Váš prohlížeč je spravován vaší organizací

Zpráva

alesheek · #1 Příspěvek od **alesheek** » 22 črc 2023 12:27

Dobrý deň,

prosím o pomoc, od včera mi chrome hlási, že je spravovaný mojhou organizáciou, čo je nezmysel. Je to môj osobný notebook, a nič som sám nemenil, zmena prišla z ničoho nič. Z ničoho nič tiež vyhľadávač začal použivať Bing, a nedal sa zmeniť východzí vyhľadávač na google. Podľa info z netu môže isť o malware. Snažil som sa nájsť malicious browser policies, softver, registre, použil Rkill na zastavenie zlých procesov, ale stále nič.

Malwarebytes nenašiel nič, Avast hlási možnú prítomnosť malwaru v pämati, ale neviem ako to odstrániť.

Pripájam log a addition z FRST. AVAST dal FRST.exe po kontrole do karantény. Prosím o kontrolu a riešenie.

Ďakujem pekne.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2023
Ran by alesh (administrator) on DESKTOP-D610VTJ (Dell Inc. Vostro 3400) (22-07-2023 18:10:14)
Running from C:\Users\alesh\Downloads\FRST64.exe
Loaded Profiles: alesh
Platform: Microsoft Windows 11 Home Version 22H2 22621.1992 (X64) Language: Czech (Czech Republic) -> English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.82\msedgewebview2.exe <6>
(DriverStore\FileRepository\cui_dch.inf_amd64_e6d6f5a306002a89\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e6d6f5a306002a89\igfxEMN.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10>
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_b2ae1335863dd30f\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e6d6f5a306002a89\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_f75fa513cf0ccec1\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_141eb88527011137\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ebf638e0a8a70542\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_e5855ce1805681c2\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_dd349ca1e8d98184\LMS.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c60facea9c32a6cb\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_b2ae1335863dd30f\WavesSysSvc64.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\alesh\AppData\Local\Kingsoft\WPS Office\11.2.0.11537\office6\wpscenter.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_b2ae1335863dd30f\WavesSvc64.exe [1776736 2020-10-15] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c60facea9c32a6cb\RtkAudUService64.exe [3380320 2021-11-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [220056 2023-07-11] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\Run: [MicrosoftEdgeAutoLaunch_4FCDB283A14CB28C75DDB4604D153285] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4113856 2023-07-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\alesh\AppData\Local\Microsoft\Teams\Update.exe [2588488 2023-07-11] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40496032 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\115.0.5790.102\Installer\chrmstp.exe [2023-07-21] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {C3058003-F918-4AA4-AD74-552CAC1CF3E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-04] (Adobe Inc. -> Adobe Inc.)
Task: {4827A01E-1672-44AD-80EE-7F5E1A7A645C} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4940696 2023-07-11] (Avast Software s.r.o. -> AVAST Software)
Task: {28E5AB53-A020-4DDE-9394-91936A151D17} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2135448 2023-04-14] (Avast Software s.r.o. -> Avast Software)
Task: {DC845095-33C2-4381-B9A6-F4FBAA266FBA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {7411F9E8-4DFD-4D88-8C63-42A0FB4C31B8} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "dd589e11-4e36-4ff7-a3e1-f7d6c071ca3d" --version "6.13.10517" --silent
Task: {43DC9B74-E526-4691-B035-72466A86A3DF} - System32\Tasks\CCleanerSkipUAC - alesh => C:\Program Files\CCleaner\CCleaner.exe [34304928 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {8D84498C-CA4F-4B03-BA73-7038637EBF90} - System32\Tasks\GoogleUpdateTaskMachineCore{82E70AAB-2442-41F6-8D32-BACE3A94FDF8} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-07-26] (Google LLC -> Google LLC)
Task: {E957F7B5-B35A-495D-8A85-CE1633EAC647} - System32\Tasks\GoogleUpdateTaskMachineUA{3BB454C5-F72A-48F2-8DC6-2E0E05F5F829} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-07-26] (Google LLC -> Google LLC)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {52881D77-BAC4-4EA1-8423-B3B022A99C8D} - System32\Tasks\WpsExternal_alesh_20230504164749 => C:\Users\alesh\AppData\Local\Kingsoft\WPS Office\11.2.0.11537\office6\wpscloudsvr.exe [1065864 2023-05-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
Task: {E4C43462-E391-4A4C-82A9-0ED38D78D3F9} - System32\Tasks\WpsUpdateTask_alesh => C:\Users\alesh\AppData\Local\Kingsoft\WPS Office\11.2.0.11537\office6\wpsupdate.exe [174472 2023-05-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c8ee7eda-8cab-49e3-9614-708a91feb9cb}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\alesh\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-21]
Edge Extension: (Edge relevant text changes) - C:\Users\alesh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-22]

FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-07-03] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\alesh\AppData\Local\Google\Chrome\User Data\Default [2023-07-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\alesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-07-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-04] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8892824 2023-07-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [578968 2023-07-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [579992 2023-07-11] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2022-08-13] (Avast Software s.r.o. -> AVAST Software)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1063840 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_e5855ce1805681c2\\AS\\IAS\\IntelAudioService.exe [548432 ] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9267376 2023-07-21] (Malwarebytes Inc. -> Malwarebytes)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [197336 2021-06-15] (Qualcomm Atheros, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [561152 2023-07-12] (Microsoft Windows -> Microsoft Corporation)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31368 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [237424 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [392832 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297832 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39600 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [272016 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [556576 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80416 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [943456 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [704264 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212632 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [319512 2023-07-11] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_c330c09d72f3e083\iaLPSS2_GPIO2_TGL.sys [128664 2021-01-27] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_312c3014729186bd\iaLPSS2_I2C_TGL.sys [201376 2021-01-27] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_1f81192e4fdd3684\IntcUSB.sys [1677280 2021-05-19] (Intel Corporation -> Intel(R) Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-07-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77752 2023-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181984 2023-07-22] (Malwarebytes Inc. -> Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2023-06-09] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [452856 2022-07-26] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-07-26] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-07-22 17:37 - 2023-07-22 17:37 - 000693828 _____ C:\WINDOWS\system32\perfh005.dat
2023-07-22 17:37 - 2023-07-22 17:37 - 000143682 _____ C:\WINDOWS\system32\perfc005.dat
2023-07-22 15:59 - 2023-07-22 17:34 - 000000000 ____D C:\WINDOWS\Minidump
2023-07-21 22:40 - 2023-07-21 23:13 - 000000000 ____D C:\ProgramData\HitmanPro
2023-07-21 22:39 - 2023-07-21 22:44 - 014248944 _____ (SurfRight B.V.) C:\Users\alesh\Downloads\HitmanPro_x64.exe
2023-07-21 22:35 - 2023-07-21 22:35 - 000000000 _____ C:\Users\alesh\Downloads\Nepotvrzeno 358834.crdownload
2023-07-21 22:11 - 2023-07-21 22:54 - 000002694 _____ C:\Users\alesh\Desktop\Rkill.txt
2023-07-21 22:07 - 2023-07-21 22:45 - 000009179 _____ C:\Users\alesh\Downloads\Addition.txt
2023-07-21 22:03 - 2023-07-22 18:12 - 000018505 _____ C:\Users\alesh\Downloads\FRST.txt
2023-07-21 22:02 - 2023-07-22 18:11 - 000000000 ____D C:\FRST
2023-07-21 22:00 - 2023-07-21 22:02 - 002384384 _____ (Farbar) C:\Users\alesh\Downloads\FRST64.exe
2023-07-21 21:54 - 2023-07-21 22:10 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\alesh\Downloads\rkill.exe
2023-07-21 21:33 - 2023-07-22 16:04 - 000181984 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-07-21 21:33 - 2023-07-21 21:33 - 000000000 ____D C:\Users\alesh\AppData\Local\mbam
2023-07-21 21:32 - 2023-07-22 17:36 - 000000000 ____D C:\Users\alesh\AppData\Local\Malwarebytes
2023-07-21 21:32 - 2023-07-21 21:32 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-07-21 21:32 - 2023-07-21 21:32 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-07-21 21:31 - 2023-07-21 21:31 - 000048100 _____ C:\Users\alesh\Desktop\záložky_21.07.23.html
2023-07-21 21:25 - 2023-07-21 21:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-07-21 21:24 - 2023-07-21 21:25 - 000000000 ____D C:\Program Files\Malwarebytes
2023-07-19 18:36 - 2023-07-19 18:36 - 000248442 _____ C:\Users\alesh\Desktop\Transcript.pdf
2023-07-19 16:33 - 2023-07-19 16:34 - 001239861 _____ C:\Users\alesh\Downloads\why-its-cool-to-be-kind-british-english-teacher.pdf
2023-07-19 16:27 - 2023-07-19 16:27 - 002070885 _____ C:\Users\alesh\Downloads\get-the-picture-british-english-teacher.pdf
2023-07-18 14:42 - 2023-07-18 14:42 - 000137504 _____ C:\Users\alesh\Downloads\advice-needed.pdf
2023-07-15 21:23 - 2023-06-16 08:21 - 000131163 _____ C:\Users\alesh\Desktop\letenka.pdf
2023-07-12 12:43 - 2023-07-12 12:49 - 000000000 ___HD C:\$WinREAgent
2023-07-11 14:12 - 2023-07-11 14:11 - 000313240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-07-11 10:26 - 2023-07-11 10:26 - 000002402 _____ C:\Users\alesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2023-07-10 10:05 - 2023-07-10 10:05 - 000093141 _____ C:\Users\alesh\Downloads\Week 2324-2327.xlsx - AL (1).pdf
2023-07-09 15:12 - 2023-07-10 10:06 - 000175775 _____ C:\Users\alesh\Downloads\Week 2324-2327.xlsx - AL.pdf
2023-07-07 21:05 - 2023-07-07 22:05 - 000000000 ____D C:\Users\alesh\Desktop\English First
2023-07-05 20:21 - 2023-07-05 20:21 - 000192512 _____ C:\Users\alesh\Downloads\149MZ0-TICKETS.pdf
2023-07-05 16:35 - 2023-07-05 16:35 - 000002076 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2023-07-03 17:50 - 2023-07-03 17:50 - 000000000 ____D C:\Users\alesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-06-22 21:13 - 2023-06-09 06:17 - 000027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-07-22 18:05 - 2022-05-07 12:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-22 17:51 - 2022-07-26 20:53 - 000000000 ____D C:\Program Files (x86)\Google
2023-07-22 17:51 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-22 17:37 - 2023-02-25 23:30 - 001629494 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-22 17:37 - 2022-05-07 12:22 - 000000000 ____D C:\WINDOWS\INF
2023-07-22 17:34 - 2023-02-25 23:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-22 17:34 - 2022-07-26 19:57 - 000000000 __SHD C:\Users\alesh\IntelGraphicsProfiles
2023-07-22 16:04 - 2023-02-25 21:40 - 000000000 ____D C:\Users\alesh
2023-07-22 15:59 - 2023-02-25 23:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-07-22 15:59 - 2023-02-25 23:19 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2023-07-22 15:59 - 2023-02-15 03:07 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-07-22 15:59 - 2022-07-26 19:53 - 000000000 ____D C:\Intel
2023-07-22 15:59 - 2022-06-14 18:32 - 002237863 ____N C:\WINDOWS\Minidump\072223-64031-01.dmp
2023-07-22 15:59 - 2022-06-14 18:32 - 000012288 ___SH C:\DumpStack.log.tmp
2023-07-22 15:59 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-07-22 09:41 - 2022-05-07 12:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-22 09:41 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-22 09:05 - 2023-02-25 23:34 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-07-21 23:32 - 2023-05-04 21:47 - 000003056 _____ C:\WINDOWS\system32\Tasks\WpsExternal_alesh_20230504164749
2023-07-21 23:32 - 2023-05-04 21:47 - 000002740 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_alesh
2023-07-21 23:32 - 2023-02-25 23:34 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-21 23:32 - 2023-02-25 23:34 - 000003486 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{3BB454C5-F72A-48F2-8DC6-2E0E05F5F829}
2023-07-21 23:32 - 2023-02-25 23:34 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-07-21 23:32 - 2023-02-25 23:34 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-21 23:32 - 2023-02-25 23:34 - 000003262 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{82E70AAB-2442-41F6-8D32-BACE3A94FDF8}
2023-07-21 23:32 - 2023-02-25 23:34 - 000003048 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-07-21 23:32 - 2023-02-25 23:34 - 000002254 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - alesh
2023-07-21 23:32 - 2023-02-25 23:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-07-21 22:41 - 2023-06-17 10:10 - 000000000 ____D C:\Users\alesh\AppData\Roaming\Microsoft\MMC
2023-07-21 22:16 - 2022-07-26 19:57 - 000000000 ____D C:\Users\alesh\AppData\Local\Packages
2023-07-21 22:14 - 2022-07-26 19:58 - 000000000 ____D C:\ProgramData\Packages
2023-07-21 21:42 - 2022-07-26 20:53 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-07-21 21:31 - 2022-05-07 12:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-07-20 22:30 - 2023-02-25 23:34 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-07-19 16:46 - 2022-07-26 21:06 - 000000000 ____D C:\Users\alesh\AppData\Roaming\kingsoft
2023-07-17 19:02 - 2022-07-28 21:43 - 000000000 ____D C:\Users\alesh\Desktop\English in Slovakia
2023-07-17 17:59 - 2022-07-26 19:58 - 000000000 ____D C:\Users\alesh\AppData\Local\D3DSCache
2023-07-15 19:14 - 2022-06-14 18:35 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-15 18:37 - 2023-04-08 18:47 - 000000000 ____D C:\Users\alesh\Desktop\English resources
2023-07-14 16:42 - 2022-07-27 00:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-14 11:33 - 2022-07-27 00:09 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-13 11:29 - 2022-11-07 17:39 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-07-13 00:28 - 2022-08-13 15:43 - 000000000 ____D C:\ProgramData\Avast Software
2023-07-13 00:18 - 2023-02-25 23:23 - 000295616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-13 00:15 - 2022-05-07 12:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-07-13 00:14 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\UUS
2023-07-13 00:14 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-13 00:13 - 2022-05-07 12:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-13 00:13 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-13 00:13 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-07-13 00:13 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-13 00:13 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-13 00:13 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-13 00:13 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-07-13 00:13 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-07-13 00:13 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-07-13 00:13 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-07-13 00:13 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-12 13:33 - 2022-05-07 12:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-12 13:07 - 2023-02-25 23:28 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-11 21:16 - 2022-11-07 19:19 - 000000000 ____D C:\Users\alesh\AppData\Roaming\Microsoft\Teams
2023-07-11 14:11 - 2022-08-13 15:45 - 000943456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2023-07-11 14:11 - 2022-08-13 15:45 - 000704264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2023-07-11 14:11 - 2022-08-13 15:45 - 000556576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2023-07-11 14:11 - 2022-08-13 15:45 - 000392832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2023-07-11 14:11 - 2022-08-13 15:45 - 000319512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2023-07-11 14:11 - 2022-08-13 15:45 - 000297832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2023-07-11 14:11 - 2022-08-13 15:45 - 000272016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2023-07-11 14:11 - 2022-08-13 15:45 - 000237424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2023-07-11 14:11 - 2022-08-13 15:45 - 000105248 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2023-07-11 14:11 - 2022-08-13 15:45 - 000095960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2023-07-11 14:11 - 2022-08-13 15:45 - 000080416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2023-07-11 14:11 - 2022-08-13 15:45 - 000039600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2023-07-11 14:11 - 2022-08-13 15:45 - 000031368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2023-07-11 10:26 - 2022-11-07 19:15 - 000000000 ____D C:\Users\alesh\AppData\Local\SquirrelTemp
2023-07-06 09:41 - 2022-05-07 12:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-07-05 16:35 - 2022-08-13 15:46 - 000002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2023-07-05 16:34 - 2023-02-15 03:07 - 000000000 ____D C:\Program Files\CCleaner
2023-07-03 19:50 - 2022-08-25 02:34 - 000000000 ____D C:\Users\alesh\AppData\Local\CrashDumps
2023-07-03 17:50 - 2022-07-26 22:07 - 000000000 ____D C:\Users\alesh\AppData\Roaming\Zoom

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2023
Ran by alesh (22-07-2023 18:14:03)
Running from C:\Users\alesh\Downloads
Microsoft Windows 11 Home Version 22H2 22621.1992 (X64) (2023-02-25 20:47:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3280481963-2984573275-3818534429-500 - Administrator - Disabled)
alesh (S-1-5-21-3280481963-2984573275-3818534429-1001 - Administrator - Enabled) => C:\Users\alesh
DefaultAccount (S-1-5-21-3280481963-2984573275-3818534429-503 - Limited - Disabled)
Guest (S-1-5-21-3280481963-2984573275-3818534429-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3280481963-2984573275-3818534429-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1051-1033-7760-BC15014EA700}) (Version: 23.003.20244 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 23.6.6070 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1206.2 - AVAST Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 6.13 - Piriform)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1583.3 - Piriform Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 115.0.5790.102 - Google LLC)
Malwarebytes version 4.5.33.272 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.33.272 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.82 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.82 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\Teams) (Version: 1.6.00.16472 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
WPS Office (11.2.0.11537) (HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\Kingsoft Office) (Version: 11.2.0.11537 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\ZoomUMX) (Version: 5.14.11 (17466) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-02-28] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-13] (Microsoft Corporation)
ms-resource:System_Item_Title_IntelGraphicsControlPanel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-01] (INTEL CORP) [Startup Task]
Waves MaxxAudio Pro for Dell 2020 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2020_3.0.98.0_x64__fh4rh281wavaa [2022-07-26] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3280481963-2984573275-3818534429-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_b2ae1335863dd30f\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
CustomCLSID: HKU\S-1-5-21-3280481963-2984573275-3818534429-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\alesh\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23117.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3280481963-2984573275-3818534429-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\alesh\AppData\Local\Kingsoft\WPS Office\11.2.0.11537\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-3280481963-2984573275-3818534429-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\alesh\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-11] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-07-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-07-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-3280481963-2984573275-3818534429-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\alesh\AppData\Local\Kingsoft\WPS Office\11.2.0.11537\office6\kwpsmenushellext64.dll [2023-05-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-3280481963-2984573275-3818534429-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\alesh\AppData\Local\Kingsoft\WPS Office\11.2.0.11537\office6\kwpsmenushellext64.dll [2023-05-04] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\alesh\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\alesh\Downloads\rkill.exe:MBAM.Zone.Identifier [219]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 19:08 - 2021-06-05 19:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\alesh\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20221201_120925490.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "eID_Client"
HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_4FCDB283A14CB28C75DDB4604D153285"
HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\StartupApproved\Run: => "Disig Web Signer"
HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_7A0FCE95082E371393BB69DD06BCA82B"
HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\StartupApproved\Run: => "PlanetVPN"
HKU\S-1-5-21-3280481963-2984573275-3818534429-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{8ADCDE3D-4121-4FF7-87A6-0671E02CAE97}C:\users\alesh\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\alesh\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{85A8335F-EB41-4761-B4B3-EF847A9E0684}C:\users\alesh\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\alesh\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{A98EEBFB-80FF-4339-9AEA-25E80C0C1BEC}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{E6BD4CDB-65DE-45AA-A822-2806C4B41327}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{08D7523A-32A4-4E88-843E-385066D74EC5}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{A9C86E5D-B3CB-4BB7-A413-96367900D796}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F670478C-25A7-4B34-B17A-8340ADED6030}] => (Allow) C:\Users\alesh\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E2F9A25C-6143-4DCA-B3D0-AA7C20E9323F}] => (Allow) C:\Users\alesh\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5188C9AA-D27B-40CB-8BEF-76816FDF3197}] => (Allow) C:\Users\alesh\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{CDFF6CE4-2A66-4ADE-85B8-7295D340700B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{984FAC97-DE72-41F8-9D4C-4DCCF8EEF98F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{772DEB0B-98FB-43BA-8CF1-88BEE369D293}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B3C0FA30-1DDE-439D-8369-26E1B4205FB9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5D398803-783B-40D3-9C67-755BBDAB718F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.82\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{981DA50B-CFBD-4330-821E-680261031134}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:930.54 GB) (Free:734.71 GB) (79%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (07/13/2023 12:24:11 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: WavesSysSvc64.exe, version: 1.31.7.0, time stamp: 0x5f8435ea
Faulting module name: WavesSysSvc64.exe, version: 1.31.7.0, time stamp: 0x5f8435ea
Exception code: 0xc0000005
Fault offset: 0x00000000000277fa
Faulting process ID: 0x0xfe4
Faulting application start time: 0x0x1d9b4e4cb116943
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_b2ae1335863dd30f\WavesSysSvc64.exe
Faulting module path: C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_b2ae1335863dd30f\WavesSysSvc64.exe
Report ID: 0d1824d1-2ea5-428c-816c-00df52593d4b
Faulting package full name:
Faulting package-relative application ID:

Error: (07/13/2023 12:15:23 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: armsvc.exe, version: 1.824.460.1047, time stamp: 0x642ba256
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x81c86660
Faulting process ID: 0x0xd94
Faulting application start time: 0x0x1d9b4e46b5b83d8
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
Faulting module path: unknown
Report ID: 6f73d9ec-5ce3-4c87-b7e6-765ece7b59f0
Faulting package full name:
Faulting package-relative application ID:

Error: (07/12/2023 10:08:30 PM) (Source: PlanetFreeVPN) (EventID: 258) (User: DESKTOP-D610VTJ)
Description: "Connection failed. Check network connection"

Error: (07/12/2023 07:03:22 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: ntdll.dll, version: 10.0.22621.1848, time stamp: 0x48d14984
Exception code: 0xc0000005
Fault offset: 0x0000000000033aba
Faulting process ID: 0x0x1634
Faulting application start time: 0x0x1d9b4b8d03300dc
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: e9aeef69-209b-42a6-89e3-5096cb6c9f8b
Faulting package full name:
Faulting package-relative application ID:

Error: (07/08/2023 10:28:58 PM) (Source: PlanetFreeVPN) (EventID: 258) (User: DESKTOP-D610VTJ)
Description: "Network unavailable"

Error: (07/05/2023 05:54:21 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program LockApp.exe version 10.0.22621.1848 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Error: (07/04/2023 07:04:19 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program StartMenuExperienceHost.exe version 10.0.22621.1635 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Error: (07/03/2023 07:50:27 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-D610VTJ)
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.22621.1, time stamp: 0x6dc5c2a5
Faulting module name: wpncore.dll, version: 10.0.22621.1778, time stamp: 0x1a7205c3
Exception code: 0xc0000005
Fault offset: 0x000000000003ef9d
Faulting process ID: 0x0x2680
Faulting application start time: 0x0x1d9adacf000563b
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\System32\wpncore.dll
Report ID: 32043274-fc11-4782-abca-7b715bbb7f63
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (07/22/2023 05:35:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Program Compatibility Assistant Service service did not respond on starting.

Error: (07/22/2023 05:34:18 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {4c197548-f8e8-4dc2-8744-bc71c42da1fa}, had event 74

Error: (07/22/2023 04:04:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMFarflt service failed to start due to the following error:
The parameter is incorrect.

Error: (07/22/2023 04:00:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NcbService service terminated with the following error:
A device attached to the system is not functioning.

Error: (07/22/2023 03:59:27 PM) (Source: Microsoft-Windows-WER-SystemErrorReporting) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x0000001a (0x0000000000041792, 0xfffff43ffaa3a548, 0x0000040000000000, 0x0000000000000000)C:\WINDOWS\Minidump\072223-64031-01.dmpa803e971-a32c-4657-9fac-3fb0bb9067bd

Error: (07/22/2023 03:58:58 PM) (Source: volmgr) (EventID: 162) (User: )
Description: Dump file generation succeded.

Error: (07/22/2023 04:00:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 15:34:01 on ‎22.‎07.‎2023 was unexpected.

Error: (07/22/2023 02:34:36 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {4c197548-f8e8-4dc2-8744-bc71c42da1fa}, had event 74

CodeIntegrity:
===============
Date: 2023-07-22 17:42:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2023-07-22 17:40:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.23.0 03/13/2023
Motherboard: Dell Inc. 0G4GH1
Processor: 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz
Percentage of memory in use: 59%
Total physical RAM: 7914.79 MB
Available physical RAM: 3196.62 MB
Total Virtual: 10474.79 MB
Available Virtual: 5379.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.54 GB) (Free:734.71 GB) (Model: WDC WD10SPZX-75Z10T3) (Protected) NTFS

\\?\Volume{cac4e0d2-b006-4fa1-a137-25c92bf6c057}\ () (Fixed) (Total:0.85 GB) (Free:0.08 GB) NTFS
\\?\Volume{ec18710b-a82e-447d-b7b8-fcd26ff1f63a}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

#2 Příspěvek od **Rudy** » 22 črc 2023 15:03

Zdravím!
Loukněte sem: https://blog.webtech360.com/cz/jak/jak- ... e/77704561 .

VIRY.CZ

Váš prohlížeč je spravován vaší organizací

Váš prohlížeč je spravován vaší organizací

Re: Váš prohlížeč je spravován vaší organizací