Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Totalně zasekané PC

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
ramoniko
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 led 2023 19:32

Totalně zasekané PC

#1 Příspěvek od ramoniko »

prosím o kontrolu

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-12-2022
Ran by Honza (administrator) on LAPTOP-21KUHUFR (HP HP Laptop 15-db0xxx) (04-01-2023 19:46:54)
Running from C:\Users\Honza\Desktop
Loaded Profiles: Honza
Platform: Microsoft Windows 10 Home Version 20H2 19042.1415 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{F38EEE2E-9760-4989-BF5F-C973A1C8C7A0}\AvastBrowserUpdateSetup.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Windows\Temp\AvastBrowserInstaller.exe1d46438e
(C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{F38EEE2E-9760-4989-BF5F-C973A1C8C7A0}\AvastBrowserUpdateSetup.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\GUM55FC.tmp\AvastBrowserUpdate.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\New_160c179c\instup.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\sbr.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe <2>
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.15028.20160\OfficeClickToRun.exe
(C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe ->) (Google LLC -> Google) C:\Users\Honza\AppData\Local\Google\Chrome\User Data\SwReporter\96.276.200\software_reporter_tool.exe <4>
(C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Users\Honza\AppData\Local\Google\Update\Install\{244491C0-6FED-4895-A597-35FB5A92B19A}\108.0.5359.125_chrome_installer.exe
(C:\Users\Honza\AppData\Local\Google\Update\Install\{244491C0-6FED-4895-A597-35FB5A92B19A}\108.0.5359.125_chrome_installer.exe ->) (Google LLC -> Google LLC) C:\Users\Honza\AppData\Local\Google\Update\Install\{244491C0-6FED-4895-A597-35FB5A92B19A}\CR_B892F.tmp\setup.exe <2>
(C:\Windows\Temp\AvastBrowserInstaller.exe1d46438e ->) (Avast Software s.r.o. -> AVAST Software) C:\Windows\Temp\setup.exe1d4643cc <2>
(cmd.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wusa.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe <24>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\lync.exe
(explorer.exe ->) (Opera Software AS -> Opera Software) C:\Users\Honza\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google LLC -> Google LLC) C:\Users\Honza\AppData\Local\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(RuntimeBroker.exe ->) (McAfee LLC.) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0365900.inf_amd64_9711e6a716b3374b\B365971\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(svchost.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe <9>
(svchost.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(svchost.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(svchost.exe ->) (Google Inc -> Google LLC) C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe <3>
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe <2>
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (McAfee LLC.) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WaaSMedicAgent.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\TiWorker.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(WaaSMedicAgent.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
Failed to access process -> OfficeC2RClient.exe
Failed to access process -> OfficeC2RClient.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-03-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [157464 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102824 2021-03-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\Run: [Google Update] => C:\Users\Honza\AppData\Local\Google\Update\1.3.36.152\GoogleUpdateCore.exe [230360 2023-01-04] (Google LLC -> Google LLC)
HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\root\Office16\lync.exe [26599728 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Honza\AppData\Local\Microsoft\Teams\Update.exe [2459304 2022-01-15] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\Run: [Opera Browser Assistant] => C:\Users\Honza\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\96.1.13589.111\Installer\chrmstp.exe [2022-01-16] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\87.0.7478.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0392F175-4EBE-4B3E-888F-642556842A63} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {13654F10-8199-4173-A4FC-656FBE13A0C9} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2502336 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
Task: {3F87CC9A-9188-4F1C-99B9-22FEB2AFB2B5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {4604DB15-967C-4B96-AB33-6960D5FBB0DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [119664 2017-09-27] (HP Inc. -> HP Inc.)
Task: {625301A4-57D7-4341-978E-42341F88A939} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {64A1B228-641B-4C15-AA2D-1E962E1C9EF8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D19C32A-872C-40CD-AF92-3CDFFDB03844} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
Task: {72851F8B-81C8-41D9-A0E5-A260E63D4A60} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4969240 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
Task: {7A268199-4329-4C9C-BDF3-FC0B5329BBF9} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2502336 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
Task: {83903C80-4820-4A57-8B17-B0D5E783AF2D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1490800 2017-09-27] (HP Inc. -> HP Inc.)
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001Core" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001UA" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\HPAudioSwitch" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d7ba07bbcbeb96" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-481291453-4015427652-3704319521-500" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\StartCN" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\StartDVR" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {8B4DF70E-1830-4950-9D52-A16B27400739} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {8F0DA0B1-7E40-404A-A352-D14652A21678} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651632 2017-09-27] (HP Inc. -> HP Inc.)
Task: {98DD1769-7053-4327-9B62-B24466750C73} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.)
Task: {A11D846F-721B-4CC9-9AE5-594A42AEBFBD} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
Task: {A6C6460A-7327-442C-ADCF-C9465F91A47E} - System32\Tasks\Opera scheduled Autoupdate 1555534286 => C:\Users\Honza\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software)
Task: {ADA37CB2-4D41-45E1-8468-6EA0B984F956} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC0ADCFC-8A09-4835-A0BF-E4A3F272814D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {C838708C-7304-4C56-A793-F61ABC0212EF} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {C8AF950B-9A81-436C-9DE2-0BFA5E667874} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68176 2021-03-31] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {C977022C-72F6-47FD-BF62-592535B10CA1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001Core => C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-09-11] (Google Inc -> Google LLC)
Task: {CF64E114-33F6-4B49-89E2-4F9E56B3A02B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60496 2021-03-31] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D1B3A2C1-BAC7-41F3-8920-6F0056FA6FDD} - System32\Tasks\Opera scheduled assistant Autoupdate 1557860659 => C:\Users\Honza\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Honza\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {D1FDBA41-394C-416F-A5E6-8705112FC7AF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2023-01-04] (Avast Software s.r.o. -> Avast Software)
Task: {D423DA9D-5CA2-4DFC-9AE3-523F61CAF385} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001UA => C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-09-11] (Google Inc -> Google LLC)
Task: {DE7CC29A-E7E2-4220-83C5-DC45695A0A93} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {E8D8F5E2-2165-4EAA-9E6E-F4DB53A1F982} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1490800 2017-09-27] (HP Inc. -> HP Inc.)
Task: {FC6488C5-2C0D-4C98-B236-6C43683234DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF3C5612-87DA-4C1B-8DA5-7AFBB46F663C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [216432 2017-09-27] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Secure Browser Heartbeat Task (Hourly).job => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 192.168.1.1 10.100.1.254 8.8.8.8
Tcpip\..\Interfaces\{8e123c9b-a14d-4677-9b55-35744d1e6af3}: [DhcpNameServer] 192.168.88.1 192.168.1.1 10.100.1.254 8.8.8.8
Tcpip\..\Interfaces\{c8619953-4f4a-49c5-bd21-450210a31c58}: [DhcpNameServer] 185.163.181.194 185.163.180.102

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Honza\AppData\Local\Microsoft\Edge\User Data\Default [2023-01-04]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default [2023-01-04]
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://www.facebook.com
CHR Extension: (Prezentace) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-17]
CHR Extension: (Dokumenty) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-17]
CHR Extension: (Disk Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-17]
CHR Extension: (Tabulky) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-16]
CHR Extension: (Gmail) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-06]

Opera:
=======
OPR Profile: C:\Users\Honza\AppData\Roaming\Opera Software\Opera Stable [2022-04-18]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Honza\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-10-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8480848 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [452888 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [452888 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\96.1.13589.111\elevation_service.exe [1721904 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-02] (Avast Software s.r.o. -> AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [679400 2018-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12119432 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-04-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-02-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-02-27] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36784 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [223176 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369216 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [252992 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [100416 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2023-01-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42416 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [186280 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [540056 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108912 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83976 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [853800 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [545176 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215432 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318760 2022-01-15] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-04-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-04-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-02-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-02-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-02-27] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-04 19:46 - 2023-01-04 19:56 - 000030686 _____ C:\Users\Honza\Desktop\FRST.txt
2023-01-04 19:43 - 2023-01-04 19:52 - 000000000 ____D C:\FRST
2023-01-04 19:40 - 2023-01-04 19:41 - 002376192 _____ (Farbar) C:\Users\Honza\Desktop\FRST64.exe
2023-01-04 19:27 - 2023-01-04 19:27 - 009564160 _____ C:\Program Files (x86)\GUT55FD.tmp
2023-01-04 19:27 - 2023-01-04 19:27 - 000000000 ____D C:\Program Files (x86)\GUM55FC.tmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-04 19:50 - 2021-10-05 18:06 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-01-04 19:43 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-01-04 19:36 - 2021-10-05 18:06 - 000003510 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2023-01-04 19:36 - 2021-10-05 18:06 - 000003386 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2023-01-04 19:33 - 2020-09-27 08:53 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-01-04 19:32 - 2021-10-05 18:06 - 000003734 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001UA
2023-01-04 19:32 - 2021-10-05 18:06 - 000003466 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001Core
2023-01-04 19:32 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-01-04 19:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-01-04 19:26 - 2021-08-31 19:39 - 000000000 ____D C:\Program Files\ruxim

==================== Files in the root of some directories ========

2023-01-04 19:27 - 2023-01-04 19:27 - 009564160 _____ () C:\Program Files (x86)\GUT55FD.tmp
2020-10-22 18:59 - 2020-10-22 18:59 - 000001249 _____ () C:\Users\Honza\AppData\Local\PlariumPlay.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Totalně zasekané PC

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

ramoniko
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 led 2023 19:32

Re: Totalně zasekané PC

#3 Příspěvek od ramoniko »

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-04-2023
# Duration: 00:01:59
# OS: Windows 10 (Build 19042.1415)
# Cleaned: 27
# Awaiting reboot:2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\csastats

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C838708C-7304-4C56-A793-F61ABC0212EF}
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Deleted Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Deleted Preinstalled.HPJumpStartLaunch Folder C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98DD1769-7053-4327-9B62-B24466750C73}
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch
Deleted Preinstalled.HPJumpStartLaunch Task C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH
Deleted Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Honza\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Honza\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}
Deleted Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Deleted Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Needs Reboot Preinstalled.HPJumpStartBridge Folder C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Needs Reboot Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Cleaning failed C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE

*************************

AdwCleaner[S00].txt - [4399 octets] - [04/01/2023 21:07:33]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Totalně zasekané PC

#4 Příspěvek od Rudy »

OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

ramoniko
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 led 2023 19:32

Re: Totalně zasekané PC

#5 Příspěvek od ramoniko »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-12-2022
Ran by Honza (administrator) on LAPTOP-21KUHUFR (HP HP Laptop 15-db0xxx) (04-01-2023 22:14:40)
Running from C:\Users\Honza\Desktop
Loaded Profiles: Honza
Platform: Microsoft Windows 10 Home Version 20H2 19042.1415 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(DriverStore\FileRepository\c0365900.inf_amd64_9711e6a716b3374b\B365971\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0365900.inf_amd64_9711e6a716b3374b\B365971\atieclxx.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\Honza\AppData\Local\Google\Chrome\Application\chrome.exe <8>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\lync.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(RuntimeBroker.exe ->) (McAfee LLC.) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0365900.inf_amd64_9711e6a716b3374b\B365971\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(svchost.exe ->) (McAfee LLC.) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618096 2021-03-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [215960 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102824 2021-03-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\Run: [Google Update] => C:\Users\Honza\AppData\Local\Google\Update\1.3.36.152\GoogleUpdateCore.exe [230360 2023-01-04] (Google LLC -> Google LLC)
HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\root\Office16\lync.exe [26362736 2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Honza\AppData\Local\Microsoft\Teams\Update.exe [2459304 2022-01-15] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\Run: [Opera Browser Assistant] => C:\Users\Honza\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\96.1.13589.111\Installer\chrmstp.exe [2022-01-16] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\87.0.7478.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0392F175-4EBE-4B3E-888F-642556842A63} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {13654F10-8199-4173-A4FC-656FBE13A0C9} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2502336 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
Task: {396D7435-AB3C-4A34-A3FC-A05F7A464A47} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144344 2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {4604DB15-967C-4B96-AB33-6960D5FBB0DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [119664 2017-09-27] (HP Inc. -> HP Inc.)
Task: {54393A3E-CB23-4F4F-B2C5-D85AA9DF33D4} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [146816 2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {60FBDCD0-B083-4749-8CEF-C82E9B5A7B5C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144344 2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D19C32A-872C-40CD-AF92-3CDFFDB03844} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
Task: {7A268199-4329-4C9C-BDF3-FC0B5329BBF9} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2502336 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
Task: {7F157D27-AA7D-4583-AD80-BAA0DA381EF1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8509392 2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {83903C80-4820-4A57-8B17-B0D5E783AF2D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart (No File)
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001Core" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001UA" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\HPAudioSwitch" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d7ba07bbcbeb96" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-481291453-4015427652-3704319521-500" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\StartCN" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\StartDVR" /ENABLE
Task: {89F5037A-07D9-4921-9BBE-5CB3EA43BF09} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {8B4DF70E-1830-4950-9D52-A16B27400739} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe -task -source HPSA (No File)
Task: {8F0DA0B1-7E40-404A-A352-D14652A21678} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651632 2017-09-27] (HP Inc. -> HP Inc.)
Task: {A11D846F-721B-4CC9-9AE5-594A42AEBFBD} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
Task: {A6C6460A-7327-442C-ADCF-C9465F91A47E} - System32\Tasks\Opera scheduled Autoupdate 1555534286 => C:\Users\Honza\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software)
Task: {B9B4DABD-FCBD-4BD7-903A-1F7AF087FB25} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4954008 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
Task: {C7875A45-B454-4543-8723-BF76F6E076A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8509392 2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8AF950B-9A81-436C-9DE2-0BFA5E667874} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68176 2021-03-31] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {C977022C-72F6-47FD-BF62-592535B10CA1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001Core => C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-09-11] (Google Inc -> Google LLC)
Task: {CE8E5CE2-6B3D-4247-98AD-38AA08064EF4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26308584 2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {CF64E114-33F6-4B49-89E2-4F9E56B3A02B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60496 2021-03-31] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D1B3A2C1-BAC7-41F3-8920-6F0056FA6FDD} - System32\Tasks\Opera scheduled assistant Autoupdate 1557860659 => C:\Users\Honza\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Honza\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {D1FDBA41-394C-416F-A5E6-8705112FC7AF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2023-01-04] (Avast Software s.r.o. -> Avast Software)
Task: {D423DA9D-5CA2-4DFC-9AE3-523F61CAF385} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001UA => C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-09-11] (Google Inc -> Google LLC)
Task: {DA2FE5C0-EFA6-4115-8A3F-0E0574C6B22A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26308584 2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE7CC29A-E7E2-4220-83C5-DC45695A0A93} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {E8D8F5E2-2165-4EAA-9E6E-F4DB53A1F982} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (No File)
Task: {FF3C5612-87DA-4C1B-8DA5-7AFBB46F663C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Secure Browser Heartbeat Task (Hourly).job => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 192.168.1.1 10.100.1.254 8.8.8.8
Tcpip\..\Interfaces\{8e123c9b-a14d-4677-9b55-35744d1e6af3}: [DhcpNameServer] 192.168.88.1 192.168.1.1 10.100.1.254 8.8.8.8
Tcpip\..\Interfaces\{c8619953-4f4a-49c5-bd21-450210a31c58}: [DhcpNameServer] 185.163.181.194 185.163.180.102

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Honza\AppData\Local\Microsoft\Edge\User Data\Default [2023-01-04]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2023-01-04] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2023-01-04] (Avast Software s.r.o. -> AVAST Software)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default [2023-01-04]
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://www.facebook.com
CHR Extension: (Prezentace) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-17]
CHR Extension: (Dokumenty) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-17]
CHR Extension: (Disk Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-17]
CHR Extension: (Tabulky) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-16]
CHR Extension: (Gmail) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-06]

Opera:
=======
OPR Profile: C:\Users\Honza\AppData\Roaming\Opera Software\Opera Stable [2023-01-04]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Honza\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-10-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8553880 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [597400 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [597400 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-01-04] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\96.1.13589.111\elevation_service.exe [1721904 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-02] (Avast Software s.r.o. -> AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [679400 2018-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12540928 2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4132456 2019-04-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-02-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-02-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31424 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229208 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391272 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297832 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2023-01-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39648 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [267888 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [555560 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80376 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [852000 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [695496 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212632 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318456 2023-01-04] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-04-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-04-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-02-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-02-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-02-27] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-04 21:27 - 2023-01-04 21:27 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2023-01-04 21:06 - 2023-01-04 21:13 - 000000000 ____D C:\AdwCleaner
2023-01-04 21:05 - 2023-01-04 21:05 - 008791352 _____ (Malwarebytes) C:\Users\Honza\Desktop\adwcleaner.exe
2023-01-04 20:03 - 2023-01-04 19:57 - 000273816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-01-04 19:59 - 2023-01-04 20:22 - 000049286 _____ C:\Users\Honza\Desktop\Addition.txt
2023-01-04 19:46 - 2023-01-04 22:17 - 000027281 _____ C:\Users\Honza\Desktop\FRST.txt
2023-01-04 19:43 - 2023-01-04 22:16 - 000000000 ____D C:\FRST
2023-01-04 19:40 - 2023-01-04 19:41 - 002376192 _____ (Farbar) C:\Users\Honza\Desktop\FRST64.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-04 22:10 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-01-04 22:01 - 2019-04-17 22:07 - 000000000 ____D C:\Program Files\Microsoft Office
2023-01-04 21:52 - 2020-09-27 06:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-01-04 21:37 - 2021-10-05 17:44 - 001796812 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-01-04 21:37 - 2019-12-07 15:41 - 000752106 _____ C:\WINDOWS\system32\perfh005.dat
2023-01-04 21:37 - 2019-12-07 15:41 - 000162644 _____ C:\WINDOWS\system32\perfc005.dat
2023-01-04 21:37 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-01-04 21:35 - 2021-12-04 14:26 - 000000000 ____D C:\Users\Honza\AppData\Local\AMD_Common
2023-01-04 21:31 - 2020-10-20 02:18 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-04 21:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-01-04 21:27 - 2019-04-17 22:32 - 000000000 ____D C:\ProgramData\AVAST Software
2023-01-04 21:24 - 2020-09-27 08:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-01-04 21:24 - 2020-09-27 06:50 - 000008192 ___SH C:\DumpStack.log.tmp
2023-01-04 21:18 - 2021-10-05 17:12 - 000000000 ____D C:\Users\Honza
2023-01-04 21:18 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-01-04 21:17 - 2018-08-11 14:01 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2023-01-04 21:16 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-01-04 21:15 - 2018-06-02 00:59 - 000000000 ____D C:\ProgramData\HP
2023-01-04 21:15 - 2018-06-02 00:59 - 000000000 ____D C:\Program Files (x86)\HP
2023-01-04 21:15 - 2018-05-29 00:00 - 000000000 ___HD C:\hp
2023-01-04 21:14 - 2018-06-02 00:59 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2023-01-04 21:13 - 2019-04-17 21:39 - 000000000 ____D C:\Users\Honza\AppData\Roaming\Hewlett-Packard
2023-01-04 21:13 - 2019-04-17 21:29 - 000000000 ____D C:\Users\Honza\AppData\Local\Hewlett-Packard
2023-01-04 21:13 - 2018-06-02 00:59 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2023-01-04 20:56 - 2020-09-27 08:53 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-01-04 20:56 - 2020-09-27 08:53 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-01-04 20:11 - 2019-04-17 22:35 - 000391272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2023-01-04 20:09 - 2021-10-05 18:06 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-01-04 20:03 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-01-04 19:59 - 2019-04-17 22:35 - 000318456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2023-01-04 19:58 - 2020-10-21 14:21 - 000267888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2023-01-04 19:58 - 2020-04-20 14:30 - 000555560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2023-01-04 19:58 - 2019-04-17 22:35 - 000695496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2023-01-04 19:58 - 2019-04-17 22:35 - 000297832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2023-01-04 19:58 - 2019-04-17 22:35 - 000105248 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2023-01-04 19:58 - 2019-04-17 22:35 - 000095960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2023-01-04 19:58 - 2019-04-17 22:35 - 000080376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2023-01-04 19:58 - 2019-04-17 22:35 - 000039648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2023-01-04 19:56 - 2019-04-17 22:35 - 000852000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2023-01-04 19:56 - 2019-04-17 22:35 - 000229208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2023-01-04 19:56 - 2019-04-17 22:35 - 000031424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2023-01-04 19:36 - 2021-10-05 18:06 - 000003510 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2023-01-04 19:36 - 2021-10-05 18:06 - 000003386 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2023-01-04 19:32 - 2021-10-05 18:06 - 000003734 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001UA
2023-01-04 19:32 - 2021-10-05 18:06 - 000003466 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001Core
2023-01-04 19:26 - 2021-08-31 19:39 - 000000000 ____D C:\Program Files\ruxim

==================== Files in the root of some directories ========

2020-10-22 18:59 - 2020-10-22 18:59 - 000001249 _____ () C:\Users\Honza\AppData\Local\PlariumPlay.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

ramoniko
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 led 2023 19:32

Re: Totalně zasekané PC

#6 Příspěvek od ramoniko »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2022
Ran by Honza (04-01-2023 22:18:42)
Running from C:\Users\Honza\Desktop
Microsoft Windows 10 Home Version 20H2 19042.1415 (X64) (2021-10-05 17:09:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-481291453-4015427652-3704319521-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-481291453-4015427652-3704319521-503 - Limited - Disabled)
Guest (S-1-5-21-481291453-4015427652-3704319521-501 - Limited - Disabled)
Honza (S-1-5-21-481291453-4015427652-3704319521-1001 - Administrator - Enabled) => C:\Users\Honza
WDAGUtilityAccount (S-1-5-21-481291453-4015427652-3704319521-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2021.0331.2321.42035 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
ApowerMirror V1.4.7.33 (HKLM-x32\...\{a9482532-9c34-478c-80c3-85bdccbb981f}_is1) (Version: 1.4.7.33 - APOWERSOFT LIMITED)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.12.6044 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 96.1.13589.111 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 5.0.2.1813 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.10.0.0811 - Disc Soft Ltd)
Google Chrome (HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Customer Experience Enhancements (HKLM-x32\...\{9720A595-3D2D-440E-9523-0B6F970745DD}) (Version: 6.0.11.1 - HP Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{16311D0B-D57C-46F8-AE64-9D4D44227271}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{4C246A91-6BAE-450E-BDEA-70D01663DF43}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{78525DEA-1E62-429B-9CA4-A78F899A9F29}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{B2CFD444-5088-4ECC-A1F1-28620C082C36}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{3D00C669-D447-4A04-AFDA-25E9E76E7873}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{59649835-21FD-4523-9AB0-9E67ED77F0CA}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{5C591A5B-EA74-44F7-81DD-A757B5935AAD}) (Version: 1.5.0.0 - HP Inc)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1511 - HP) Hidden
HP Registration Service (HKLM-x32\...\{4E097B06-83A0-4CDD-A9DB-22F0744FE16A}) (Version: 1.0.0.43 - HP Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{4E100CB6-9312-48BC-9DC0-4F4D5C338449}) (Version: 12.8.37.11 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{5D308D1F-E37B-431A-8D35-67D16287467D}) (Version: 1.4.28 - HP Inc.)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 108.0.1462.54 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.15831.20208 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.14.26429 (HKLM\...\{B12F584A-DE7A-3EE3-8EC4-8A64DBC0F2A7}) (Version: 14.14.26429 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.14.26429 (HKLM\...\{03EBF679-E886-38AD-8E70-28658449F7F9}) (Version: 14.14.26429 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.14.26429 (HKLM-x32\...\{6F0267F3-7467-350D-A8C8-33B72E3658D8}) (Version: 14.14.26429 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.14.26429 (HKLM-x32\...\{7753EC39-3039-3629-98BE-447C5D869C09}) (Version: 14.14.26429 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15831.20184 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 80.0.4170.63 (HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\Opera 80.0.4170.63) (Version: 80.0.4170.63 - Opera Software)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9132.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.113 - REALTEK Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-481291453-4015427652-3704319521-1001\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-03-26] (Amazon.com)
Booking.com: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comBigsavingsonhot_2.0.5.0_x64__mgae2k3ys4ra0 [2021-02-20] (Priceline Partner Network)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.68.2.0_x86__kgqvnymyfvs32 [2021-11-06] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2150.1.0_x86__kgqvnymyfvs32 [2021-11-16] (king.com)
Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_13.0.10.0_x86__m9bz608c1b9ra [2021-08-30] (Nordcurrent)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-15] (Microsoft Corporation)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-22] (Dropbox Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.481.0_x86__v10z8vjag6ke6 [2018-08-11] (HP Inc.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-04-22] (LinkedIn)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2021-11-09] (McAfee LLC.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.14527.20276.0_x86__8wekyb3d8bbwe [2021-11-16] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-10-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-10-05] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.14527.20276.0_x86__8wekyb3d8bbwe [2021-11-16] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.14527.20276.0_x86__8wekyb3d8bbwe [2021-11-16] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14527.20276.0_x86__8wekyb3d8bbwe [2021-11-16] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.14527.20276.0_x86__8wekyb3d8bbwe [2021-11-16] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.14527.20276.0_x86__8wekyb3d8bbwe [2021-11-16] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-02] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.14527.20276.0_x86__8wekyb3d8bbwe [2021-11-16] (Microsoft Corporation)
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-04-17] (CYBERLINKCOM CORP)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2021-10-26] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-16] (Spotify AB) [Startup Task]
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-26] (Synaptics Incorporated)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2021-02-20] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Honza\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21264.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{1F9E0710-2073-435F-9C1B-F29946205947}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{75399D28-E622-4973-8752-BC0F7DC47AF3}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.122\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Honza\AppData\Local\Google\Chrome\Application\95.0.4638.69\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Honza\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.152\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.301\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-01-04] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-01-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-01-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-04-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-01-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-04-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-01-04] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk -> C:\Users\Honza\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com

==================== Loaded Modules (Whitelisted) =============

2021-01-05 15:45 - 2021-01-05 15:45 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2021-01-20 16:12 - 2021-01-20 16:12 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\e_sqlite3.dll
2021-03-31 22:09 - 2021-03-31 22:09 - 001640448 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2021-11-02 20:44 - 2021-11-02 20:45 - 016742912 _____ (McAfee LLC) [File not signed] C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.dll
2020-04-20 14:30 - 2020-04-20 14:30 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-04-20 14:30 - 2020-04-20 14:30 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2021-01-05 15:45 - 2021-01-05 15:45 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2021-03-31 22:20 - 2021-03-31 22:20 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-481291453-4015427652-3704319521-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-481291453-4015427652-3704319521-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {DDA21928-D706-45D3-A24C-3BA6C70D1FA5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {DDA21928-D706-45D3-A24C-3BA6C70D1FA5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-481291453-4015427652-3704319521-1001 -> {DDA21928-D706-45D3-A24C-3BA6C70D1FA5} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-04] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-481291453-4015427652-3704319521-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Honza\Desktop\Obrázky\Inkeddubaj2_LI.jpg
DNS Servers: 192.168.88.1 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5F52E0FE-6812-4310-9B79-A4432051F75F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{0FE71FA9-9948-44E5-B47A-1714CD2D766C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{00E659FB-BD45-4ADE-816C-F8C430846942}] => (Allow) C:\Users\Honza\AppData\Local\Programs\Opera\73.0.3856.344\opera.exe => No File
FirewallRules: [{9E751581-3E86-4948-BEFF-8343BF568B44}] => (Allow) C:\Users\Honza\AppData\Local\Programs\Opera\73.0.3856.329\opera.exe => No File
FirewallRules: [UDP Query User{8F134484-4E5A-4BF3-8A9D-CE22D2E68EE5}C:\users\honza\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\honza\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{EF6480C6-959B-4802-876F-62A8DFE859F2}C:\users\honza\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\honza\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07EAFE78-6A3C-4AE3-9731-E0A69C8DF815}] => (Allow) C:\Users\Honza\AppData\Roaming\Zoom\bin_00\airhost.exe => No File
FirewallRules: [{99081285-F744-45C9-87B1-0E3A89511BEC}] => (Allow) C:\Users\Honza\AppData\Roaming\Zoom\bin_00\airhost.exe => No File
FirewallRules: [{969D1976-3C28-4487-B42F-0B319FA2422A}] => (Allow) C:\Users\Honza\AppData\Roaming\Zoom\bin_00\Zoom.exe => No File
FirewallRules: [{E2F4D788-24B5-44BD-9026-0FE813D82B73}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{1BD7076B-E97F-4F49-B291-05AEFBE29AAE}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{B38EBE12-683F-4402-84EB-22C6DD66062C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5453FF7B-BCC7-402D-8227-748C062F66D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A78CC50A-3DDF-4842-AD6A-C7451AE620F3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B95F8726-C2D2-4691-A9A2-285FF0EF5F08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{4249BD42-65C6-4507-92EE-3FE90B9EF43A}C:\users\honza\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\honza\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{62EED104-7E7F-43C6-B596-A3F72AB91C6F}C:\users\honza\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\honza\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{D10E091D-6A12-45B3-9660-EC1D9F2CFE79}C:\users\honza\appdata\roaming\zoom\bin\airhost.exe] => (Block) C:\users\honza\appdata\roaming\zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{08586A34-B68B-4764-A448-694ED39DCB29}C:\users\honza\appdata\roaming\zoom\bin\airhost.exe] => (Block) C:\users\honza\appdata\roaming\zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{14F2B05E-C0B5-4FBD-8619-8B267F3198C2}C:\users\honza\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\honza\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{77D22EE4-27D9-4AA2-805D-E7A69BEE025D}C:\users\honza\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\honza\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C93A2B8A-4157-4784-83A7-79AA8EBCA781}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{85471620-F426-4DC6-8623-EB9F3B608095}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{269FB3BE-49F7-4A8B-AA3D-7ED2240801C4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A420DB3C-C7A1-4D99-AD83-300D6EE1B7FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{759D858D-4AC6-404A-BE9B-893D316268F8}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{118904FD-34B0-4437-873D-B9D1A1C9489E}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{3D785D00-8553-4FA8-86F2-448B68A58C2C}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{0FEDFA27-7D6B-4585-A8EC-3EBF6CFB38CF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{45D519CB-6A59-4D9E-8E27-C164FBD6244B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A53381FC-C26F-43B5-BF79-897974BF8893}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{38BE4FFE-8F6A-4B13-81EE-70216D830E39}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0EC14E18-1DBB-4E84-87F0-77D4BF994C1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0ADB393D-303E-4F94-88F2-2C610166430D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B374C952-2445-46E4-855E-BCA7C2C59235}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14527.20276.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1F6F3DF9-7170-4CB2-A8D3-7F4277798811}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DEE3EC68-563E-47CD-ACE1-9077F387346F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BCB0A038-7732-4CFB-BF04-2750307B275C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{715C9B83-475E-4382-A228-5D56057DD7F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E8F2C6AC-C61F-4D4B-9CCD-41767A9125A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2B904F23-0241-4A3D-B6B3-7C734D414385}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7A3FD329-4370-48AB-8E7A-CE7BC000D93E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AB57E990-79F5-4AD4-A62B-36D5968AA1B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C0F322E3-BA24-4F51-A6BA-0E2A8DB54744}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1B9B66D8-D7DA-4131-B5A7-28558DAAA969}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2564B5FF-B29D-4D99-9274-4C70D2B1C41A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D501C074-9EAA-411D-97D2-91099000B4B1}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{094C1361-AAF4-44BC-9237-2B2E6CC6CF01}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

15-01-2022 23:11:19 Instalační služba modulů systému Windows
16-01-2022 16:42:39 Instalační služba modulů systému Windows
13-04-2022 18:01:11 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/04/2023 10:01:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: lync.exe, verze: 16.0.15028.20160, časové razítko: 0x6243d3e7
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.1288, časové razítko: 0xa280d1d6
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000063416
ID chybujícího procesu: 0x22d4
Čas spuštění chybující aplikace: 0x01d9207b6cc4b233
Cesta k chybující aplikaci: C:\Program Files\Microsoft Office\root\Office16\lync.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: d47326ff-aeb4-46d6-b306-4363b88ce4e1
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/04/2023 09:26:05 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-21KUHUFR$ přes https://AMD-KeyId-578c545f796951421221a ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 04 Jan 2023 20:26:05 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 7e1159f9-ae27-4b73-b7b3-aad571e675e1

Metoda: GET(1437ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (01/04/2023 09:13:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Users\Honza\Desktop\adwcleaner.exe ; Popis = AdwCleaner_BeforeCleaning_04/01/2023_21:07:58; Chyba = 0x80042319).

Error: (01/04/2023 09:13:09 PM) (Source: SPP) (EventID: 16387) (User: )
Description: V zapisovači MSSearch Service Writer došlo při vytváření snímku k chybě.

Další informace: .

Error: (01/04/2023 09:06:36 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LAPTOP-21KUHUFR)
Description: Aplikaci nebo službu Skype for Business nelze ukončit.

Error: (01/04/2023 09:06:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: lync.exe, verze: 16.0.14729.20260, časové razítko: 0x61de29fb
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.1288, časové razítko: 0xa280d1d6
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000063416
ID chybujícího procesu: 0xa48
Čas spuštění chybující aplikace: 0x01d84e99721f5f56
Cesta k chybující aplikaci: C:\Program Files\Microsoft Office\root\Office16\lync.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 6c8a453e-bbb9-4c38-8dcc-7657c506a13f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/04/2023 07:44:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program CHXSmartScreen.exe verze 10.0.19041.423 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3130

Čas spuštění: 01d9206c6bfaddf4

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

ID hlášení: 28a076cb-d08c-4cdc-be4d-9620a23a2c3b

Úplný název balíčku s chybou: Microsoft.Windows.Apprep.ChxApp_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (01/04/2023 07:32:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OfficeC2RClient.exe, verze: 16.0.14729.20254, časové razítko: 0x61dc00d9
Název chybujícího modulu: OfficeC2RClient.exe, verze: 16.0.14729.20254, časové razítko: 0x61dc00d9
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000472073
ID chybujícího procesu: 0x35a0
Čas spuštění chybující aplikace: 0x01d9206925a448ea
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Cesta k chybujícímu modulu: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
ID zprávy: e5a5cd6a-1d34-4ed7-ab18-3b34c566fe64
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (01/04/2023 09:45:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240017): 2022-04, kumulativní aktualizace pro .NET Framework 3.5 a 4.8 pro Windows 10 Version 20H2 pro x64 (KB5012117).

Error: (01/04/2023 09:35:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

Error: (01/04/2023 09:33:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba HP Support Solutions Framework Service přestala během spouštění reagovat.

Error: (01/04/2023 09:31:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby HPWMISVC bylo dosaženo časového limitu (30000 ms).

Error: (01/04/2023 09:28:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HP Comm Recovery neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/04/2023 09:17:02 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Windows Update se po přijetí pokynu pro vypnutí neukončila správně.

Error: (01/04/2023 09:16:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024001e): Aktualizace zabezpečení systému Windows (KB5010342).

Error: (01/04/2023 09:13:32 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} se v daném časovém limitu neregistroval u služby DCOM.


CodeIntegrity:
===============
Date: 2023-01-04 21:30:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2023-01-04 21:30:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2023-01-04 21:29:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Insyde F.10 05/31/2018
Motherboard: HP 84AC
Processor: AMD A9-9425 RADEON R5, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 44%
Total physical RAM: 7643.74 MB
Available physical RAM: 4220.26 MB
Total Virtual: 10459.74 MB
Available Virtual: 5646.9 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.55 GB) (Free:785.55 GB) (Model: HGST HTS541010B7E610) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.72 GB) (Free:1.64 GB) (Model: HGST HTS541010B7E610) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7299c178-7b49-45f3-b121-f47a3f32556c}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.34 GB) NTFS
\\?\Volume{3d3fde3e-ede2-4af2-b8ec-0fce265ab051}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F34E8BF8)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Totalně zasekané PC

#7 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{75399D28-E622-4973-8752-BC0F7DC47AF3}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.122\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Honza\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.301\psuser_64.dll => No File
FirewallRules: [{00E659FB-BD45-4ADE-816C-F8C430846942}] => (Allow) C:\Users\Honza\AppData\Local\Programs\Opera\73.0.3856.344\opera.exe => No File
FirewallRules: [{9E751581-3E86-4948-BEFF-8343BF568B44}] => (Allow) C:\Users\Honza\AppData\Local\Programs\Opera\73.0.3856.329\opera.exe => No File
FirewallRules: [{07EAFE78-6A3C-4AE3-9731-E0A69C8DF815}] => (Allow) C:\Users\Honza\AppData\Roaming\Zoom\bin_00\airhost.exe => No File
FirewallRules: [{99081285-F744-45C9-87B1-0E3A89511BEC}] => (Allow) C:\Users\Honza\AppData\Roaming\Zoom\bin_00\airhost.exe => No File
FirewallRules: [{969D1976-3C28-4487-B42F-0B319FA2422A}] => (Allow) C:\Users\Honza\AppData\Roaming\Zoom\bin_00\Zoom.exe => No File
FirewallRules: [{759D858D-4AC6-404A-BE9B-893D316268F8}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{118904FD-34B0-4437-873D-B9D1A1C9489E}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {C977022C-72F6-47FD-BF62-592535B10CA1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001Core => C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-09-11] (Google Inc -> Google LLC)
Task: {D423DA9D-5CA2-4DFC-9AE3-523F61CAF385} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001UA => C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-09-11] (Google Inc -> Google LLC)
Task: {E8D8F5E2-2165-4EAA-9E6E-F4DB53A1F982} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (No File)
Task: {FF3C5612-87DA-4C1B-8DA5-7AFBB46F663C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\DumpStack.log.tmp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

ramoniko
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 led 2023 19:32

Re: Totalně zasekané PC

#8 Příspěvek od ramoniko »

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-12-2022
Ran by Honza (05-01-2023 11:02:40) Run:1
Running from C:\Users\Honza\Desktop
Loaded Profiles: Honza
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{75399D28-E622-4973-8752-BC0F7DC47AF3}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.122\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Honza\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Honza\AppData\Local\Google\Update\1.3.35.301\psuser_64.dll => No File
FirewallRules: [{00E659FB-BD45-4ADE-816C-F8C430846942}] => (Allow) C:\Users\Honza\AppData\Local\Programs\Opera\73.0.3856.344\opera.exe => No File
FirewallRules: [{9E751581-3E86-4948-BEFF-8343BF568B44}] => (Allow) C:\Users\Honza\AppData\Local\Programs\Opera\73.0.3856.329\opera.exe => No File
FirewallRules: [{07EAFE78-6A3C-4AE3-9731-E0A69C8DF815}] => (Allow) C:\Users\Honza\AppData\Roaming\Zoom\bin_00\airhost.exe => No File
FirewallRules: [{99081285-F744-45C9-87B1-0E3A89511BEC}] => (Allow) C:\Users\Honza\AppData\Roaming\Zoom\bin_00\airhost.exe => No File
FirewallRules: [{969D1976-3C28-4487-B42F-0B319FA2422A}] => (Allow) C:\Users\Honza\AppData\Roaming\Zoom\bin_00\Zoom.exe => No File
FirewallRules: [{759D858D-4AC6-404A-BE9B-893D316268F8}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{118904FD-34B0-4437-873D-B9D1A1C9489E}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {C977022C-72F6-47FD-BF62-592535B10CA1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001Core => C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-09-11] (Google Inc -> Google LLC)
Task: {D423DA9D-5CA2-4DFC-9AE3-523F61CAF385} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001UA => C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-09-11] (Google Inc -> Google LLC)
Task: {E8D8F5E2-2165-4EAA-9E6E-F4DB53A1F982} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (No File)
Task: {FF3C5612-87DA-4C1B-8DA5-7AFBB46F663C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\DumpStack.log.tmp

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{75399D28-E622-4973-8752-BC0F7DC47AF3} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C} => removed successfully
HKU\S-1-5-21-481291453-4015427652-3704319521-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00E659FB-BD45-4ADE-816C-F8C430846942}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E751581-3E86-4948-BEFF-8343BF568B44}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07EAFE78-6A3C-4AE3-9731-E0A69C8DF815}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99081285-F744-45C9-87B1-0E3A89511BEC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{969D1976-3C28-4487-B42F-0B319FA2422A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{759D858D-4AC6-404A-BE9B-893D316268F8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{118904FD-34B0-4437-873D-B9D1A1C9489E}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C977022C-72F6-47FD-BF62-592535B10CA1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C977022C-72F6-47FD-BF62-592535B10CA1}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001Core" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D423DA9D-5CA2-4DFC-9AE3-523F61CAF385}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D423DA9D-5CA2-4DFC-9AE3-523F61CAF385}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-481291453-4015427652-3704319521-1001UA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8D8F5E2-2165-4EAA-9E6E-F4DB53A1F982}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8D8F5E2-2165-4EAA-9E6E-F4DB53A1F982}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\PC Health Analysis" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF3C5612-87DA-4C1B-8DA5-7AFBB46F663C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF3C5612-87DA-4C1B-8DA5-7AFBB46F663C}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\Product Configurator" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50855904 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 15696 B
Windows/system/drivers => 5257632 B
Edge => 1314525 B
Chrome => 335104053 B
Firefox => 0 B
Opera => 70776455 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 1159230555 B
systemprofile32 => 1159230555 B
LocalService => 1159280169 B
NetworkService => 1159282961 B
Honza => 1180753063 B

RecycleBin => 406936330 B
EmptyTemp: => 6.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-01-2023 11:27:36)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 11:27:37 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Totalně zasekané PC

#9 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

ramoniko
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 led 2023 19:32

Re: Totalně zasekané PC

#10 Příspěvek od ramoniko »

vypadá to ze je to v pořádku

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Totalně zasekané PC

#11 Příspěvek od Rudy »

Tak to jsem rád. :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

ramoniko
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 led 2023 19:32

Re: Totalně zasekané PC

#12 Příspěvek od ramoniko »

děkuji moc

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Totalně zasekané PC

#13 Příspěvek od Rudy »

Rádoi se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno