Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

napadení počítače přes vzdálený přístup - Microsoft tech support SCAM

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
demultiplexor
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 15 úno 2023 19:17

napadení počítače přes vzdálený přístup - Microsoft tech support SCAM

#1 Příspěvek od demultiplexor »

Dobrý den,
prosím o kontrolu logu. Jde o počítač win 11 home, 64b. Kamarádka poskytla přístup do svého počítače kyberzločincům, kteří pak začali její počítač ovládat. Bohužel ji do toho ještě telefonovali a vyzvídali osobní údaje, autorizační sms atd..., takže nemá přehled, co se na počítači mezitím dělo. Chybu si po skončení útoku uvědomila a začala zachraňovat, co se dalo (bankovní účty, reset mobilu protože i tam ji nainstalovali aplikaci atd...)

Otázka je, co s počítačem. Nejraději bych ji poradil reset do továrního nastavení, nicméně je v cizině v rámci Erasmu a nevím, jestli si poté zvládne vše nastavit / nainstalovat.
Teď nainstalovala alespoň antivir (ten se někdo pokusil neúspěšně odstranit removal toolem, který se spustil po jeho instalaci), změnila všude hesla, které měla uložena na počítači a zálohuje si důležité dokumenty.

Děkuji za případnou pomoc,
Tomm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-02-2023 01
Ran by pavel (administrator) on LAPTOP-QIORIEIS (Acer Swift SF314-41) (15-02-2023 18:56:21)
Running from C:\Users\ankos\OneDrive\Plocha
Loaded Profiles: pavel & ankos
Platform: Microsoft Windows 11 Home Version 22H2 22621.1105 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <5>
(C:\Program Files (x86)\ISL Online Cache\ISL Restart\s_0\ISLLightService.exe ->) (ISL Online Ltd. -> ISL Online Ltd.) C:\Program Files (x86)\ISL Online Cache\ISL Restart\s_0\b\isllight.exe
(C:\Program Files (x86)\ISL Online Cache\ISL Restart\s_0\ISLLightService.exe ->) (ISL Online Ltd. -> ISL Online Ltd.) C:\Program Files (x86)\ISL Online Cache\ISL Restart\s_0\wm_64helper.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe <12>
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(DriverStore\FileRepository\u0357391.inf_amd64_623c134c11eca761\B356989\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0357391.inf_amd64_623c134c11eca761\B356989\atieclxx.exe
(explorer.exe ->) (Comfort Software Group -> Comfort Software Group) C:\Program Files (x86)\HotAlarmClock\HotAlarmClock.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0357391.inf_amd64_623c134c11eca761\B356989\atiesrxx.exe
(services.exe ->) (Avast Software s.r.o. -> Avast Software) C:\Program Files (x86)\AVAST Software\Business Agent\ClientManager.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Avast Software) C:\Program Files\AVAST Software\Avast\bcc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\bccavsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (GoTrustID Inc. -> GOTrustID Inc.) C:\Program Files\GoTrust ID Plugin\Bridge_Service.exe
(services.exe ->) (GoTrustID Inc. -> GOTrustID Inc.) C:\Program Files\GoTrust ID Plugin\GoTrust ID Plugin\GTFidoService.exe
(services.exe ->) (ISL Online Ltd. -> ISL Online Ltd.) C:\Program Files (x86)\ISL Online Cache\ISL Restart\s_0\ISLLightService.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(sihost.exe ->) (Acer Incorporated) C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3040.0_x64__48frkmn4z8aw4\DesktopApp\AcerRegistrationBackGroundTask.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAWiFiPowerSwitch.exe
(svchost.exe ->) (Acer Incorporated -> Microsoft) C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ankos\AppData\Local\Microsoft\OneDrive\23.020.0125.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22112.142.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\backgroundTaskHost.exe
(wbem\unsecapp.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ankos\AppData\Local\Microsoft\Teams\current\Teams.exe <8>
0 C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe <6>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1140000 2020-07-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [215960 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [271496 2017-11-02] (Canon Inc. -> CANON INC.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1521006093-308815858-1417735835-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123150712 2022-10-04] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\ankos\AppData\Local\Microsoft\Teams\Update.exe [2585824 2022-10-17] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\Run: [MicrosoftEdgeAutoLaunch_EA247F8324ECDD7FC1222EB5F764B215] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243408 2023-02-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\Run: [HotAlarmClock] => C:\Program Files (x86)\HotAlarmClock\HotAlarmClock.exe [43811280 2022-02-04] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123150712 2022-10-04] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\...\Windows x64\Print Processors\Canon G3020 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDGL.DLL [525824 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS3300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDG3.DLL [509952 2019-08-02] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3300 series: C:\WINDOWS\system32\CNMLMG3.DLL [1338368 2019-08-02] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0565852C-60BA-4A1F-8689-D0803C156941} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [268328 2020-04-15] (Acer Incorporated -> Acer Incorporated)
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {077FCBF6-085B-40A0-A487-747116325702} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41632 2021-12-30] (Acer Incorporated -> )
Task: {115F705B-7E89-4D5B-B0E3-20AB5B600224} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {1FEDA6B8-D586-415F-9D49-030B53205634} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {22F4A97C-5217-4503-84CC-D3367B2A2FEC} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2211368 2020-04-15] (Acer Incorporated -> Acer Incorporated)
Task: {26204DAF-9D4C-4D68-80E8-FF04B1F7F031} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [710560 2023-02-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {3317D577-FB56-4950-81DB-2913CFD3F225} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2971808 2021-12-30] (Acer Incorporated -> )
Task: {3320273C-9027-402E-B8A9-1B915B8D2A0E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2295192 2023-02-13] (Avast Software s.r.o. -> Avast Software)
Task: {4FC5EBCD-7B00-4407-AEAE-AB7D5B8DE366} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {593EAE93-C285-46A1-ADF1-17F127781C71} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114616 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5ADBAC6D-1192-410E-A55F-12DA6D6C2EA4} - System32\Tasks\GoTrust ID Driver => C:\Program Files\GoTrust ID Plugin\Resource\GO-Trust_ID_Driver.exe [63488 2019-08-02] (GoTrustID Inc. -> )
Task: {5D420539-1FF8-4687-8B32-17C77B9C5421} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-09-25] (Acer Incorporated -> )
Task: {5EDED622-9D73-4844-B894-9EADB4F1841F} - System32\Tasks\StorPSCTL => C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe [151080 2020-06-18] (Acer Incorporated -> Microsoft)
Task: {6650717C-378E-46A0-8528-5B1EC5B7493A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114616 2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {72DD19FE-2824-475C-BE77-629F676F240F} - System32\Tasks\Quick Access Wi-Fi Power Switch => C:\Program Files\Acer\Quick Access Service\QAWiFiPowerSwitch.exe [211616 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {75DD68CD-3EDF-4133-AD7A-F5006A69F8A7} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [446624 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {791C9F9F-68F2-456E-A7E9-07450A6EEAD3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {834A31E5-38D5-429B-9595-A760CA19D113} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {8C7D26A5-EF7A-4CF5-924A-342D98029ED8} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [70792 2022-08-15] (Acer Incorporated -> )
Task: {968747AE-FA83-4FDD-A1DF-DCFD286576D0} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4836512 2021-12-30] (Acer Incorporated -> )
Task: {A78771D7-EE85-4154-8908-9FF6E16B73AC} - System32\Tasks\App Explorer => C:\Users\pavel\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7583768 2022-12-06] (SweetLabs Inc -> SweetLabs, Inc) <==== ATTENTION
Task: {ACB3774F-6994-44D1-B6CC-5B149C4FC76C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Users\ankos\Downloads\MSERT.exe [133481936 2023-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB883244-D80A-440A-8905-3ED2BB0AE490} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D52C6DEF-FFDE-40EE-B7E1-7726FE36E9E5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {F1A0F744-47C2-4D0F-8231-6BE35806D5C3} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4954008 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
Task: {FFE2C10C-6385-4ADC-B322-A60827B66FA9} - System32\Tasks\Power Button => C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe [2771616 2022-01-03] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1e4a36b1-8b31-4551-849e-c5ef9ebc8e5f}: [DhcpNameServer] 172.19.128.24
Tcpip\..\Interfaces\{3e158715-0a62-46c6-8a8c-d15a45a35d75}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\pavel\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-13]
Edge Notifications: Default -> hxxps://www.facebook.com

FireFox:
========
FF DefaultProfile: 2hymg6l7.default
FF ProfilePath: C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\2hymg6l7.default [2021-06-10]
FF ProfilePath: C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\fru9anm0.default-release [2022-10-08]
FF Extension: (Amazon Assistant) - C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\fru9anm0.default-release\Extensions\abb-acer@amazon.com.xpi [2022-02-28] [UpdateUrl:hxxps://s3-us-west-2.amazonaws.com/ubp-ubpextension-us-prod/vendor-update/firefox/acer1/updates.json]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\fru9anm0.default-release\Extensions\langpack-cs@firefox.mozilla.org.xpi [2022-10-08]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [259232 2021-12-30] (Acer Incorporated -> Acer Incorporated)
R2 aswBcc; C:\Program Files\Avast Software\Avast\bcc.exe [1449368 2023-02-15] (Avast Software s.r.o. -> Avast Software)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8553880 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
R2 Avast Business Console Client Antivirus Service; C:\Program Files\Avast Software\Avast\bccavsvc.exe [6325656 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [597400 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2038168 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [597400 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-01-23] (Microsoft Corporation -> Microsoft Corporation)
R2 ClientManager; C:\Program Files (x86)\AVAST Software\Business Agent\ClientManager.exe [1256344 2022-12-08] (Avast Software s.r.o. -> Avast Software)
R2 GoTrust ID Plugin; C:\Program Files\GoTrust ID Plugin\GoTrust ID Plugin\GTFidoService.exe [17408 2019-08-02] (GoTrustID Inc. -> GOTrustID Inc.)
R2 GoTrustID Service; C:\Program Files\GoTrust ID Plugin\Bridge_Service.exe [246272 2019-08-02] (GoTrustID Inc. -> GOTrustID Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [445432 2021-04-19] (Canon Inc. -> )
R3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2023-02-13] (Microsoft Windows -> Microsoft Corporation)
R2 isl_desktop_restart_0; C:\Program Files (x86)\ISL Online Cache\ISL Restart\s_0\ISLLightService.exe [124568 2023-02-15] (ISL Online Ltd. -> ISL Online Ltd.)
S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [466080 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [504480 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [15212856 2023-01-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2023-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [306728 2020-04-15] (Acer Incorporated -> Acer Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2909208 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137552 2023-02-13] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229208 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391272 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297832 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39648 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [267888 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [555560 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80376 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [852000 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [695504 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212632 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318456 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2023-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [48536 2022-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [438544 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [90384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2023-02-13] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-15 18:59 - 2023-02-15 18:59 - 000002402 _____ C:\Users\ankos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2023-02-15 18:55 - 2023-02-15 18:56 - 000000000 ____D C:\FRST
2023-02-15 18:42 - 2023-02-15 18:55 - 000000000 ____D C:\Program Files (x86)\ISL Hooks
2023-02-15 18:42 - 2023-02-15 18:42 - 000000000 ____D C:\Users\ankos\AppData\Local\ISL Online Cache
2023-02-15 18:42 - 2023-02-15 18:42 - 000000000 ____D C:\Program Files (x86)\ISL Online Cache
2023-02-15 18:37 - 2023-02-15 18:37 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-02-15 18:37 - 2023-02-15 18:37 - 000001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Business Security.lnk
2023-02-15 18:37 - 2023-02-15 18:37 - 000000000 ____D C:\Users\ankos\AppData\Roaming\Avast Software
2023-02-15 18:36 - 2023-02-15 18:36 - 000273816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-02-15 18:35 - 2023-02-15 18:35 - 000000000 ____D C:\Program Files\AVAST Software
2023-02-15 18:35 - 2023-02-15 18:35 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2023-02-15 18:33 - 2023-02-15 18:33 - 000783280 _____ C:\WINDOWS\system32\perfh010.dat
2023-02-15 18:33 - 2023-02-15 18:33 - 000727012 _____ C:\WINDOWS\system32\perfh005.dat
2023-02-15 18:33 - 2023-02-15 18:33 - 000151244 _____ C:\WINDOWS\system32\perfc005.dat
2023-02-15 18:33 - 2023-02-15 18:33 - 000150404 _____ C:\WINDOWS\system32\perfc010.dat
2023-02-15 18:29 - 2023-02-15 18:34 - 632856272 _____ (Avast Software s.r.o.) C:\Users\ankos\Downloads\avast_business_agent_setup_offline.exe
2023-02-15 15:18 - 2023-02-15 15:18 - 000158107 _____ C:\Users\ankos\Downloads\Požadavek.pdf
2023-02-13 21:52 - 2023-02-13 21:52 - 000000020 ___SH C:\Users\pavel\ntuser.ini
2023-02-13 21:34 - 2023-02-13 21:34 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-02-13 21:32 - 2023-02-13 21:32 - 000000020 ___SH C:\Users\ankos\ntuser.ini
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Šablony
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Poslední
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Okolní síť
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Dokumenty
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Data aplikací
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\ProgramData\Šablony
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\ProgramData\Plocha
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\ProgramData\Dokumenty
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\ProgramData\Data aplikací
2023-02-13 21:31 - 2023-02-15 18:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-13 21:31 - 2023-02-13 21:31 - 000017148 _____ C:\WINDOWS\diagwrn.xml
2023-02-13 21:31 - 2023-02-13 21:31 - 000017148 _____ C:\WINDOWS\diagerr.xml
2023-02-13 21:31 - 2023-02-13 21:31 - 000004302 _____ C:\WINDOWS\system32\Tasks\Software Update Application
2023-02-13 21:31 - 2023-02-13 21:31 - 000003852 _____ C:\WINDOWS\system32\Tasks\ACCAgent
2023-02-13 21:31 - 2023-02-13 21:31 - 000003682 _____ C:\WINDOWS\system32\Tasks\AcerCMUpdateTask2.5.22250
2023-02-13 21:31 - 2023-02-13 21:31 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-13 21:31 - 2023-02-13 21:31 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-13 21:31 - 2023-02-13 21:31 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1521006093-308815858-1417735835-1002
2023-02-13 21:31 - 2023-02-13 21:31 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1521006093-308815858-1417735835-1001
2023-02-13 21:31 - 2023-02-13 21:31 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1521006093-308815858-1417735835-1002
2023-02-13 21:31 - 2023-02-13 21:31 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1521006093-308815858-1417735835-1001
2023-02-13 21:31 - 2023-02-13 21:31 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1521006093-308815858-1417735835-500
2023-02-13 21:31 - 2023-02-13 21:31 - 000002782 _____ C:\WINDOWS\system32\Tasks\UbtFrameworkService
2023-02-13 21:31 - 2023-02-13 21:31 - 000002730 _____ C:\WINDOWS\system32\Tasks\ACC
2023-02-13 21:31 - 2023-02-13 21:31 - 000002712 _____ C:\WINDOWS\system32\Tasks\UEIPInvitation
2023-02-13 21:31 - 2023-02-13 21:31 - 000002486 _____ C:\WINDOWS\system32\Tasks\StorPSCTL
2023-02-13 21:31 - 2023-02-13 21:31 - 000002408 _____ C:\WINDOWS\system32\Tasks\GoTrust ID Driver
2023-02-13 21:31 - 2023-02-13 21:31 - 000002408 _____ C:\WINDOWS\system32\Tasks\App Explorer
2023-02-13 21:31 - 2023-02-13 21:31 - 000002362 _____ C:\WINDOWS\system32\Tasks\Quick Access Wi-Fi Power Switch
2023-02-13 21:31 - 2023-02-13 21:31 - 000002328 _____ C:\WINDOWS\system32\Tasks\ACCBackgroundApplication
2023-02-13 21:31 - 2023-02-13 21:31 - 000002296 _____ C:\WINDOWS\system32\Tasks\Power Button
2023-02-13 21:31 - 2023-02-13 21:31 - 000002222 _____ C:\WINDOWS\system32\Tasks\Quick Access
2023-02-13 21:31 - 2023-02-13 21:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2023-02-13 21:31 - 2023-02-13 21:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2023-02-13 21:31 - 2023-02-13 21:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-02-13 21:31 - 2023-02-13 21:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-02-13 21:30 - 2023-02-15 18:33 - 002651642 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-13 21:22 - 2023-02-13 21:52 - 000000000 ____D C:\Users\pavel
2023-02-13 21:22 - 2023-02-13 21:32 - 000000000 ____D C:\Users\ankos
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Šablony
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Soubory cookie
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Poslední
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Okolní tiskárny
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Okolní síť
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Nabídka Start
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Dokumenty
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Data aplikací
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\AppData\Local\Data aplikací
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Šablony
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Soubory cookie
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Poslední
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Okolní tiskárny
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Okolní síť
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Nabídka Start
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Dokumenty
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Data aplikací
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\AppData\Local\Data aplikací
2023-02-13 21:21 - 2023-02-15 15:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-13 21:21 - 2023-02-13 21:32 - 000000000 ____D C:\Windows.old
2023-02-13 21:21 - 2023-02-13 21:21 - 000471152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-02-13 21:21 - 2023-02-13 21:21 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-02-13 21:17 - 2023-02-13 21:21 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2023-02-13 21:16 - 2023-02-13 21:17 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-02-13 19:41 - 2023-02-13 19:41 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2023-02-13 19:41 - 2023-02-13 19:41 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-02-13 19:41 - 2023-02-13 19:41 - 000000000 ____D C:\WINDOWS\addins
2023-02-13 19:30 - 2023-02-13 19:30 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2023-02-13 19:30 - 2023-02-13 19:30 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-02-13 19:30 - 2023-02-13 19:30 - 000000000 ____D C:\Program Files\MSBuild
2023-02-13 19:30 - 2023-02-13 19:30 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-02-13 19:30 - 2023-02-13 19:30 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-02-13 19:25 - 2023-02-13 19:25 - 000000000 ____D C:\WINDOWS\SysWOW64\it
2023-02-13 19:25 - 2023-02-13 19:25 - 000000000 ____D C:\WINDOWS\system32\it
2023-02-13 19:12 - 2023-02-15 18:26 - 000000000 ____D C:\Users\pavel\AppData\Local\Avast Software
2023-02-13 19:11 - 2023-02-13 19:11 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2023-02-13 18:54 - 2023-02-13 18:54 - 000413585 _____ C:\Users\ankos\Downloads\LETAK_-_Ohlaseni_ztraty_nebo_odcizeni_CD-2019.pdf
2023-02-13 18:53 - 2023-02-13 18:53 - 000139476 _____ C:\Users\ankos\Downloads\LETAK_-_Pouceni_pro_drzitele_obcanskeho_prukazu.pdf
2023-02-13 18:44 - 2023-02-13 21:32 - 000000000 ___DC C:\WINDOWS\Panther
2023-02-13 16:15 - 2023-02-15 18:26 - 000000000 ____D C:\Users\ankos\AppData\Local\Avast Software
2023-02-13 16:09 - 2023-02-13 16:09 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2023-02-13 16:07 - 2023-02-15 18:37 - 000000000 ____D C:\ProgramData\Avast Software
2023-02-13 15:56 - 2023-02-13 15:56 - 000007607 _____ C:\Users\pavel\AppData\Local\Resmon.ResmonCfg
2023-02-13 14:54 - 2023-02-13 14:54 - 000000000 ____D C:\Users\ankos\Tracing
2023-02-13 13:23 - 2023-02-15 18:26 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-02-13 13:23 - 2023-02-13 13:23 - 000001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2023-02-13 13:14 - 2023-02-13 13:14 - 014999824 _____ (AVG Technologies CZ, s.r.o.) C:\Users\ankos\Downloads\avgclear.exe
2023-02-13 12:03 - 2023-02-13 12:03 - 000000052 _____ C:\Users\ankos\AppData\Local\xx.ini
2023-02-13 12:02 - 2023-02-13 12:03 - 000000000 ____D C:\Users\ankos\AppData\Local\Alpemix
2023-02-13 12:02 - 2023-02-13 12:02 - 001772752 _____ (Teknopars Bilisim) C:\Users\ankos\Downloads\Alpemix.exe
2023-02-13 11:52 - 2023-02-13 11:54 - 000000000 ____D C:\Users\ankos\AppData\Roaming\AnyDesk
2023-02-13 11:48 - 2023-02-13 13:26 - 000000000 ____D C:\Users\ankos\AppData\Local\TeamViewer
2023-02-12 23:14 - 2023-02-12 23:14 - 000324953 _____ C:\Users\ankos\Downloads\Realism and Dialectic_Novel_Ercolino.pdf
2023-02-12 23:07 - 2023-02-12 23:07 - 000761535 _____ C:\Users\ankos\Downloads\Additional Compulsory Readings-20230212.zip
2023-02-12 19:04 - 2023-02-12 19:05 - 037410914 _____ C:\Users\ankos\Downloads\Postcolonial First and Second class slides.pdf
2023-02-06 13:27 - 2023-02-06 13:27 - 000065566 _____ C:\Users\ankos\Downloads\CertificatodiiscrizioneinlinguaInglese.pdf
2023-02-06 13:22 - 2023-02-06 13:22 - 002872298 _____ C:\Users\ankos\Downloads\Online Study Plan_UPDATED.pdf
2023-02-04 10:51 - 2023-02-04 10:51 - 000779546 _____ C:\Users\ankos\Downloads\GUIDELINES ON THE ACCOUNT UNIVE.pdf
2023-02-04 10:50 - 2023-02-04 10:50 - 000196508 _____ C:\Users\ankos\Downloads\How to book your Welcome KIt.pdf
2023-02-04 01:16 - 2023-02-13 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hot Alarm Clock
2023-02-04 01:16 - 2023-02-11 14:49 - 000000000 ____D C:\Users\ankos\AppData\Roaming\HotAlarmClock
2023-02-04 01:16 - 2023-02-04 01:16 - 000001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hot Alarm Clock.lnk
2023-02-04 01:16 - 2023-02-04 01:16 - 000000000 ____D C:\Program Files (x86)\HotAlarmClock
2023-02-04 01:15 - 2023-02-04 01:15 - 022513360 _____ (Comfort Software Group ) C:\Users\ankos\Downloads\HotAlarmClockSetup.exe
2023-02-01 19:33 - 2023-02-01 19:33 - 000672340 _____ C:\Users\ankos\Downloads\confirmation.pdf
2023-02-01 19:19 - 2023-02-13 17:11 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-02-01 19:12 - 2023-02-01 20:47 - 000319147 _____ C:\Users\ankos\Downloads\contract.pdf
2023-01-31 16:50 - 2023-01-31 16:50 - 012407173 _____ C:\Users\ankos\Downloads\Pantomima.pptx
2023-01-29 19:53 - 2023-01-29 19:53 - 000339514 _____ C:\Users\ankos\Downloads\ucastnicka-smlouva-anna-1.pdf
2023-01-29 19:50 - 2023-01-29 19:50 - 000124845 _____ C:\Users\ankos\Downloads\zadost-o-priznani-stipendia-universal-anna.pdf
2023-01-29 19:42 - 2023-01-29 19:42 - 000085705 _____ C:\Users\ankos\Downloads\cestne-prohlaseni-anna.pdf
2023-01-29 19:42 - 2023-01-29 19:42 - 000072396 _____ C:\Users\ankos\OneDrive\Dokumenty\Microsoft Word - cestne-prohlaseni-anna-.docx - cestne-prohlaseni-anna.pdf
2023-01-27 12:13 - 2023-01-27 12:13 - 000339514 _____ C:\Users\ankos\Downloads\ucastnicka-smlouva-anna.pdf
2023-01-26 22:19 - 2023-01-26 22:19 - 000596111 _____ C:\Users\ankos\Downloads\131001-monography.mobi
2023-01-25 11:27 - 2023-01-25 11:27 - 000374597 _____ C:\Users\ankos\Downloads\Writing an Essay.pptx
2023-01-22 21:17 - 2023-01-22 21:17 - 000205689 _____ C:\Users\ankos\Downloads\InternationalWelcomeWeek_IncomingExchange_Spring23-1.pdf
2023-01-16 19:11 - 2023-01-16 19:11 - 000000000 ___HD C:\$WinREAgent
2023-01-16 18:19 - 2023-01-16 18:19 - 000224963 _____ C:\Users\ankos\Downloads\Šest-procházek-literárními-lesy-1.pdf
2023-01-16 17:06 - 2023-01-16 17:06 - 000224963 _____ C:\Users\ankos\Downloads\Šest-procházek-literárními-lesy.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-15 18:56 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-15 18:48 - 2021-06-10 21:56 - 000000000 ____D C:\Users\pavel\AppData\Local\D3DSCache
2023-02-15 18:36 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-02-15 18:33 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2023-02-15 18:29 - 2022-02-15 14:53 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-15 18:28 - 2022-12-15 09:49 - 000000000 ___RD C:\Users\ankos\OneDrive - MUNI
2023-02-15 18:28 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-15 18:28 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-15 18:28 - 2021-11-07 14:19 - 000000000 ____D C:\Users\ankos\AppData\LocalLow\Mozilla
2023-02-15 18:28 - 2021-11-07 14:04 - 000000000 ___RD C:\Users\ankos\OneDrive
2023-02-15 18:26 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-15 18:26 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-02-15 18:26 - 2021-01-07 01:37 - 000012288 ___SH C:\DumpStack.log.tmp
2023-02-15 18:25 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-02-15 18:21 - 2021-11-07 13:59 - 000000000 ____D C:\Users\ankos\AppData\Local\D3DSCache
2023-02-15 18:20 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-15 15:18 - 2021-01-07 01:42 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-14 00:51 - 2021-06-11 13:48 - 000000000 ____D C:\Users\pavel\AppData\Local\Host App Service
2023-02-13 23:55 - 2021-06-10 21:58 - 000000000 ___RD C:\Users\pavel\OneDrive
2023-02-13 23:43 - 2021-06-10 21:56 - 000000000 ____D C:\Users\pavel\AppData\Local\Packages
2023-02-13 23:42 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-02-13 23:38 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-13 23:38 - 2021-01-07 01:40 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-02-13 21:52 - 2021-11-07 13:59 - 000000000 ____D C:\Users\ankos\AppData\Local\Packages
2023-02-13 21:52 - 2021-06-10 21:59 - 000000000 ____D C:\ProgramData\Packages
2023-02-13 21:49 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-02-13 21:34 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-02-13 21:32 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-02-13 21:32 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows NT
2023-02-13 21:27 - 2022-05-07 06:24 - 000000000 __RHD C:\Users\Public\Libraries
2023-02-13 21:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Media
2023-02-13 21:24 - 2022-05-18 19:54 - 000000000 ____D C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-02-13 21:24 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-02-13 21:24 - 2022-01-06 17:21 - 000000000 ____D C:\Users\ankos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-02-13 21:21 - 2022-09-05 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Acer
2023-02-13 21:21 - 2022-05-18 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-02-13 21:21 - 2022-05-07 06:28 - 000000000 ____D C:\WINDOWS\Setup
2023-02-13 21:21 - 2022-05-07 06:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2023-02-13 21:21 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-02-13 21:21 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-02-13 21:21 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\spool
2023-02-13 21:21 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-02-13 21:21 - 2021-10-13 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Příručka Canon TS3300 series
2023-02-13 21:21 - 2021-10-13 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2023-02-13 21:21 - 2021-07-01 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2023-02-13 21:21 - 2021-06-13 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2023-02-13 21:21 - 2021-06-11 13:29 - 000000000 ____D C:\WINDOWS\oem
2023-02-13 21:21 - 2021-01-07 02:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2023-02-13 21:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-02-13 21:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-02-13 21:20 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-02-13 21:17 - 2021-01-07 01:47 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-02-13 20:51 - 2021-07-02 22:24 - 000000000 ____D C:\Users\pavel\AppData\Local\CrashDumps
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-02-13 20:11 - 2022-05-07 06:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-02-13 20:11 - 2022-05-07 06:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-02-13 19:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\OCR
2023-02-13 19:30 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2023-02-13 19:30 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2023-02-13 19:28 - 2022-05-07 11:14 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-02-13 19:28 - 2022-05-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\system32\winrm
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\system32\WCN
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\system32\slmgr
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-02-13 19:28 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing
2023-02-13 19:25 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2023-02-13 19:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-02-13 19:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-02-13 19:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Com
2023-02-13 19:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\IME
2023-02-13 18:57 - 2021-01-07 02:03 - 000000000 ____D C:\ProgramData\Acer
2023-02-13 18:38 - 2021-06-11 13:48 - 000002381 _____ C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-13 18:37 - 2021-07-01 18:30 - 000000000 ____D C:\ProgramData\AVG
2023-02-13 17:16 - 2021-11-07 13:58 - 000002381 _____ C:\Users\ankos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-13 17:11 - 2021-01-07 02:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-05 01:17 - 2021-10-13 22:23 - 000000000 ____D C:\ProgramData\CanonIJPLM
2023-02-03 11:17 - 2021-01-07 02:06 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-01-31 16:53 - 2021-07-01 18:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-01-29 19:51 - 2022-12-05 16:36 - 000000000 ____D C:\Users\ankos\AppData\Local\CrashDumps
2023-01-27 08:07 - 2022-03-22 09:09 - 000000000 ____D C:\Users\ankos\OneDrive\Dokumenty\Česká literatura 19. století
2023-01-25 13:10 - 2021-06-18 08:14 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-16 18:58 - 2021-07-01 17:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-01-16 18:55 - 2021-07-01 17:37 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2023-02-13 15:56 - 2023-02-13 15:56 - 000007607 _____ () C:\Users\pavel\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2023 01
Ran by pavel (15-02-2023 19:01:05)
Running from C:\Users\ankos\OneDrive\Plocha
Microsoft Windows 11 Home Version 22H2 22621.1105 (X64) (2023-02-13 20:32:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1521006093-308815858-1417735835-500 - Administrator - Disabled)
ankos (S-1-5-21-1521006093-308815858-1417735835-1002 - Limited - Enabled) => C:\Users\ankos
DefaultAccount (S-1-5-21-1521006093-308815858-1417735835-503 - Limited - Disabled)
Guest (S-1-5-21-1521006093-308815858-1417735835-501 - Limited - Disabled)
pavel (S-1-5-21-1521006093-308815858-1417735835-1001 - Administrator - Enabled) => C:\Users\pavel
WDAGUtilityAccount (S-1-5-21-1521006093-308815858-1417735835-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Ultra (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
FW: Norton Security Ultra (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)
Acer Jumpstart (HKLM-x32\...\{0C5ED25A-B8D1-4E71-BFCB-6B370A4EA19C}) (Version: 3.5.22220.20 - Acer)
App Explorer (HKU\S-1-5-21-1521006093-308815858-1417735835-1001\...\Host App Service) (Version: 0.273.4.604 - SweetLabs) <==== ATTENTION
App Explorer (HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\Host App Service) (Version: 0.273.4.346 - SweetLabs) <==== ATTENTION
Avast Business (HKLM-x32\...\Avast Business) (Version: 22.8.1229 - AVAST Software)
Avast Business Security (HKLM\...\Avast Antivirus) (Version: 22.12.2733 - Avast Software) Hidden
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.10.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.4.0 - Canon Inc.)
Canon TS3300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS3300_series) (Version: 1.01 - Canon Inc.)
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
GoTrust ID Plugin 2.0.10.26 (HKLM\...\GoTrust ID Plugin) (Version: 2.0.10.26 - GoTrust ID Inc.)
Hot Alarm Clock (HKLM-x32\...\{672C1EE5-D13F-4EDB-A8CA-26711696C040}_is1) (Version: 6.3.0.0 - Comfort Software Group)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.46 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.78 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.16026.20146 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1521006093-308815858-1417735835-1001\...\OneDriveSetup.exe) (Version: 23.020.0125.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\OneDriveSetup.exe) (Version: 23.020.0125.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\Teams) (Version: 1.6.00.1381 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 (HKLM-x32\...\{0FA68574-690B-4B00-89AA-B28946231449}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 (HKLM-x32\...\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 109.0.1 (x64 en-US)) (Version: 109.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 75.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3038 - Acer Incorporated)
Registrace tiskárny (HKLM-x32\...\Canon EISRegistration) (Version: 1.8.0 - Canon Inc.)
Skype verze 8.89 (HKLM-x32\...\Skype_is1) (Version: 8.89 - Skype Technologies S.A.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.38.3 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation)
User Experience Improvement Program Service (HKLM\...\{E9495FD3-F73D-4D33-A104-047F9E8BE6C7}) (Version: 4.00.3114 - Acer Incorporated)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3040.0_x64__48frkmn4z8aw4 [2022-11-19] (Acer Incorporated)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m [2021-11-07] (Advanced Micro Devices Inc.) [Startup Task]
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-11-07] (Canon Inc.)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2022-01-18] (Acer Incorporated)
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.2.8.0_neutral__yxz26nhyzhsrt [2023-02-13] (Microsoft Corp.)
Cribbage Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.CribbageDeluxe_2.12.147.0_x64__kx24dqmazqk8j [2023-02-13] (Random Salad Games LLC)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-02-13] (Microsoft Corporation)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.5.0_x64__xbfy0k16fey96 [2023-02-13] (Dropbox Inc.)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.53.2.0_x64__q4d96b2w5wcc2 [2023-02-13] (Evernote) [Startup Task]
GoTrust ID -> C:\Program Files\WindowsApps\GOTrustTechnologyInc.GO-TrustAuthenticator_3.1.21.0_x64__0r04f53sqacg6 [2023-02-13] (GoTrustID Inc.)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.13.101.0_x64__kx24dqmazqk8j [2023-02-13] (Random Salad Games LLC)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1760.12.101.0_x64__8xx8rvfyw5nnt [2023-02-13] (Meta) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2023-02-13] (Microsoft Corp.)
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.5.0_x64__8wekyb3d8bbwe [2023-02-13] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.30391.0_x64__8wekyb3d8bbwe [2023-02-13] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2023-02-13] (Microsoft Corporation)
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.6428.0_x64__ypz87dpxkv292 [2021-11-07] (CYBERLINK COM CORP)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2021-11-07] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3038.0_x64__48frkmn4z8aw4 [2022-08-20] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.226.0_x64__dt26b99r8h8gj [2022-04-22] (Realtek Semiconductor Corp)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.3.81.0_x64__kx24dqmazqk8j [2023-02-13] (Random Salad Games LLC)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2023-02-13] (Random Salad Games LLC)
Simple Spider Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSpiderSolitaire_3.8.35.0_x64__kx24dqmazqk8j [2023-02-13] (Random Salad Games LLC)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2023-02-13] (Microsoft Studios) [MS Ad]
User Experience Improvement Program -> C:\Program Files\WindowsApps\AcerIncorporated.UserExperienceImprovementProgram_4.0.3114.0_x64__48frkmn4z8aw4 [2021-11-07] (Acer Incorporated)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2023-02-13] (Microsoft Windows)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x64__8wekyb3d8bbwe [2023-02-04] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x86__8wekyb3d8bbwe [2023-02-04] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1521006093-308815858-1417735835-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
CustomCLSID: HKU\S-1-5-21-1521006093-308815858-1417735835-1002_Classes\CLSID\{04271989-C4D2-3DF9-F58C-BACBC00F0DA1} -> [OneDrive - MUNI] => C:\Users\ankos\OneDrive - MUNI [2022-12-15 09:49]
CustomCLSID: HKU\S-1-5-21-1521006093-308815858-1417735835-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\ankos\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22349.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1521006093-308815858-1417735835-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-15] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-10-13 22:28 - 2017-11-02 14:36 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_CSY.DLL
2021-10-13 22:28 - 2017-11-02 14:36 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2023-02-04 01:16 - 2018-06-08 13:09 - 000149845 _____ (MaresWEB) [File not signed] C:\Program Files (x86)\HotAlarmClock\bass_aac.dll
2023-02-04 01:16 - 2019-12-17 14:16 - 000128181 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\HotAlarmClock\bass.dll
2023-02-04 01:16 - 2016-02-02 17:21 - 000011532 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\HotAlarmClock\bassalac.dll
2023-02-04 01:16 - 2020-12-04 14:04 - 000029452 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\HotAlarmClock\bassflac.dll
2023-02-04 01:16 - 2016-04-04 12:22 - 000017733 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\HotAlarmClock\basswma.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClientManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\isl_desktop_restart_0 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2021-12-16 20:52 - 2021-12-16 20:54 - 000000446 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1521006093-308815858-1417735835-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
HKU\S-1-5-21-1521006093-308815858-1417735835-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7DD6B658-1EA2-4E59-9565-2578509F4D71}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{69122A45-EDC7-4872-AE0B-72C4A762B465}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E56CF351-A2FE-43DE-903D-03143D680273}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C58B5D37-3451-4C32-95A9-75134A9A0614}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AEB5F3A5-D386-4A5B-B8E4-9CE6FBBBDF85}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2E3BFFAE-287D-4F0A-909D-0BFB8EAD5B12}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{22E90FB8-B628-4564-8D0C-441B799A9BDD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DCD66C9F-167C-4BDC-86DA-B32C97633105}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D2F95B8D-0221-4A5E-AAC7-AA79426B5CBA}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0079E2E8-C117-49F7-B178-5229D8C98850}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{10A69F19-A677-4CA8-87A1-836436F409CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B24997FA-F896-47D9-A913-8ACCB5B7E1BB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B798F947-FDD6-42DC-916C-C9DC17DB87A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{57FD830A-EEE3-4634-9888-7D5E93358112}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{27CC41F5-F4D1-4E5B-9919-00F152CBEBD5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FD325DCF-533F-4EB8-AD01-4BC637764110}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D61662B0-3E42-49DB-86A5-0DBCF95D4642}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.204.912.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{500F0C26-2150-4FB5-AE5F-7291FDF99E06}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4C9580D4-94B3-4DC4-BA58-47C235277A2B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B79EE057-5F68-4470-9153-7C9C62E5D7C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{157B0300-96D1-40E2-9907-18B177343897}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33B61FCA-D5FE-447C-8FB3-B9CC69B55EAC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AB024CB9-30DF-4A33-BCC9-4BC098CC4201}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5A2489D0-FEB6-4D2F-B6F7-69C43FB7D27F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{96C5A29C-2A9F-4A94-9150-64FD7903E5D7}] => (Allow) C:\Program Files\AVG\Antivirus\x86\avgAdminClientService.exe => No File
FirewallRules: [{86A04CDC-BFB7-4869-9E6E-D61B6AC98C91}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6B6396FA-2EA5-4C0B-AB9B-F280670F02A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9544704F-9155-489A-BC53-463813DF879A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1267DF77-3992-4DF7-AFC5-411BA57510F9}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C3DF4A5-3681-4981-AB46-F8DF887AEE6F}] => (Allow) C:\Program Files (x86)\AVAST Software\Business Agent\ClientManager.exe (Avast Software s.r.o. -> Avast Software)
FirewallRules: [{06D8BF00-60D5-4D2B-82B6-03748E6D6410}] => (Allow) C:\Program Files (x86)\AVAST Software\Business Agent\ClientManager.exe (Avast Software s.r.o. -> Avast Software)
FirewallRules: [{F9DD892F-B601-4081-A2CF-3B9D028C0369}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{1F2DB6F0-0146-44F5-B83A-B67529CF93A2}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

13-02-2023 21:49:01 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/15/2023 06:26:24 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-QIORIEIS$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(16ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/15/2023 06:26:24 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(16ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/15/2023 03:20:40 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-QIORIEIS$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(0ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/15/2023 03:20:40 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(31ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/13/2023 11:41:48 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-QIORIEIS$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(0ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/13/2023 11:41:48 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(140ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/13/2023 11:09:50 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1017) (User: NT AUTHORITY)
Description: Sběr dat čítače výkonu od služby Lsa byl vypnut z důvodu jedné nebo více chyb generovaných knihovnou čítače výkonu pro tuto službu. Chyby, které vyvolaly tuto akci, byly zapsány do protokolu událostí aplikace. Opravte tyto chyby před novým zapnutím čítačů výkonu pro tuto službu.

Error: (02/13/2023 11:09:50 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1005) (User: NT AUTHORITY)
Description: Pokus o vyhledání procedury Open OpenLsaPerformanceData v knihovně DLL C:\Windows\System32\Secur32.dll pro službu Lsa selhal s kódem chyby Win32 127. Data o výkonu pro tuto službu nebudou k dispozici.


System errors:
=============
Error: (02/15/2023 06:25:59 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Avast Antivirus se po přijetí pokynu pro vypnutí neukončila správně.

Error: (02/15/2023 06:21:48 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QIORIEIS)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/15/2023 03:20:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Windows Update se po přijetí pokynu pro vypnutí neukončila správně.

Error: (02/14/2023 01:57:42 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QIORIEIS)
Description: Server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/13/2023 09:50:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience.

Error: (02/13/2023 09:50:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9WZDNCRFJBH4-Microsoft.Windows.Photos.

Error: (02/13/2023 09:23:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba seznamu sítí byla ukončena s následující chybou:
Zařízení není připraveno.

Error: (02/13/2023 09:23:53 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {A47979D2-C419-11D9-A5B4-001185AD2B89} se v daném časovém limitu neregistroval u služby DCOM.


CodeIntegrity:
===============
Date: 2023-02-15 18:38:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.08 10/15/2020
Motherboard: PK Strongbow_PK
Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
Percentage of memory in use: 72%
Total physical RAM: 6071.51 MB
Available physical RAM: 1684.02 MB
Total Virtual: 24503.51 MB
Available Virtual: 17356.5 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:475.83 GB) (Free:330.84 GB) (Model: HFM512GDJTNG-8310A) NTFS

\\?\Volume{7fe874d7-d37f-49fb-81d7-cf28bc2aabcd}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.48 GB) NTFS
\\?\Volume{d103ee38-e7f0-44a8-9a5c-f20179e219ea}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: ADFCE335)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: napadení počítače přes vzdálený přístup - Microsoft tech support SCAM

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

demultiplexor
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 15 úno 2023 19:17

Re: napadení počítače přes vzdálený přístup - Microsoft tech support SCAM

#3 Příspěvek od demultiplexor »

Děkuji za odpověď

log z Adwcleaneru

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-17-2023
# Duration: 00:00:01
# OS: Windows 11 (Build 22621.1105)
# Cleaned: 21
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Default\AppData\Local\Host App Service
Deleted C:\Users\Public\App Explorer
Deleted C:\Users\ankos\AppData\Local\Host App Service
Deleted C:\Users\pavel\AppData\Local\Host App Service

***** [ Files ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
Deleted C:\Users\ankos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Booking.com.lnk
Deleted C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\APP EXPLORER

***** [ Registry ] *****

Deleted HKCU\Software\App Host Service
Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A78771D7-EE85-4154-8908-9FF6E16B73AC}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKU\S-1-5-21-1521006093-308815858-1417735835-1002\Software\App Host Service
Deleted HKU\S-1-5-21-1521006093-308815858-1417735835-1002\Software\Host App Service
Deleted HKU\S-1-5-21-1521006093-308815858-1417735835-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted Amazon Assistant - abb-acer@amazon.com
Deleted Amazon Assistant - abb-acer@amazon.com

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [7068 octets] - [17/02/2023 18:52:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: napadení počítače přes vzdálený přístup - Microsoft tech support SCAM

#4 Příspěvek od Rudy »

OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

demultiplexor
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 15 úno 2023 19:17

Re: napadení počítače přes vzdálený přístup - Microsoft tech support SCAM

#5 Příspěvek od demultiplexor »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2023
Ran by pavel (administrator) on LAPTOP-QIORIEIS (Acer Swift SF314-41) (24-02-2023 19:27:39)
Running from C:\Users\ankos\OneDrive\Plocha
Loaded Profiles: pavel & ankos
Platform: Microsoft Windows 11 Home Version 22H2 22621.1265 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.46\msedgewebview2.exe <6>
(C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Poskytovatel Windows (R) Win 7 DDK) C:\Windows\UUS\amd64\MoNotificationUx.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(DriverStore\FileRepository\u0357391.inf_amd64_623c134c11eca761\B356989\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0357391.inf_amd64_623c134c11eca761\B356989\atieclxx.exe
(explorer.exe ->) (Comfort Software Group -> Comfort Software Group) C:\Program Files (x86)\HotAlarmClock\HotAlarmClock.exe
(explorer.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ankos\AppData\Local\Microsoft\OneDrive\23.023.0129.0002\Microsoft.SharePoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ankos\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0357391.inf_amd64_623c134c11eca761\B356989\atiesrxx.exe
(services.exe ->) (Avast Software s.r.o. -> Avast Software) C:\Program Files (x86)\AVAST Software\Business Agent\ClientManager.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Avast Software) C:\Program Files\AVAST Software\Avast\bcc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\bccavsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (GoTrustID Inc. -> GOTrustID Inc.) C:\Program Files\GoTrust ID Plugin\Bridge_Service.exe
(services.exe ->) (GoTrustID Inc. -> GOTrustID Inc.) C:\Program Files\GoTrust ID Plugin\GoTrust ID Plugin\GTFidoService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAWiFiPowerSwitch.exe
(svchost.exe ->) (Acer Incorporated -> Microsoft) C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ankos\AppData\Local\Microsoft\OneDrive\23.023.0129.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ankos\Downloads\MSERT.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.1271.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.1271.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22122.94.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1140000 2020-07-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [215960 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [271496 2017-11-02] (Canon Inc. -> CANON INC.)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.50\Installer\setup.exe [4083104 2023-02-20] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1521006093-308815858-1417735835-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123150712 2022-10-04] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\ankos\AppData\Local\Microsoft\Teams\Update.exe [2587456 2023-02-15] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\Run: [HotAlarmClock] => C:\Program Files (x86)\HotAlarmClock\HotAlarmClock.exe [43811280 2022-02-04] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123150712 2022-10-04] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\...\Windows x64\Print Processors\Canon G3020 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDGL.DLL [525824 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS3300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDG3.DLL [509952 2019-08-02] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3300 series: C:\WINDOWS\system32\CNMLMG3.DLL [1338368 2019-08-02] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0565852C-60BA-4A1F-8689-D0803C156941} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [268328 2020-04-15] (Acer Incorporated -> Acer Incorporated)
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {077FCBF6-085B-40A0-A487-747116325702} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41632 2021-12-30] (Acer Incorporated -> )
Task: {115F705B-7E89-4D5B-B0E3-20AB5B600224} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {1FEDA6B8-D586-415F-9D49-030B53205634} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {22F4A97C-5217-4503-84CC-D3367B2A2FEC} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2211368 2020-04-15] (Acer Incorporated -> Acer Incorporated)
Task: {2836C18A-6A32-4DF1-AECF-F6D599B7CC9F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334600 2023-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {3317D577-FB56-4950-81DB-2913CFD3F225} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2971808 2021-12-30] (Acer Incorporated -> )
Task: {3320273C-9027-402E-B8A9-1B915B8D2A0E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2295192 2023-02-13] (Avast Software s.r.o. -> Avast Software)
Task: {52F1A838-95DD-48DC-8DD2-90A6BD99CEF9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716192 2023-02-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {5ADBAC6D-1192-410E-A55F-12DA6D6C2EA4} - System32\Tasks\GoTrust ID Driver => C:\Program Files\GoTrust ID Plugin\Resource\GO-Trust_ID_Driver.exe [63488 2019-08-02] (GoTrustID Inc. -> )
Task: {5D420539-1FF8-4687-8B32-17C77B9C5421} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-09-25] (Acer Incorporated -> )
Task: {5EDED622-9D73-4844-B894-9EADB4F1841F} - System32\Tasks\StorPSCTL => C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe [151080 2020-06-18] (Acer Incorporated -> Microsoft)
Task: {72DD19FE-2824-475C-BE77-629F676F240F} - System32\Tasks\Quick Access Wi-Fi Power Switch => C:\Program Files\Acer\Quick Access Service\QAWiFiPowerSwitch.exe [211616 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {75DD68CD-3EDF-4133-AD7A-F5006A69F8A7} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [446624 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {791C9F9F-68F2-456E-A7E9-07450A6EEAD3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {834A31E5-38D5-429B-9595-A760CA19D113} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {8C7D26A5-EF7A-4CF5-924A-342D98029ED8} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [70792 2022-08-15] (Acer Incorporated -> )
Task: {968747AE-FA83-4FDD-A1DF-DCFD286576D0} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4836512 2021-12-30] (Acer Incorporated -> )
Task: {ACB3774F-6994-44D1-B6CC-5B149C4FC76C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Users\ankos\Downloads\MSERT.exe [133481936 2023-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD7C6082-674F-4E05-8475-4B84624A97ED} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114624 2023-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {C7557256-7BF0-4D0D-A379-0303631CB212} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114624 2023-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D52C6DEF-FFDE-40EE-B7E1-7726FE36E9E5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {F1A0F744-47C2-4D0F-8231-6BE35806D5C3} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4954008 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
Task: {F3DB50F1-4D3F-475C-AD20-EF335B6408F9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334600 2023-02-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {FFE2C10C-6385-4ADC-B322-A60827B66FA9} - System32\Tasks\Power Button => C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe [2771616 2022-01-03] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1e4a36b1-8b31-4551-849e-c5ef9ebc8e5f}: [DhcpNameServer] 172.19.128.24
Tcpip\..\Interfaces\{3e158715-0a62-46c6-8a8c-d15a45a35d75}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\pavel\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-13]
Edge Notifications: Default -> hxxps://www.facebook.com

FireFox:
========
FF DefaultProfile: 2hymg6l7.default
FF ProfilePath: C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\2hymg6l7.default [2021-06-10]
FF ProfilePath: C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\fru9anm0.default-release [2022-10-08]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\fru9anm0.default-release\Extensions\langpack-cs@firefox.mozilla.org.xpi [2022-10-08]
FF Extension: (Avast Online Security & Privacy) - C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\fru9anm0.default-release\Extensions\wrc@avast.com.xpi [2023-02-15]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [259232 2021-12-30] (Acer Incorporated -> Acer Incorporated)
R2 aswBcc; C:\Program Files\Avast Software\Avast\bcc.exe [1449368 2023-02-15] (Avast Software s.r.o. -> Avast Software)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8553880 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
R2 Avast Business Console Client Antivirus Service; C:\Program Files\Avast Software\Avast\bccavsvc.exe [6325656 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [597400 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2038168 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [597400 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2023-02-15] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12554240 2023-02-24] (Microsoft Corporation -> Microsoft Corporation)
R2 ClientManager; C:\Program Files (x86)\AVAST Software\Business Agent\ClientManager.exe [1256344 2022-12-08] (Avast Software s.r.o. -> Avast Software)
R2 GoTrust ID Plugin; C:\Program Files\GoTrust ID Plugin\GoTrust ID Plugin\GTFidoService.exe [17408 2019-08-02] (GoTrustID Inc. -> GOTrustID Inc.)
R2 GoTrustID Service; C:\Program Files\GoTrust ID Plugin\Bridge_Service.exe [246272 2019-08-02] (GoTrustID Inc. -> GOTrustID Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [445432 2021-04-19] (Canon Inc. -> )
R3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2023-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [466080 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [504480 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [15212856 2023-01-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2023-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [306728 2020-04-15] (Acer Incorporated -> Acer Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2909208 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137600 2023-02-17] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [36800 2022-06-02] (Acer Incorporated -> Acer Incorporated)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229208 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391272 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297832 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39648 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [267888 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [555560 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80376 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [852000 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [695504 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212632 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318456 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2023-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [48536 2022-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [438544 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [90384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2023-02-13] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-24 19:24 - 2023-02-24 19:24 - 000000000 ___HD C:\$AV_ASW
2023-02-24 12:19 - 2023-02-24 12:19 - 001155681 _____ C:\Users\ankos\Downloads\3a - Hesiod Theogony.pdf
2023-02-24 12:19 - 2023-02-24 12:19 - 000060109 _____ C:\Users\ankos\Downloads\3b - Lucretius, The Nature of Things.pdf
2023-02-18 19:59 - 2023-02-18 19:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-02-18 19:55 - 2023-02-18 19:55 - 000783280 _____ C:\WINDOWS\system32\perfh010.dat
2023-02-18 19:55 - 2023-02-18 19:55 - 000727012 _____ C:\WINDOWS\system32\perfh005.dat
2023-02-18 19:55 - 2023-02-18 19:55 - 000151244 _____ C:\WINDOWS\system32\perfc005.dat
2023-02-18 19:55 - 2023-02-18 19:55 - 000150404 _____ C:\WINDOWS\system32\perfc010.dat
2023-02-18 14:31 - 2023-02-18 14:32 - 000000000 ____D C:\WINDOWS\Minidump
2023-02-17 19:34 - 2023-02-18 14:29 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2023-02-17 18:48 - 2023-02-17 18:48 - 000000000 ___HD C:\$WinREAgent
2023-02-17 18:44 - 2023-02-17 18:53 - 000000000 ____D C:\AdwCleaner
2023-02-17 18:43 - 2023-02-17 18:43 - 008791352 _____ (Malwarebytes) C:\Users\ankos\Downloads\adwcleaner.exe
2023-02-15 18:59 - 2023-02-15 18:59 - 000002402 _____ C:\Users\ankos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2023-02-15 18:55 - 2023-02-24 19:27 - 000000000 ____D C:\FRST
2023-02-15 18:42 - 2023-02-17 18:55 - 000000000 ____D C:\Program Files (x86)\ISL Hooks
2023-02-15 18:42 - 2023-02-15 18:42 - 000000000 ____D C:\Users\ankos\AppData\Local\ISL Online Cache
2023-02-15 18:42 - 2023-02-15 18:42 - 000000000 ____D C:\Program Files (x86)\ISL Online Cache
2023-02-15 18:37 - 2023-02-24 19:06 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-02-15 18:37 - 2023-02-15 18:37 - 000001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Business Security.lnk
2023-02-15 18:37 - 2023-02-15 18:37 - 000000000 ____D C:\Users\ankos\AppData\Roaming\Avast Software
2023-02-15 18:36 - 2023-02-15 18:36 - 000273816 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-02-15 18:35 - 2023-02-15 18:35 - 000000000 ____D C:\Program Files\AVAST Software
2023-02-15 18:35 - 2023-02-15 18:35 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2023-02-15 18:29 - 2023-02-15 18:34 - 632856272 _____ (Avast Software s.r.o.) C:\Users\ankos\Downloads\avast_business_agent_setup_offline.exe
2023-02-15 15:18 - 2023-02-15 15:18 - 000158107 _____ C:\Users\ankos\Downloads\Požadavek.pdf
2023-02-13 21:52 - 2023-02-13 21:52 - 000000020 ___SH C:\Users\pavel\ntuser.ini
2023-02-13 21:34 - 2023-02-13 21:34 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-02-13 21:32 - 2023-02-13 21:32 - 000000020 ___SH C:\Users\ankos\ntuser.ini
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Šablony
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Poslední
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Okolní síť
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Dokumenty
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\Data aplikací
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\ProgramData\Šablony
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\ProgramData\Plocha
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\ProgramData\Dokumenty
2023-02-13 21:32 - 2023-02-13 21:32 - 000000000 _SHDL C:\ProgramData\Data aplikací
2023-02-13 21:31 - 2023-02-18 14:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-13 21:31 - 2023-02-17 18:31 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1521006093-308815858-1417735835-1002
2023-02-13 21:31 - 2023-02-17 18:31 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1521006093-308815858-1417735835-1002
2023-02-13 21:31 - 2023-02-13 21:31 - 000017148 _____ C:\WINDOWS\diagwrn.xml
2023-02-13 21:31 - 2023-02-13 21:31 - 000017148 _____ C:\WINDOWS\diagerr.xml
2023-02-13 21:31 - 2023-02-13 21:31 - 000004302 _____ C:\WINDOWS\system32\Tasks\Software Update Application
2023-02-13 21:31 - 2023-02-13 21:31 - 000003852 _____ C:\WINDOWS\system32\Tasks\ACCAgent
2023-02-13 21:31 - 2023-02-13 21:31 - 000003682 _____ C:\WINDOWS\system32\Tasks\AcerCMUpdateTask2.5.22250
2023-02-13 21:31 - 2023-02-13 21:31 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-13 21:31 - 2023-02-13 21:31 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-13 21:31 - 2023-02-13 21:31 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1521006093-308815858-1417735835-1001
2023-02-13 21:31 - 2023-02-13 21:31 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1521006093-308815858-1417735835-1001
2023-02-13 21:31 - 2023-02-13 21:31 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1521006093-308815858-1417735835-500
2023-02-13 21:31 - 2023-02-13 21:31 - 000002782 _____ C:\WINDOWS\system32\Tasks\UbtFrameworkService
2023-02-13 21:31 - 2023-02-13 21:31 - 000002730 _____ C:\WINDOWS\system32\Tasks\ACC
2023-02-13 21:31 - 2023-02-13 21:31 - 000002712 _____ C:\WINDOWS\system32\Tasks\UEIPInvitation
2023-02-13 21:31 - 2023-02-13 21:31 - 000002486 _____ C:\WINDOWS\system32\Tasks\StorPSCTL
2023-02-13 21:31 - 2023-02-13 21:31 - 000002408 _____ C:\WINDOWS\system32\Tasks\GoTrust ID Driver
2023-02-13 21:31 - 2023-02-13 21:31 - 000002362 _____ C:\WINDOWS\system32\Tasks\Quick Access Wi-Fi Power Switch
2023-02-13 21:31 - 2023-02-13 21:31 - 000002328 _____ C:\WINDOWS\system32\Tasks\ACCBackgroundApplication
2023-02-13 21:31 - 2023-02-13 21:31 - 000002296 _____ C:\WINDOWS\system32\Tasks\Power Button
2023-02-13 21:31 - 2023-02-13 21:31 - 000002222 _____ C:\WINDOWS\system32\Tasks\Quick Access
2023-02-13 21:31 - 2023-02-13 21:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2023-02-13 21:31 - 2023-02-13 21:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2023-02-13 21:31 - 2023-02-13 21:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-02-13 21:30 - 2023-02-18 19:55 - 002651642 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-13 21:22 - 2023-02-13 21:52 - 000000000 ____D C:\Users\pavel
2023-02-13 21:22 - 2023-02-13 21:32 - 000000000 ____D C:\Users\ankos
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Šablony
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Soubory cookie
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Poslední
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Okolní tiskárny
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Okolní síť
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Nabídka Start
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Dokumenty
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\Data aplikací
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\pavel\AppData\Local\Data aplikací
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Šablony
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Soubory cookie
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Poslední
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Okolní tiskárny
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Okolní síť
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Nabídka Start
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Dokumenty
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\Data aplikací
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2023-02-13 21:22 - 2023-02-13 21:22 - 000000000 _SHDL C:\Users\ankos\AppData\Local\Data aplikací
2023-02-13 21:21 - 2023-02-22 18:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-13 21:21 - 2023-02-17 19:34 - 000471152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-02-13 21:21 - 2023-02-13 21:32 - 000000000 ____D C:\Windows.old
2023-02-13 21:21 - 2023-02-13 21:21 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-02-13 21:17 - 2023-02-13 21:21 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2023-02-13 21:16 - 2023-02-13 21:17 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-02-13 19:41 - 2023-02-13 19:41 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2023-02-13 19:41 - 2023-02-13 19:41 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-02-13 19:41 - 2023-02-13 19:41 - 000000000 ____D C:\WINDOWS\addins
2023-02-13 19:30 - 2023-02-13 19:30 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2023-02-13 19:30 - 2023-02-13 19:30 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-02-13 19:30 - 2023-02-13 19:30 - 000000000 ____D C:\Program Files\MSBuild
2023-02-13 19:30 - 2023-02-13 19:30 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-02-13 19:30 - 2023-02-13 19:30 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-02-13 19:25 - 2023-02-13 19:25 - 000000000 ____D C:\WINDOWS\SysWOW64\it
2023-02-13 19:25 - 2023-02-13 19:25 - 000000000 ____D C:\WINDOWS\system32\it
2023-02-13 19:12 - 2023-02-15 18:26 - 000000000 ____D C:\Users\pavel\AppData\Local\Avast Software
2023-02-13 19:11 - 2023-02-13 19:11 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2023-02-13 18:54 - 2023-02-13 18:54 - 000413585 _____ C:\Users\ankos\Downloads\LETAK_-_Ohlaseni_ztraty_nebo_odcizeni_CD-2019.pdf
2023-02-13 18:53 - 2023-02-13 18:53 - 000139476 _____ C:\Users\ankos\Downloads\LETAK_-_Pouceni_pro_drzitele_obcanskeho_prukazu.pdf
2023-02-13 18:44 - 2023-02-13 21:32 - 000000000 ___DC C:\WINDOWS\Panther
2023-02-13 16:15 - 2023-02-15 18:26 - 000000000 ____D C:\Users\ankos\AppData\Local\Avast Software
2023-02-13 16:09 - 2023-02-13 16:09 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2023-02-13 16:07 - 2023-02-18 14:31 - 000000000 ____D C:\ProgramData\Avast Software
2023-02-13 15:56 - 2023-02-13 15:56 - 000007607 _____ C:\Users\pavel\AppData\Local\Resmon.ResmonCfg
2023-02-13 14:54 - 2023-02-13 14:54 - 000000000 ____D C:\Users\ankos\Tracing
2023-02-13 13:23 - 2023-02-18 14:31 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-02-13 13:23 - 2023-02-13 13:23 - 000001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2023-02-13 13:14 - 2023-02-13 13:14 - 014999824 _____ (AVG Technologies CZ, s.r.o.) C:\Users\ankos\Downloads\avgclear.exe
2023-02-13 12:03 - 2023-02-13 12:03 - 000000052 _____ C:\Users\ankos\AppData\Local\xx.ini
2023-02-13 12:02 - 2023-02-13 12:03 - 000000000 ____D C:\Users\ankos\AppData\Local\Alpemix
2023-02-13 12:02 - 2023-02-13 12:02 - 001772752 _____ (Teknopars Bilisim) C:\Users\ankos\Downloads\Alpemix.exe
2023-02-13 11:52 - 2023-02-13 11:54 - 000000000 ____D C:\Users\ankos\AppData\Roaming\AnyDesk
2023-02-13 11:48 - 2023-02-13 13:26 - 000000000 ____D C:\Users\ankos\AppData\Local\TeamViewer
2023-02-12 23:14 - 2023-02-12 23:14 - 000324953 _____ C:\Users\ankos\Downloads\Realism and Dialectic_Novel_Ercolino.pdf
2023-02-12 23:07 - 2023-02-12 23:07 - 000761535 _____ C:\Users\ankos\Downloads\Additional Compulsory Readings-20230212.zip
2023-02-12 19:04 - 2023-02-12 19:05 - 037410914 _____ C:\Users\ankos\Downloads\Postcolonial First and Second class slides.pdf
2023-02-06 13:27 - 2023-02-06 13:27 - 000065566 _____ C:\Users\ankos\Downloads\CertificatodiiscrizioneinlinguaInglese.pdf
2023-02-06 13:22 - 2023-02-06 13:22 - 002872298 _____ C:\Users\ankos\Downloads\Online Study Plan_UPDATED.pdf
2023-02-04 10:51 - 2023-02-04 10:51 - 000779546 _____ C:\Users\ankos\Downloads\GUIDELINES ON THE ACCOUNT UNIVE.pdf
2023-02-04 10:50 - 2023-02-04 10:50 - 000196508 _____ C:\Users\ankos\Downloads\How to book your Welcome KIt.pdf
2023-02-04 01:16 - 2023-02-13 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hot Alarm Clock
2023-02-04 01:16 - 2023-02-11 14:49 - 000000000 ____D C:\Users\ankos\AppData\Roaming\HotAlarmClock
2023-02-04 01:16 - 2023-02-04 01:16 - 000001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hot Alarm Clock.lnk
2023-02-04 01:16 - 2023-02-04 01:16 - 000000000 ____D C:\Program Files (x86)\HotAlarmClock
2023-02-04 01:15 - 2023-02-04 01:15 - 022513360 _____ (Comfort Software Group ) C:\Users\ankos\Downloads\HotAlarmClockSetup.exe
2023-02-01 19:33 - 2023-02-01 19:33 - 000672340 _____ C:\Users\ankos\Downloads\confirmation.pdf
2023-02-01 19:19 - 2023-02-18 19:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-02-01 19:12 - 2023-02-01 20:47 - 000319147 _____ C:\Users\ankos\Downloads\contract.pdf
2023-01-31 16:50 - 2023-01-31 16:50 - 012407173 _____ C:\Users\ankos\Downloads\Pantomima.pptx
2023-01-29 19:53 - 2023-01-29 19:53 - 000339514 _____ C:\Users\ankos\Downloads\ucastnicka-smlouva.pdf
2023-01-29 19:50 - 2023-01-29 19:50 - 000124845 _____ C:\Users\ankos\Downloads\zadost-o-priznani-stipendia-universal-anna.pdf
2023-01-29 19:42 - 2023-01-29 19:42 - 000085705 _____ C:\Users\ankos\Downloads\cestne-prohlaseni-anna.pdf
2023-01-29 19:42 - 2023-01-29 19:42 - 000072396 _____ C:\Users\ankos\OneDrive\Dokumenty\Microsoft Word - cestne-prohlaseni-anna.docx - cestne-prohlaseni.pdf
2023-01-27 12:13 - 2023-01-27 12:13 - 000339514 _____ C:\Users\ankos\Downloads\ucastnicka-smlouva-anna.pdf
2023-01-26 22:19 - 2023-01-26 22:19 - 000596111 _____ C:\Users\ankos\Downloads\131001-monography.mobi
2023-01-25 11:27 - 2023-01-25 11:27 - 000374597 _____ C:\Users\ankos\Downloads\Writing an Essay.pptx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-24 19:23 - 2022-02-15 14:53 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-24 19:23 - 2021-11-07 14:19 - 000000000 ____D C:\Users\ankos\AppData\LocalLow\Mozilla
2023-02-24 19:15 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-24 12:34 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-24 12:33 - 2021-07-01 18:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-02-24 12:24 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-24 12:24 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-24 12:24 - 2021-01-07 01:42 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-24 12:19 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-02-24 12:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-02-24 12:16 - 2021-11-07 13:59 - 000000000 ____D C:\Users\ankos\AppData\Local\D3DSCache
2023-02-23 01:35 - 2021-11-07 15:22 - 000000000 ____D C:\Users\ankos\AppData\Local\PlaceholderTileLogoFolder
2023-02-22 18:26 - 2021-11-07 13:59 - 000000000 ____D C:\Users\ankos\AppData\Local\Packages
2023-02-22 18:26 - 2021-06-10 21:59 - 000000000 ____D C:\ProgramData\Packages
2023-02-22 18:25 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2023-02-18 19:59 - 2022-12-15 09:49 - 000000000 ___RD C:\Users\ankos\OneDrive - MUNI
2023-02-18 19:59 - 2021-11-07 14:04 - 000000000 ___RD C:\Users\ankos\OneDrive
2023-02-18 19:59 - 2021-01-07 02:06 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-18 19:59 - 2021-01-07 02:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-18 14:31 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-18 14:31 - 2021-01-07 01:37 - 000012288 ___SH C:\DumpStack.log.tmp
2023-02-18 14:31 - 2021-01-07 01:02 - 000254772 ____N C:\WINDOWS\Minidump\021823-8015-01.dmp
2023-02-17 19:35 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-02-17 19:33 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-17 19:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2023-02-17 19:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-02-17 19:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-02-17 19:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-02-17 19:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-02-17 19:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-02-17 19:32 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-02-17 18:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-02-17 18:46 - 2021-07-01 17:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-02-17 18:46 - 2021-06-18 08:14 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-02-17 18:32 - 2021-07-01 17:37 - 149955784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-02-17 18:31 - 2021-11-07 13:58 - 000002381 _____ C:\Users\ankos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-15 19:04 - 2021-06-10 21:56 - 000000000 ____D C:\Users\pavel\AppData\Local\D3DSCache
2023-02-15 18:36 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-02-15 18:25 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-02-13 23:55 - 2021-06-10 21:58 - 000000000 ___RD C:\Users\pavel\OneDrive
2023-02-13 23:43 - 2021-06-10 21:56 - 000000000 ____D C:\Users\pavel\AppData\Local\Packages
2023-02-13 23:42 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-02-13 23:38 - 2021-01-07 01:40 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-02-13 21:32 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows NT
2023-02-13 21:27 - 2022-05-07 06:24 - 000000000 __RHD C:\Users\Public\Libraries
2023-02-13 21:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Media
2023-02-13 21:24 - 2022-05-18 19:54 - 000000000 ____D C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-02-13 21:24 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-02-13 21:24 - 2022-01-06 17:21 - 000000000 ____D C:\Users\ankos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-02-13 21:21 - 2022-09-05 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Acer
2023-02-13 21:21 - 2022-05-18 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-02-13 21:21 - 2022-05-07 06:28 - 000000000 ____D C:\WINDOWS\Setup
2023-02-13 21:21 - 2022-05-07 06:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2023-02-13 21:21 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-02-13 21:21 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-02-13 21:21 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\spool
2023-02-13 21:21 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-02-13 21:21 - 2021-10-13 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Příručka Canon TS3300 series
2023-02-13 21:21 - 2021-10-13 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2023-02-13 21:21 - 2021-07-01 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2023-02-13 21:21 - 2021-06-13 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2023-02-13 21:21 - 2021-06-11 13:29 - 000000000 ____D C:\WINDOWS\oem
2023-02-13 21:21 - 2021-01-07 02:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2023-02-13 21:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-02-13 21:20 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-02-13 21:17 - 2021-01-07 01:47 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-02-13 20:51 - 2021-07-02 22:24 - 000000000 ____D C:\Users\pavel\AppData\Local\CrashDumps
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-02-13 20:13 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-02-13 20:11 - 2022-05-07 06:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-02-13 20:11 - 2022-05-07 06:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-02-13 19:52 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\OCR
2023-02-13 19:30 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2023-02-13 19:30 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2023-02-13 19:28 - 2022-05-07 11:14 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-02-13 19:28 - 2022-05-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\system32\winrm
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\system32\WCN
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\system32\slmgr
2023-02-13 19:28 - 2022-05-07 11:05 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-02-13 19:28 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-02-13 19:28 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing
2023-02-13 19:25 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2023-02-13 19:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-02-13 19:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-02-13 19:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Com
2023-02-13 19:25 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\IME
2023-02-13 18:57 - 2021-01-07 02:03 - 000000000 ____D C:\ProgramData\Acer
2023-02-13 18:38 - 2021-06-11 13:48 - 000002381 _____ C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-13 18:37 - 2021-07-01 18:30 - 000000000 ____D C:\ProgramData\AVG
2023-02-05 01:17 - 2021-10-13 22:23 - 000000000 ____D C:\ProgramData\CanonIJPLM
2023-01-29 19:51 - 2022-12-05 16:36 - 000000000 ____D C:\Users\ankos\AppData\Local\CrashDumps
2023-01-27 08:07 - 2022-03-22 09:09 - 000000000 ____D C:\Users\ankos\OneDrive\Dokumenty\Česká literatura 19. století

==================== Files in the root of some directories ========

2023-02-13 15:56 - 2023-02-13 15:56 - 000007607 _____ () C:\Users\pavel\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2023
Ran by pavel (24-02-2023 19:29:06)
Running from C:\Users\ankos\OneDrive\Plocha
Microsoft Windows 11 Home Version 22H2 22621.1265 (X64) (2023-02-13 20:32:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1521006093-308815858-1417735835-500 - Administrator - Disabled)
ankos (S-1-5-21-1521006093-308815858-1417735835-1002 - Limited - Enabled) => C:\Users\ankos
DefaultAccount (S-1-5-21-1521006093-308815858-1417735835-503 - Limited - Disabled)
Guest (S-1-5-21-1521006093-308815858-1417735835-501 - Limited - Disabled)
pavel (S-1-5-21-1521006093-308815858-1417735835-1001 - Administrator - Enabled) => C:\Users\pavel
WDAGUtilityAccount (S-1-5-21-1521006093-308815858-1417735835-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Ultra (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
FW: Norton Security Ultra (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)
Acer Jumpstart (HKLM-x32\...\{0C5ED25A-B8D1-4E71-BFCB-6B370A4EA19C}) (Version: 3.5.22220.20 - Acer)
Avast Business (HKLM-x32\...\Avast Business) (Version: 22.8.1229 - AVAST Software)
Avast Business Security (HKLM\...\Avast Antivirus) (Version: 22.12.2733 - Avast Software) Hidden
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.10.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.4.0 - Canon Inc.)
Canon TS3300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS3300_series) (Version: 1.01 - Canon Inc.)
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
GoTrust ID Plugin 2.0.10.26 (HKLM\...\GoTrust ID Plugin) (Version: 2.0.10.26 - GoTrust ID Inc.)
Hot Alarm Clock (HKLM-x32\...\{672C1EE5-D13F-4EDB-A8CA-26711696C040}_is1) (Version: 6.3.0.0 - Comfort Software Group)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.56 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.50 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1521006093-308815858-1417735835-1001\...\OneDriveSetup.exe) (Version: 23.020.0125.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\OneDriveSetup.exe) (Version: 23.023.0129.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\Teams) (Version: 1.6.00.1381 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{EF9EBC42-6969-45CE-A8D2-B9249B00C838}) (Version: 5.69.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 (HKLM-x32\...\{0FA68574-690B-4B00-89AA-B28946231449}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 (HKLM-x32\...\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 110.0 (x64 en-US)) (Version: 110.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 75.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3038 - Acer Incorporated)
Registrace tiskárny (HKLM-x32\...\Canon EISRegistration) (Version: 1.8.0 - Canon Inc.)
Skype verze 8.89 (HKLM-x32\...\Skype_is1) (Version: 8.89 - Skype Technologies S.A.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.38.3 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation)
User Experience Improvement Program Service (HKLM\...\{E9495FD3-F73D-4D33-A104-047F9E8BE6C7}) (Version: 4.00.3114 - Acer Incorporated)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1521006093-308815858-1417735835-1002\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3040.0_x64__48frkmn4z8aw4 [2022-11-19] (Acer Incorporated)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m [2021-11-07] (Advanced Micro Devices Inc.) [Startup Task]
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-11-07] (Canon Inc.)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2022-01-18] (Acer Incorporated)
Cribbage Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.CribbageDeluxe_2.12.147.0_x64__kx24dqmazqk8j [2023-02-13] (Random Salad Games LLC)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-02-13] (Microsoft Corporation)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.5.0_x64__xbfy0k16fey96 [2023-02-13] (Dropbox Inc.)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.53.2.0_x64__q4d96b2w5wcc2 [2023-02-13] (Evernote) [Startup Task]
GoTrust ID -> C:\Program Files\WindowsApps\GOTrustTechnologyInc.GO-TrustAuthenticator_3.1.21.0_x64__0r04f53sqacg6 [2023-02-13] (GoTrustID Inc.)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.13.101.0_x64__kx24dqmazqk8j [2023-02-13] (Random Salad Games LLC)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1760.12.101.0_x64__8xx8rvfyw5nnt [2023-02-13] (Meta) [Startup Task]
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2023-02-13] (Microsoft Corporation)
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.6428.0_x64__ypz87dpxkv292 [2021-11-07] (CYBERLINK COM CORP)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2021-11-07] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3038.0_x64__48frkmn4z8aw4 [2022-08-20] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.226.0_x64__dt26b99r8h8gj [2022-04-22] (Realtek Semiconductor Corp)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.3.81.0_x64__kx24dqmazqk8j [2023-02-13] (Random Salad Games LLC)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2023-02-13] (Random Salad Games LLC)
Simple Spider Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSpiderSolitaire_3.8.35.0_x64__kx24dqmazqk8j [2023-02-13] (Random Salad Games LLC)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2023-02-13] (Microsoft Studios) [MS Ad]
User Experience Improvement Program -> C:\Program Files\WindowsApps\AcerIncorporated.UserExperienceImprovementProgram_4.0.3114.0_x64__48frkmn4z8aw4 [2021-11-07] (Acer Incorporated)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2023-02-13] (Microsoft Windows)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x64__8wekyb3d8bbwe [2023-02-04] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x86__8wekyb3d8bbwe [2023-02-04] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1521006093-308815858-1417735835-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe => No File
CustomCLSID: HKU\S-1-5-21-1521006093-308815858-1417735835-1002_Classes\CLSID\{04271989-C4D2-3DF9-F58C-BACBC00F0DA1} -> [OneDrive - MUNI] => C:\Users\ankos\OneDrive - MUNI [2022-12-15 09:49]
CustomCLSID: HKU\S-1-5-21-1521006093-308815858-1417735835-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\ankos\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22349.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1521006093-308815858-1417735835-1002_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2301.22.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-15] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-02-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-10-13 22:28 - 2017-11-02 14:36 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_CSY.DLL
2021-10-13 22:28 - 2017-11-02 14:36 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2023-02-04 01:16 - 2018-06-08 13:09 - 000149845 _____ (MaresWEB) [File not signed] C:\Program Files (x86)\HotAlarmClock\bass_aac.dll
2023-02-04 01:16 - 2019-12-17 14:16 - 000128181 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\HotAlarmClock\bass.dll
2023-02-04 01:16 - 2016-02-02 17:21 - 000011532 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\HotAlarmClock\bassalac.dll
2023-02-04 01:16 - 2020-12-04 14:04 - 000029452 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\HotAlarmClock\bassflac.dll
2023-02-04 01:16 - 2016-04-04 12:22 - 000017733 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\HotAlarmClock\basswma.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClientManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2021-12-16 20:52 - 2021-12-16 20:54 - 000000446 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1521006093-308815858-1417735835-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
HKU\S-1-5-21-1521006093-308815858-1417735835-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AEB5F3A5-D386-4A5B-B8E4-9CE6FBBBDF85}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2E3BFFAE-287D-4F0A-909D-0BFB8EAD5B12}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{22E90FB8-B628-4564-8D0C-441B799A9BDD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DCD66C9F-167C-4BDC-86DA-B32C97633105}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{500F0C26-2150-4FB5-AE5F-7291FDF99E06}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4C9580D4-94B3-4DC4-BA58-47C235277A2B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B79EE057-5F68-4470-9153-7C9C62E5D7C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{157B0300-96D1-40E2-9907-18B177343897}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33B61FCA-D5FE-447C-8FB3-B9CC69B55EAC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AB024CB9-30DF-4A33-BCC9-4BC098CC4201}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5A2489D0-FEB6-4D2F-B6F7-69C43FB7D27F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{96C5A29C-2A9F-4A94-9150-64FD7903E5D7}] => (Allow) C:\Program Files\AVG\Antivirus\x86\avgAdminClientService.exe => No File
FirewallRules: [{86A04CDC-BFB7-4869-9E6E-D61B6AC98C91}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6B6396FA-2EA5-4C0B-AB9B-F280670F02A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9544704F-9155-489A-BC53-463813DF879A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1267DF77-3992-4DF7-AFC5-411BA57510F9}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C3DF4A5-3681-4981-AB46-F8DF887AEE6F}] => (Allow) C:\Program Files (x86)\AVAST Software\Business Agent\ClientManager.exe (Avast Software s.r.o. -> Avast Software)
FirewallRules: [{06D8BF00-60D5-4D2B-82B6-03748E6D6410}] => (Allow) C:\Program Files (x86)\AVAST Software\Business Agent\ClientManager.exe (Avast Software s.r.o. -> Avast Software)
FirewallRules: [{F9DD892F-B601-4081-A2CF-3B9D028C0369}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{1F2DB6F0-0146-44F5-B83A-B67529CF93A2}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{FD24E6B4-7E4F-4CD3-B47E-4F8907CAB7F8}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E48EA11-BD4A-4531-A6D1-FACA2472FD38}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.50\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{17AE1689-2758-4588-A3F6-DB794EB686EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C82147A5-22B3-4CB2-B66D-C2FDC812D28D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{510898F9-247D-4539-A174-8E30C636218A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{21BE737E-DF32-4B3B-A965-2126952B1E62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{40868715-A130-4BFE-9A58-73DA009490C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4B08A6E2-02C1-4207-AFA4-240EA7CD85F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{85AAB921-D0D0-4D13-B350-C12FFF26E7FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{179C8769-5A96-4893-B24E-59E40679FE33}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BFE5F281-71DE-4AF5-B5AF-334072979ED5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{19A68F2F-309B-4629-B9C6-D270F8CD6CE5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0FDB6F58-32C6-4289-92B1-7DD4F50ABDFE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{456DA88E-893F-4340-9542-5BF8A3D9E619}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

17-02-2023 18:48:50 Instalační služba modulů systému Windows
17-02-2023 18:50:12 Instalační služba modulů systému Windows
24-02-2023 12:17:18 Instalační služba modulů systému Windows
24-02-2023 12:18:06 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/24/2023 07:06:42 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Název chybující aplikace: overseer.exe, verze: 1.0.465.0, časové razítko: 0x63b6c96b
Název chybujícího modulu: overseer.exe, verze: 1.0.465.0, časové razítko: 0x63b6c96b
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000264a5
ID chybujícího procesu: 0x0x442c
Čas spuštění chybující aplikace: 0x0x1d9487a9b0dcd05
Cesta k chybující aplikaci: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Cesta k chybujícímu modulu: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
ID zprávy: a0be169a-cb7a-418a-a1a0-e608d0fc3be6
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/24/2023 12:33:22 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LAPTOP-QIORIEIS)
Description: Aplikaci nebo službu Microsoft Office SDX Helper nelze ukončit.

Error: (02/18/2023 02:31:58 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-QIORIEIS$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(16ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/18/2023 02:31:58 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(47ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/17/2023 07:34:46 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-QIORIEIS$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(47ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/17/2023 07:34:46 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(62ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/17/2023 06:40:16 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Název chybující aplikace: overseer.exe, verze: 1.0.465.0, časové razítko: 0x63b6c96b
Název chybujícího modulu: overseer.exe, verze: 1.0.465.0, časové razítko: 0x63b6c96b
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000264a5
ID chybujícího procesu: 0x0x23cc
Čas spuštění chybující aplikace: 0x0x1d942f6c0397767
Cesta k chybující aplikaci: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Cesta k chybujícímu modulu: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
ID zprávy: 310f1f07-ca92-41b7-af56-870129557933
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/17/2023 06:30:37 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007


System errors:
=============
Error: (02/24/2023 12:18:33 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QIORIEIS)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/22/2023 06:33:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience.

Error: (02/18/2023 08:01:12 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QIORIEIS)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/18/2023 02:31:49 PM) (Source: Microsoft-Windows-WER-SystemErrorReporting) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0xfffff8071291c340, 0x0000000000000000)C:\WINDOWS\Minidump\021823-8015-01.dmp12542067-60a8-41f0-9906-6543c49fa0c8

Error: (02/18/2023 02:31:43 PM) (Source: volmgr) (EventID: 162) (User: )
Description: Soubor se stavem systému byl úspěšně vygenerován.

Error: (02/17/2023 07:34:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba HvHost byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.

Error: (02/17/2023 07:32:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Mozilla Maintenance Service byla ukončena s následující chybou:
Nesprávná funkce.

Error: (02/17/2023 06:53:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba GoTrust ID Plugin byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.


CodeIntegrity:
===============
Date: 2023-02-24 12:33:21
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.08 10/15/2020
Motherboard: PK Strongbow_PK
Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
Percentage of memory in use: 69%
Total physical RAM: 6071.51 MB
Available physical RAM: 1881.57 MB
Total Virtual: 24503.51 MB
Available Virtual: 19301.47 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:475.83 GB) (Free:329.67 GB) (Model: HFM512GDJTNG-8310A) NTFS

\\?\Volume{7fe874d7-d37f-49fb-81d7-cf28bc2aabcd}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.48 GB) NTFS
\\?\Volume{d103ee38-e7f0-44a8-9a5c-f20179e219ea}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: ADFCE335)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: napadení počítače přes vzdálený přístup - Microsoft tech support SCAM

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {115F705B-7E89-4D5B-B0E3-20AB5B600224} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {1FEDA6B8-D586-415F-9D49-030B53205634} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D52C6DEF-FFDE-40EE-B7E1-7726FE36E9E5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
CustomCLSID: HKU\S-1-5-21-1521006093-308815858-1417735835-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe => No File
FirewallRules: [{96C5A29C-2A9F-4A94-9150-64FD7903E5D7}] => (Allow) C:\Program Files\AVG\Antivirus\x86\avgAdminClientService.exe => No File

EmptyTemp:
End
Uložte do C:\Users\ankos\OneDrive\Plocha jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

demultiplexor
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 15 úno 2023 19:17

Re: napadení počítače přes vzdálený přístup - Microsoft tech support SCAM

#7 Příspěvek od demultiplexor »

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2023
Ran by pavel (28-02-2023 20:28:33) Run:1
Running from C:\Users\ankos\OneDrive\Plocha
Loaded Profiles: pavel & ankos
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Deft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {1FEDA6B8-D586-415F-9D49-030B53205634} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D52C6DEF-FFDE-40EE-B7E1-7726FE36E9E5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
CustomCLSID: HKU\S-1-5-21-1521006093-308815858-1417735835-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe => No File
FirewallRules: [{96C5A29C-2A9F-4A94-9150-64FD7903E5D7}] => (Allow) C:\Program Files\AVG\Antivirus\x86\avgAdminClientService.exe => No File
fender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {115F705B-7E89-4D5B-B0E3-20AB5B600224} - System32\Tasks\Microso
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{115F705B-7E89-4D5B-B0E3-20AB5B600224}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{115F705B-7E89-4D5B-B0E3-20AB5B600224}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FEDA6B8-D586-415F-9D49-030B53205634}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FEDA6B8-D586-415F-9D49-030B53205634}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D52C6DEF-FFDE-40EE-B7E1-7726FE36E9E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D52C6DEF-FFDE-40EE-B7E1-7726FE36E9E5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKU\S-1-5-21-1521006093-308815858-1417735835-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96C5A29C-2A9F-4A94-9150-64FD7903E5D7}" => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8421897 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 27898 B
Windows/system/drivers => 31325718 B
Edge => 0 B
Firefox => 291027485 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 27906 B
NetworkService => 31008 B
pavel => 10368230 B
ankos => 145571002 B

RecycleBin => 3702782127 B
EmptyTemp: => 3.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:28:55 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: napadení počítače přes vzdálený přístup - Microsoft tech support SCAM

#8 Příspěvek od Rudy »

Smazáno. Je vše v pořádku?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

demultiplexor
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 15 úno 2023 19:17

Re: napadení počítače přes vzdálený přístup - Microsoft tech support SCAM

#9 Příspěvek od demultiplexor »

děkuji za pomoc, zdá se vše v pořádku.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: napadení počítače přes vzdálený přístup - Microsoft tech support SCAM

#10 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno