52EDC5D6BDAA}C:\users\uživatel\desktop\soubory\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe] => (Block) C:\users\uživatel\desktop\soubory\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe => No File
FirewallRules: [{CBF2B89C-5C4F-48DB-B78E-7248E82C4328}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{E4FB2D17-B06B-4104-97C2-C749C99D5E70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{AB89FC88-9281-4F8E-8A5D-3E37D5DF116F}] => (Allow) C:\Users\Uživatel\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{8C068DAC-C434-4DA3-905E-D4BD39D3A286}] => (Allow) C:\Users\Uživatel\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{CBCBF98C-9726-4690-AA92-0898DABAF164}C:\program files (x86)\java\jre1.8.0_192\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_192\bin\javaw.exe
FirewallRules: [UDP Query User{830F58AC-7DB5-4543-ADD2-5E3960A44B07}C:\program files (x86)\java\jre1.8.0_192\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_192\bin\javaw.exe
FirewallRules: [TCP Query User{0A3B807A-AE21-4E8E-BCCE-FFB35AEC08C9}C:\users\uživatel\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\uživatel\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{70D6A45A-9925-4BBB-9BEF-A8AE8335435C}C:\users\uživatel\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\uživatel\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{565A0B08-A646-4D37-A6AB-18FB714D0414}C:\users\uživatel\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Block) C:\users\uživatel\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{E5F82193-7B0D-4809-91E5-5D814D6D0F68}C:\users\uživatel\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Block) C:\users\uživatel\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{7E317440-08D8-4C24-A8D7-344924D56F86}C:\program files (x86)\r.g. mechanics\far cry 4\bin\farcry4.exe] => (Allow) C:\program files (x86)\r.g. mechanics\far cry 4\bin\farcry4.exe => No File
FirewallRules: [UDP Query User{31E5B129-E601-4D34-9760-8E6001D8C6AD}C:\program files (x86)\r.g. mechanics\far cry 4\bin\farcry4.exe] => (Allow) C:\program files (x86)\r.g. mechanics\far cry 4\bin\farcry4.exe => No File
FirewallRules: [TCP Query User{68E22774-F7BA-4C94-8A29-22F3634C53E2}C:\users\uživatel\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Block) C:\users\uživatel\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{7CF94435-8E30-4D18-B101-56083C636BB0}C:\users\uživatel\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Block) C:\users\uživatel\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [TCP Query User{F7ABB8E2-A27D-45D1-BDC1-3F63B2946246}C:\games\painkiller - hell and damnation\binaries\win32\pkhdgame-win32-shipping.exe] => (Allow) C:\games\painkiller - hell and damnation\binaries\win32\pkhdgame-win32-shipping.exe => No File
FirewallRules: [UDP Query User{1AEB06AD-DF4A-44AA-9053-7031A8E1E4B8}C:\games\painkiller - hell and damnation\binaries\win32\pkhdgame-win32-shipping.exe] => (Allow) C:\games\painkiller - hell and damnation\binaries\win32\pkhdgame-win32-shipping.exe => No File
FirewallRules: [TCP Query User{03AC6F43-E0BF-455A-BCC1-7021E5E85C63}C:\users\uživatel\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\uživatel\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{3B8885BF-8057-47A4-959C-76437345BECF}C:\users\uživatel\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\uživatel\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [TCP Query User{A9F910E6-7CEC-46E9-A63C-F349258B6334}C:\users\uživatel\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Block) C:\users\uživatel\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [UDP Query User{0F0EF59F-5660-4B1F-A3B7-51915FEC4C94}C:\users\uživatel\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Block) C:\users\uživatel\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [TCP Query User{C734860E-F5CE-4D91-A206-58C070AA713F}C:\users\uživatel\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\uživatel\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [UDP Query User{571E6590-360A-410B-873D-CD6824CDFCD9}C:\users\uživatel\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\uživatel\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [TCP Query User{B393CB6D-0BFE-42EC-9C70-57C21BC8B6FF}C:\games\painkiller - hell and damnation\binaries\win32\pkhdgame-win32-shipping.exe] => (Allow) C:\games\painkiller - hell and damnation\binaries\win32\pkhdgame-win32-shipping.exe => No File
FirewallRules: [UDP Query User{924BE486-02C6-4736-8C96-706ADF78A6F8}C:\games\painkiller - hell and damnation\binaries\win32\pkhdgame-win32-shipping.exe] => (Allow) C:\games\painkiller - hell and damnation\binaries\win32\pkhdgame-win32-shipping.exe => No File
FirewallRules: [TCP Query User{5869C895-EE7E-4C04-A99F-3FFB644BDEE1}C:\users\uživatel\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\uživatel\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{DBEA692F-8D30-4844-83B9-616A6FD00007}C:\users\uživatel\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\uživatel\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{BB05DC06-7B85-49B4-B6B3-F0F8207DE057}C:\users\uživatel\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\users\uživatel\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{E1B6FEB4-88BC-4967-95A6-17A8C4BE4B6A}C:\users\uživatel\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\users\uživatel\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{B78C5DFB-3DCB-4FCC-A85A-C8F243E48995}C:\users\uživatel\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\uživatel\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{F646CC94-BE64-4953-952E-1B2E791B30F7}C:\users\uživatel\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\uživatel\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B2AFF02B-7615-4F69-BCCD-E77126ECFE32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{50837CD8-99A4-48FE-B4C5-9C1AF130FA24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{3D120196-7F3E-486E-A59D-54BD2ED823EA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{310F9627-2DDD-4A05-B3DA-169654A3E387}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{8BA95578-AD34-4A5D-B57F-D09AD47ED3C8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{13A6B68D-2BAA-4426-8E06-1F46A9599673}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{37716289-4634-4468-95BD-FB004F574FEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BC7BDBC4-9024-4C38-A6FE-B635464415C9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{81AFC713-EE56-482B-90CF-0BD52EED924E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4C9B0EF8-1B92-4532-BFAE-7D50AD8513FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EB19A220-8AF0-40A7-B51F-FEB0C3E9B1AE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3059361C-2D39-4511-85D3-DF06236357D8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8B6EBD7B-A1AD-468B-814E-5B87E2CF1048}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ED95DFD6-4A53-4895-BA40-499ED41DC00F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3DC790C6-EF29-42A3-A83D-061E730FB9E4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{87E04F20-B274-48CC-80A3-C2F01BEEA46B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CF0840F5-39B8-49E9-9002-A40AAD7595EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F00C6598-2718-4426-8417-6B4244BBCF87}] => (Allow) C:\WINDOWS\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8F6B3FF7-A29A-41F8-A8CF-8B39D5FB359D}] => (Allow) C:\Users\Uživatel\AppData\Local\Programs\Opera\81.0.4196.60\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{2C226215-FD8B-4F37-86E1-5D6C8303E213}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F3C34493-2113-4EF1-93DD-B1510E5193CC}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B805BD85-4A01-46BF-B867-1350511471F1}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B8093D85-D6C8-473C-9EB0-1AD47BC8AB03}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D43D5C0C-7943-4CB9-95C6-AE57AF9DD268}] => (Allow) C:\Users\Uživatel\AppData\Local\Programs\Opera\82.0.4227.23\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

12-11-2021 20:11:46 Naplánovaný kontrolní bod
13-11-2021 21:41:57 Removed Ghostscript GPL 8.64 (Msi Setup).
24-11-2021 00:28:14 Naplánovaný kontrolní bod
26-11-2021 21:59:15 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334
03-12-2021 23:35:14 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30135

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/11/2021 09:10:39 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.IO.IOException: Proces nemůže přistupovat k souboru C:\Windows\Temp\signtool.exe, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode)
v _HPCommRecovery.Tools.Signtool.ExtractSignTool()
v _HPCommRecovery.Tools.Signtool.Verify(String arg)
v _HPCommRecovery.HPAHAgent.CallAgent()
v _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
v _HPCommRecovery.HPAHLogger.NewSession()
v _HPCommRecovery.HPCommRecove....

Error: (12/04/2021 02:58:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program YourPhone.exe verze 1.21084.79.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 7f0

Čas spuštění: 01d7e916f9468195

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21084.79.0_x64__8wekyb3d8bbwe\YourPhone.exe

ID hlášení: 8a889dd6-2b79-4497-9327-5dba01e3c19c

Úplný název balíčku s chybou: Microsoft.YourPhone_1.21084.79.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (12/04/2021 09:01:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1266, časové razítko: 0x418a6e83
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000004f11922
ID chybujícího procesu: 0x5900
Čas spuštění chybující aplikace: 0x01d7e8e512e1e4bb
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 4c2867b9-b67e-4c98-a8d9-a912b22834e1
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/04/2021 09:00:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1266, časové razítko: 0x418a6e83
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000003f4b922
ID chybujícího procesu: 0x44a4
Čas spuštění chybující aplikace: 0x01d7e8e508104607
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: ea44599d-de9b-43d4-bb6f-ba58a5b93f0c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/04/2021 09:00:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1266, časové razítko: 0x418a6e83
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000ad7b922
ID chybujícího procesu: 0x3014
Čas spuštění chybující aplikace: 0x01d7e8e4fd78d692
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: fb7e063e-ede5-414e-9cd0-61c56fefabe4
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/04/2021 09:00:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1266, časové razítko: 0x418a6e83
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000a741922
ID chybujícího procesu: 0x3bd8
Čas spuštění chybující aplikace: 0x01d7e8e4e6a5ce14
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 3da3a85e-7904-497d-8626-465919d14656
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/04/2021 08:59:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1266, časové razítko: 0x418a6e83
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000425d922
ID chybujícího procesu: 0x21dc
Čas spuštění chybující aplikace: 0x01d7e8e4dc1e64c6
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 8dedeba6-ddc6-4117-890e-0f470b730d02
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/04/2021 08:59:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.1266, časové razítko: 0x418a6e83
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000012e62922
ID chybujícího procesu: 0x64c
Čas spuštění chybující aplikace: 0x01d7e8e4d3295ed0
Cesta k chybující aplikaci: C:\WINDOWS\explorer.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 600c08cf-0afc-4457-8056-f30b869b2de3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (12/04/2021 12:18:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba luafv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (12/04/2021 09:01:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba luafv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (12/04/2021 08:03:42 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (11/28/2021 09:36:04 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (11/26/2021 09:20:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba luafv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (11/26/2021 09:20:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (20:51:19, ‎26.‎11.‎2021) bylo neočekávané.

Error: (11/25/2021 11:20:49 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QFNVLENH)
Description: Server AD2F1837.HPCoolSense_1.0.6.0_x64__v10z8vjag6ke6!App.AppXq8hvnsntermzaxzakkfb4vnctshkarpe.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/23/2021 10:26:15 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QFNVLENH)
Description: Server Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe!App.AppXpa8c6rgd3yzmnwb7kznbz0y2c2tmedk3.mca se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2021-07-31 13:18:19
Description:
Okno nemůže zpracovat poslanou zprávu.

Date: 2021-07-30 16:30:25
Description:
Vypnutí systému nelze přerušit, protože žádné neprobíhá.

Date: 2021-07-30 16:30:14
Description:
Vypnutí systému nelze přerušit, protože žádné neprobíhá.

Date: 2021-07-30 16:30:06
Description:
Vypnutí systému nelze přerušit, protože žádné neprobíhá.

Date: 2021-07-30 16:29:21
Description:
Vypnutí systému nelze přerušit, protože žádné neprobíhá.

CodeIntegrity:
===============
Date: 2021-11-13 13:10:13
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2021-11-12 19:21:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Insyde F.22 04/21/2020
Motherboard: HP 8478
Processor: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz
Percentage of memory in use: 51%
Total physical RAM: 8081.24 MB
Available physical RAM: 3889.37 MB
Total Virtual: 15249.24 MB
Available Virtual: 8595.2 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.18 GB) (Free:260.08 GB) NTFS

\\?\Volume{7b6be26b-985d-4367-9137-31965c5e1790}\ () (Fixed) (Total:0.48 GB) (Free:0.05 GB) NTFS
\\?\Volume{8065b2ef-a43f-439f-9f72-9050e42e73ca}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 19AB7DAC)

Partition: GPT.

==================== End of Addition.txt =======================

[qwert29]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2021
Ran by Uživatel (administrator) on LAPTOP-QFNVLENH (HP HP Pavilion Gaming Laptop 15-cx0xxx) (11-12-2021 09:55:11)
Running from C:\Users\Uživatel\Desktop\FRST
Loaded Profiles: Uživatel
Platform: Microsoft Windows 10 Home Version 20H2 19042.1288 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Windows\System32\Microsoft\Telemetry\sihost32.exe
() [File not signed] C:\Windows\Temp\sppsvc.exe
(Discord Inc. -> Discord Inc.) C:\Users\Uživatel\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Temp\scoped_dir7484_1696910555\old_chrome.exe <5>
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_35df954651b1f88f\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_4ae87038c758c4f5\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_4ae87038c758c4f5\x64\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_4ae87038c758c4f5\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_4ae87038c758c4f5\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.11.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_92cf9d9d84f1d3db\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_92cf9d9d84f1d3db\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b261b2ab559fdee8\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b261b2ab559fdee8\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(McAfee LLC.) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\mcafee-security.exe
(McAfee LLC.) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microleaves LTD -> Advanced Windows Manager) C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe <6>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.58.25004.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.58.25004.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\msdt.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <3>
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3>
(MM Apps, Inc. -> Clever Batada) C:\Program Files (x86)\GnomebeatMafika\GnomebeatMafika.exe
(Node.js Foundation -> Node.js) C:\Users\Uživatel\AppData\Roaming\java\jre8\bin\java.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319520 2018-12-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-04-18] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [525312 2021-08-03] (HP Inc.) [File not signed]
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33541600 2021-12-03] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267432 2021-11-22] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Run: [Discord] => C:\Users\Uživatel\AppData\Local\Discord\Update.exe [1512104 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Run: [ut] => "C:\Users\Uživatel\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (No File)
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Run: [Windows Updates Service] => C:\Users\Uživatel\AppData\Roaming\Windows Updates Files\Windows Updates Service.vbe [1000 2021-09-09] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Run: [Opera Browser Assistant] => C:\Users\Uživatel\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Run: [WinHost] => C:\Users\Uživatel\AppData\Roaming\WinHost\WinHoster.exe (No File) <==== ATTENTION
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Run: [_PFTI2HHUHBH] => C:\Program Files (x86)\No4_\7nq4b6v0lr9l.exe [167424 2021-10-30] () [File not signed] [File is in use]
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Run: [comdlg32] => wscript.exe "C:\ProgramData\WinNT\comdlg32.js" (No File)
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\RunOnce: [mesophytes] => C:\Windows\Cursors\cutthroats\svchost.exe [498296 2021-11-05] (Murray Hurps Software Pty Ltd) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Uživatel\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.93\Installer\chrmstp.exe [2021-12-11] (Google LLC -> Google LLC)
Startup: C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IntelRapid.lnk [2021-10-30] <==== ATTENTION
ShortcutTarget: IntelRapid.lnk -> C:\Users\Uživatel\AppData\Roaming\Intel Rapid\IntelRapid.exe (No File)
Startup: C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mesophytes.exe [2021-11-05] (Murray Hurps Software Pty Ltd) [File not signed]
Startup: C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2021-07-08]
ShortcutTarget: Twitch.lnk -> C:\Users\Uživatel\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A2805C4-29EC-4E4E-96FE-01D5A235D778} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1117BAF4-CB78-40D8-8D41-D0241CF7AA69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2021-07-31] (Google Inc -> Google Inc.)
Task: {1C271BA5-1D21-49BF-A0A9-3E3104BBE3E5} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [482624 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {1E1F2E25-B90E-48AC-8F52-039237751D95} - System32\Tasks\AV GORelease => s:\\nougacoush.com\link?z=4569148.exe (No File)
Task: {22EDFD64-EF7F-4D4C-8705-87DAE95B4CA2} - System32\Tasks\CorelUpdateHelperTask-18B2245F94312F92EB2D6E83163E478A => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (No File)
Task: {3595DA02-C6A4-4B2D-9E39-F819B7EF484F} - System32\Tasks\Firefox Default Browser Agent 6F06CB8F0BAEB177 => C:\Users\Uživatel\AppData\Roaming\uadijav [349184 2021-07-10] () [File not signed] [File is in use] <==== ATTENTION
Task: {36A9D30D-0C0B-4E88-9C2D-4C40C4D20654} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [482624 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {410A3F00-4B75-49E0-A459-164785BE0249} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync => C:\Program Files\ruxim\ruximics.exe [477512 2021-05-19] (Microsoft Windows -> Microsoft Corporation)
Task: {4405FDA9-EB39-44C4-8144-92B3DF047AE9} - System32\Tasks\RtHDVBg_Session => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-01-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {4A75F08A-8477-45F7-99C6-FFAD8607CEF6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790568 2019-03-23] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4B9AAC8F-6262-4D1D-B28A-7CE6D4276B87} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22799320 2021-12-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D770828-1B2B-44CA-B2D1-E746C6145235} - System32\Tasks\PowerControl HR => C:\Program [Argument = Files (x86)\PowerControl\PowerControl_Svc.exe]
Task: {52328F8C-5E71-43A4-9D11-B64B604B40F7} - System32\Tasks\WbwLdFBvPzv => C:\WINDOWS\system32\rundll32.exe "C:\Program Files (x86)\WbwLdFBvPzv\WbwLdFBvPzv.dll",WbwLdFBvPzv <==== ATTENTION
Task: {6BF7CFC3-BE14-489F-932A-C7EC2ABFE9C3} - System32\Tasks\Opera scheduled assistant Autoupdate 1625742339 => C:\Users\Uživatel\AppData\Local\Programs\Opera\launcher.exe [2338000 2021-12-02] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Uživatel\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {76F1771D-316C-4D1D-A360-E0126AE92162} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {82ACF3D7-8421-4D85-8837-5257BAD2E945} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2021-07-31] (Google Inc -> Google Inc.)
Task: {8B576FC2-332E-4374-B314-071EC3BB3728} - System32\Tasks\Microsoft\Windows\.NET Framework\CNBP_Resources => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /unregister "C:\Program Files (x86)\HolderTract\SfzfessionFold\imjvdsofv_v101.dll"
Task: {8C144F82-7D5F-4DC5-A164-5BA9E22F84A0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [702504 2019-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {945796E1-41F1-4F08-A17E-EAEA21DC2EE5} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe [1010800 2021-05-07] (Microleaves LTD -> AW Manager) <==== ATTENTION
Task: {9E76880E-79DC-407A-88CD-320F67FCCE0A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay => C:\Program Files\ruxim\ruximics.exe [477512 2021-05-19] (Microsoft Windows -> Microsoft Corporation)
Task: {9F30F0C6-883D-4FC5-9C92-618548A246B6} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AA662190-98D7-4E3E-BC8D-22D1A88B7A23} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [572456 2019-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B268E1A8-FD75-481D-AB9A-A1EEFE2BB1DB} - System32\Tasks\Opera scheduled Autoupdate 1625742336 => C:\Users\Uživatel\AppData\Local\Programs\Opera\launcher.exe [2338000 2021-12-02] (Opera Software AS -> Opera Software)
Task: {B4B6B2B7-4576-4A6D-A4A6-9FF90A57F0C4} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [482624 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {B5759627-155E-46F1-871C-9FDF8ED8052C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22799320 2021-12-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {B8E9E475-2BE1-4474-984C-53C67A32CF36} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139656 2021-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {BCDE1888-BF5D-455E-B0C1-CFD00D2A89C9} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877096 2019-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BD9DDEC9-53ED-4E0F-BE89-DA66FADD24BF} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [482624 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {BDFD50DC-F58C-486A-BFE1-A579CA0DD8CC} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {BEB9B71E-924A-4271-97CF-561494DDFD6C} - System32\Tasks\Intel Rapid => C:\Users\Uživatel\AppData\Roaming\Intel Rapid\IntelRapid.exe (No File)
Task: {C126E6C5-766A-4A43-B2A3-74EC1697112A} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269328 2019-01-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {C2459623-CEA0-406E-BA3C-BFFA87E73C00} - System32\Tasks\services32 => C:\WINDOWS\system32\services32.exe [1996288 2021-12-05] (Google Inc.) [File not signed]
Task: {CE963D29-0684-40DC-838F-9F9681C1A7A3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139656 2021-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0993886-062C-4BF9-A3AA-A2392517F212} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [482624 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {E455B8E4-1A78-4A63-BF67-2F4925238B7F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [840744 2019-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F0F0C936-46ED-45D4-8718-7EA059711315} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644984 2018-07-18] (HP Inc. -> HP Inc.)
Task: {F13250C2-FE22-455B-88B3-A156E3A4AE34} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AW Manager\Windows Manager\AdvancedWindowsManager.exe [482624 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {F9C11BAF-7B49-415C-A4D7-5C77EF03D6BE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [840744 2019-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD9D1365-2589-4C81-A2EF-67D11D3D2D11} - System32\Tasks\PowerControl LG => C:\Program [Argument = Files (x86)\PowerControl\PowerControl_Svc.exe]
Task: {FDA69E34-0951-425F-AD21-403F621DEA23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-09-03] (HP Inc. -> HP Inc.)
Task: {FE54BDC9-5B6A-40F1-AAE4-537135250A5E} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790568 2019-03-23] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {FEFAC983-4730-4B73-90CF-8AF2FFCA97FC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3724328 2019-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FFD8EAC6-5F6F-4B32-AB80-A09DAC1BAFFE} - System32\Tasks\RtHDVBg_HP_VOICEMODE_FOR_SKYPE => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-01-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 82.144.128.1 82.144.129.1 8.8.8.8
Tcpip\..\Interfaces\{24d9f344-00e2-4594-b9dc-7cdc0c54add4}: [DhcpNameServer] 82.144.128.1 82.144.129.1 8.8.8.8

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Uživatel\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-03]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.192.2 -> C:\Program Files (x86)\Java\jre1.8.0_192\bin\dtplugin\npDeployJava1.dll [2021-07-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.192.2 -> C:\Program Files (x86)\Java\jre1.8.0_192\bin\plugin2\npjp2.dll [2021-07-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default [2021-12-11]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.ctcodeinfo.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Custom
CHR Extension: (Prezentace) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-31]
CHR Extension: (Dokumenty) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-31]
CHR Extension: (Disk Google) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-31]
CHR Extension: (YouTube) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-31]
CHR Extension: (Tabulky) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-31]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-12-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-11]
CHR Extension: (Custom) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemlmgggokggmncimchkllhcjcaimcle [2021-10-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-31]
CHR Extension: (Gmail) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-31]
CHR Extension: (wFastDoc) - C:\ProgramData\Sngiv\Tczqael [2021-10-31]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

Opera:
=======
OPR Profile: C:\Users\Uživatel\AppData\Roaming\Opera Software\Opera Stable [2021-12-11]
OPR DefaultSearchURL: Opera Stable -> hxxps://www.mrfdev.com/enhancer-for-youtube
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Uživatel\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-12-03]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Uživatel\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-15]
OPR Extension: (Sidebar Sticky Note) - C:\Users\Uživatel\AppData\Roaming\Opera Software\Opera Stable\Extensions\mjbgbjihabjdmlehnnkhleepaafaecao [2021-07-08]
OPR Extension: (Enhancer for YouTube) - C:\Users\Uživatel\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2021-08-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"GnomebeatMafika" => service was unlocked. <==== ATTENTION

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129160 2021-12-02] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2021-12-03] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-24] (Epic Games Inc. -> Epic Games, Inc.)
R2 GnomebeatMafika; C:\Program Files (x86)\GnomebeatMafika\GnomebeatMafika.exe [30309904 2021-07-29] (MM Apps, Inc. -> Clever Batada)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_4ae87038c758c4f5\x64\AppHelperCap.exe [744000 2021-08-27] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_4ae87038c758c4f5\x64\DiagsCap.exe [742480 2021-08-27] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_4ae87038c758c4f5\x64\NetworkCap.exe [742488 2021-08-27] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_4ae87038c758c4f5\x64\SysInfoCap.exe [743512 2021-08-27] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_35df954651b1f88f\x64\TouchpointAnalyticsClientService.exe [489584 2021-06-18] (HP Inc. -> HP Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-12-11] (McAfee, LLC -> McAfee, LLC)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmPeStorU; C:\WINDOWS\system32\drivers\AmPeStorU.sys [128448 2019-01-24] (Alcorlink Corp. -> Generic)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
S3 NVHDA; C:\WINDOWS\system32\drivers\nvhda64v.sys [138584 2021-06-17] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64880 2020-04-24] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425192 2021-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-10] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
U3 aspnet_state; no ImagePath
S0 {DB437C57-08A3-47e9-ACFF-111254F830DF}; system32\drivers\1GMlHw48Ep.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-11 09:55 - 2021-12-11 09:55 - 000000000 ____D C:\FRST
2021-12-11 09:53 - 2021-12-11 09:55 - 000000000 ____D C:\Users\Uživatel\Desktop\FRST
2021-12-11 09:52 - 2021-12-11 09:52 - 002311168 _____ (Farbar) C:\Users\Uživatel\Downloads\FRST64 (1).exe
2021-12-11 09:10 - 2021-12-11 09:11 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3467691670-3120493318-3463764219-1001
2021-12-04 22:15 - 2021-12-04 22:15 - 000000000 ____D C:\Users\Uživatel\AppData\Roaming\jPesMLvpnM
2021-12-03 23:36 - 2021-12-03 23:36 - 000000000 ____D C:\Users\Uživatel\AppData\Local\DeadByDaylight
2021-12-03 23:35 - 2021-12-03 23:35 - 000000000 ____D C:\Users\Uživatel\AppData\Roaming\EasyAntiCheat
2021-12-03 23:35 - 2021-12-03 23:35 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-12-03 22:25 - 2021-12-03 22:25 - 000000357 _____ C:\Users\Uživatel\Desktop\Dead by Daylight.url
2021-12-03 18:32 - 2021-12-03 19:04 - 350281779 _____ C:\Users\Uživatel\Downloads\Ulice-4169.mp4
2021-11-27 00:28 - 2021-11-27 20:43 - 000007666 _____ C:\Users\Uživatel\AppData\Local\Resmon.ResmonCfg
2021-11-21 23:37 - 2021-12-05 10:42 - 001996288 _____ (Google Inc.) C:\WINDOWS\system32\services32.exe
2021-11-21 23:37 - 2021-11-21 23:37 - 000003312 _____ C:\WINDOWS\system32\Tasks\services32
2021-11-20 12:05 - 2021-11-20 12:05 - 000000000 ___HD C:\$WinREAgent
2021-11-13 22:59 - 2021-11-13 22:59 - 000000000 ____D C:\Users\Uživatel\AppData\LocalLow\Playdead
2021-11-13 22:58 - 2021-11-13 22:58 - 000000000 ____D C:\Users\Uživatel\AppData\Roaming\Playdead
2021-11-13 21:44 - 2021-11-13 21:44 - 000000310 _____ C:\ProgramData\remover.bat

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-11 09:53 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-11 09:45 - 2021-07-31 21:47 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-11 09:44 - 2021-07-10 10:01 - 000004218 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D49BFA1C-E6BC-4191-99B5-E315E481994F}
2021-12-11 09:44 - 2021-07-09 18:35 - 000000000 ____D C:\Users\Uživatel\AppData\Roaming\discord
2021-12-11 09:32 - 2021-07-08 12:39 - 000000000 ____D C:\Users\Uživatel\AppData\Local\D3DSCache
2021-12-11 09:24 - 2019-05-06 03:17 - 000000000 ____D C:\Program Files\Microsoft Office
2021-12-11 09:23 - 2021-10-30 18:50 - 000003752 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent 6F06CB8F0BAEB177
2021-12-11 09:14 - 2021-07-10 10:01 - 000004234 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1625742336
2021-12-11 09:14 - 2021-07-08 12:05 - 000001489 _____ C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-12-11 09:13 - 2021-10-31 10:31 - 000000000 ___HD C:\ProgramData\Sngiv
2021-12-11 09:13 - 2021-07-31 21:48 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-11 09:13 - 2019-03-18 20:06 - 000000000 ____D C:\ProgramData\NVIDIA
2021-12-11 09:11 - 2021-07-10 10:12 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-11 09:11 - 2021-07-10 10:12 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7756a801bc14
2021-12-11 09:11 - 2021-07-10 10:01 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3467691670-3120493318-3463764219-1001
2021-12-11 09:11 - 2021-07-10 09:57 - 000002397 _____ C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-11 09:11 - 2021-07-09 18:35 - 000000000 ____D C:\Users\Uživatel\AppData\Local\Discord
2021-12-11 09:11 - 2019-05-12 18:50 - 000000000 ___RD C:\Users\Uživatel\OneDrive
2021-12-11 09:10 - 2019-05-12 18:48 - 000000000 __SHD C:\Users\Uživatel\IntelGraphicsProfiles
2021-12-05 15:08 - 2021-07-10 09:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-04 22:15 - 2019-03-19 04:53 - 000000000 ___HD C:\$SysReset
2021-12-04 18:50 - 2021-07-10 09:53 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-04 18:50 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-04 18:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-04 12:26 - 2021-07-10 09:57 - 001782224 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-04 12:26 - 2019-12-07 15:41 - 000748376 _____ C:\WINDOWS\system32\perfh005.dat
2021-12-04 12:26 - 2019-12-07 15:41 - 000160914 _____ C:\WINDOWS\system32\perfc005.dat
2021-12-04 12:26 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-04 12:18 - 2021-07-31 22:50 - 000000270 __RSH C:\ProgramData\ntuser.pol
2021-12-04 12:18 - 2021-07-10 10:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-04 12:18 - 2021-07-10 09:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-04 12:18 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-04 12:17 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-12-04 09:01 - 2021-08-05 13:04 - 000000000 ____D C:\Users\Uživatel\AppData\Local\CrashDumps
2021-12-03 23:35 - 2020-04-06 02:45 - 000000000 ____D C:\ProgramData\Package Cache
2021-12-03 20:19 - 2021-07-08 14:38 - 000000000 ____D C:\Program Files (x86)\Steam
2021-12-03 20:15 - 2021-07-09 12:48 - 000000000 ____D C:\Program Files\Epic Games
2021-12-03 18:02 - 2021-10-30 20:04 - 000000000 ___HD C:\ProgramData\DNTException
2021-11-28 15:11 - 2021-07-08 12:28 - 000000000 ____D C:\Users\Uživatel\Desktop\Obrázky
2021-11-27 23:15 - 2021-07-09 22:17 - 000000000 ____D C:\Users\Uživatel\Desktop\Filmy
2021-11-27 20:41 - 2021-07-10 00:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-27 20:38 - 2021-07-10 00:25 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-26 21:32 - 2021-07-10 09:57 - 000000000 ____D C:\Users\Uživatel
2021-11-13 22:05 - 2021-09-11 20:15 - 000000000 ____D C:\Users\Uživatel\Documents\KoeiTecmo
2021-11-13 22:03 - 2021-10-28 14:56 - 000000000 ____D C:\GOG Games
2021-11-13 22:02 - 2021-07-08 12:16 - 000000000 ____D C:\Users\Uživatel\Desktop\Soubory
2021-11-13 21:59 - 2019-05-12 18:48 - 000000000 ____D C:\Users\Uživatel\AppData\Local\Packages
2021-11-13 21:47 - 2021-07-10 10:40 - 000000000 ____D C:\Users\Uživatel\Documents\Assassin's Creed III
2021-11-13 21:47 - 2020-04-06 02:56 - 000000000 ____D C:\ProgramData\McAfee
2021-11-13 21:47 - 2020-04-06 02:56 - 000000000 ____D C:\Program Files\McAfee
2021-11-13 21:45 - 2021-07-10 10:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-11-13 21:45 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-11-13 21:45 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-11-13 21:44 - 2021-08-09 21:05 - 000000000 ____D C:\Users\UGLCache
2021-11-13 21:44 - 2021-08-09 21:05 - 000000000 ____D C:\Users\U
2021-11-13 21:42 - 2021-09-09 08:19 - 000000000 ____D C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2021-11-13 21:42 - 2021-09-09 07:57 - 000000000 ____D C:\Games
2021-11-13 21:42 - 2021-07-08 20:45 - 000000000 ____D C:\Users\Uživatel\Documents\My Games
2021-11-13 19:46 - 2021-07-08 12:34 - 000000000 ____D C:\Users\Uživatel\AppData\Local\Ubisoft Game Launcher

==================== Files in the root of some directories ========

2021-11-13 21:44 - 2021-11-13 21:44 - 000000310 _____ () C:\ProgramData\remover.bat
2021-10-30 19:11 - 2021-10-30 19:11 - 000000000 _____ () C:\Program Files (x86)\temp_files
2021-08-05 16:45 - 2021-08-05 16:45 - 000000238 _____ () C:\Users\Uživatel\AppData\Roaming\del.bat
2021-07-10 10:45 - 2021-07-10 10:45 - 000349184 ___SH () C:\Users\Uživatel\AppData\Roaming\uadijav
2021-10-30 18:50 - 2021-10-30 18:50 - 000000128 _____ () C:\Users\Uživatel\AppData\Local\PUTTY.RND
2021-11-27 00:28 - 2021-11-27 20:43 - 000007666 _____ () C:\Users\Uživatel\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[qwert29]

Také jsem si teď všiml, že po restartu se na chvilku spustí aplikace z temp složky Windows g2EEB.TMP Ale nikde nemůžu najít, k čemu je.

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[qwert29]

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-11-2021
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 8
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Uživatel\AppData\Roaming\Smart Clock
Deleted C:\Users\Uživatel\AppData\Roaming\WinHost

***** [ Files ] *****

Deleted C:\END
Deleted C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IntelRapid.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Etsy
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WinHost
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinHost
Deleted HKLM\Software\LighteningPlayer

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4445 octets] - [11/12/2021 20:42:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Rudy]

Dejte nové logy FRST+Addition.

[qwert29]

Trošičku jsem pokročil a něco již napravil. Teď mě vlastně už jen trápí to, že se automaticky v defendru vytvářejí vyloučené položky, a to charmap.exe, notepad.exe, rundll32.exe, a cesta d:/. Tyto položky se sami zapisují (bez restartu během práce na PC) do registru Počítač\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Processes
Myslím si, že tam tedy ještě bude nějaký vir nebo trojan. Výpisy přikládám

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Run: [comdlg32] => wscript.exe "C:\ProgramData\WinNT\comdlg32.js" (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1117BAF4-CB78-40D8-8D41-D0241CF7AA69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2021-07-31] (Google Inc -> Google Inc.)
Task: {82ACF3D7-8421-4D85-8837-5257BAD2E945} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2021-07-31] (Google Inc -> Google Inc.)
Task: {BEB9B71E-924A-4271-97CF-561494DDFD6C} - System32\Tasks\Intel Rapid => C:\Users\Uživatel\AppData\Roaming\Intel Rapid\IntelRapid.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U3 aspnet_state; no ImagePath
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\remover.bat

EmptyTemp:
End

Uložte do C:\Users\Uživatel\Desktop\FRST jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[qwert29]

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by Uživatel (14-12-2021 16:13:37) Run:1
Running from C:\Users\Uživatel\Desktop\FRST
Loaded Profiles: Uživatel
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\...\Run: [comdlg32] => wscript.exe "C:\ProgramData\WinNT\comdlg32.js" (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1117BAF4-CB78-40D8-8D41-D0241CF7AA69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2021-07-31] (Google Inc -> Google Inc.)
Task: {82ACF3D7-8421-4D85-8837-5257BAD2E945} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2021-07-31] (Google Inc -> Google Inc.)
Task: {BEB9B71E-924A-4271-97CF-561494DDFD6C} - System32\Tasks\Intel Rapid => C:\Users\Uživatel\AppData\Roaming\Intel Rapid\IntelRapid.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U3 aspnet_state; no ImagePath
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\remover.bat

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
"HKU\S-1-5-21-3467691670-3120493318-3463764219-1001\Software\Microsoft\Windows\CurrentVersion\Run\\comdlg32" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1117BAF4-CB78-40D8-8D41-D0241CF7AA69}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1117BAF4-CB78-40D8-8D41-D0241CF7AA69}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{82ACF3D7-8421-4D85-8837-5257BAD2E945}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82ACF3D7-8421-4D85-8837-5257BAD2E945}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BEB9B71E-924A-4271-97CF-561494DDFD6C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEB9B71E-924A-4271-97CF-561494DDFD6C}" => removed successfully
C:\WINDOWS\System32\Tasks\Intel Rapid => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel Rapid" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\System\CurrentControlSet\Services\aspnet_state => removed successfully
aspnet_state => service removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\ProgramData\remover.bat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10584200 B
Java, Flash, Steam htmlcache => 493596809 B
Windows/system/drivers => 16273358 B
Edge => 380076 B
Chrome => 44791769 B
Firefox => 0 B
Opera => 317791727 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 30904 B
Uživatel => 44008953 B

RecycleBin => 80678 B
EmptyTemp: => 885.8 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-12-2021 16:14:39)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected

==== End of Fixlog 16:14:39 ====

[qwert29]

Z klíče Počítač\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\ zmizeli po fixu všechny podsložky a výjimky byli v Defenderu prázdné, ale do cca 2 minut se tam vytvořila podsložka Processes a v ní první proces rundll32.exe který je teď ve výjimkách

[Rudy]

OK. Proskenujte ještě PC pomocí AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Utilitu stáhněte, nechte pracovat a po skončení akce smažte vše, co najde.

[qwert29]

Děkuji, jdu to udělat.
Ještě jsem sledoval zapisování do registru, a podařilo se mi odchytit jak rundll32.exe zapisuje do registru výjimku na sebe (viz obrázek). Zatím jen vím, že se jedná o proces s PID 1084, ale nedokážu zjistit, co ho spouští. Co vím, rundll32 se používá ke spouštění kódu ze souborů DLL bez nutnosti použití konkrétního spustitelného souboru, a mělo by v Command Line být něco jako "C:\Windows\SysWOW64\rundll32.exe" C:\MyFolder\MyDLLName.dll,MyFunctionName. Podle toho by se dalo zjistit, kdo a za jakým účelem ho spouští. Ale ať používám jakýkoliv nástroj, je tam jen C:\Windows\SysWOW64\rundll32.exe bez dalšího příkazu.

[Rudy]

To v každém případě. Nám jde o to se toho zbavit a AVPTool je nástroj, který by měl (pokud v PC je takový malwrae) ho smazat. Pak je zcela zbytečné vědět, co ho spouští a zda jo vůbec malware je.

[qwert29]

Děkuji za pomoc. Kaspersky Virus Removal Tool našel 3 viry a odstranil je. Teď je vše v pořádku. Přitom já mám osobně placený Eset a věřím mu. Na tenhle notebook jsem několikrát použil Eset online skener i bootovací USB flash s ESET SysRescue. Nic mě ale nenašel.

Ještě jednou děkuji za rady a přeji hezké svátky.

Toto téma můžete zamknout.