Prosím o kontrolu logu, naskakuje tato hláška viz. odkaz: https://uloz.to/file/grvzv1l3shVR/img-2 ... 212332-jpg
addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2021
Ran by PC1 (22-01-2021 22:48:15)
Running from C:\Users\PC1\Downloads
Windows 10 Home Version 2004 19041.508 (X64) (2020-09-01 16:15:56)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3621340843-3382866814-1888067393-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3621340843-3382866814-1888067393-503 - Limited - Disabled)
Guest (S-1-5-21-3621340843-3382866814-1888067393-501 - Limited - Disabled)
PC1 (S-1-5-21-3621340843-3382866814-1888067393-1001 - Administrator - Enabled) => C:\Users\PC1
WDAGUtilityAccount (S-1-5-21-3621340843-3382866814-1888067393-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.44.2.0_x86__kgqvnymyfvs32 [2020-09-30] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 [2020-09-25] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-24] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-14] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-20] (Microsoft Studios) [MS Ad]
Star Wars: Commander -> C:\Program Files\WindowsApps\Disney.StarWarsCommander_4.9.0.3_x86__6rarf9sa4v8jt [2017-05-10] (Disney)
Váš telefon -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20091.84.0_x64__8wekyb3d8bbwe [2020-09-25] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\PC1\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\PC1\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download
==================== Loaded Modules (Whitelisted) =============
2020-09-11 13:42 - 2020-09-11 13:42 - 000566272 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\usosvc.dll
2020-09-11 13:43 - 2020-09-11 13:43 - 003384832 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng.dll
2020-09-11 13:17 - 2020-09-05 19:21 - 001711104 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_faefa4f37613d18e\gdiplus.dll
2020-09-11 13:17 - 2020-09-05 19:00 - 001449472 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_429cdbca8a8ffa94\gdiplus.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2018-07-09 18:20 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2016-03-11 09:38 - 2016-10-02 21:50 - 000000429 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 pc.mshome.net # 2021 3 3 10 8 38 25 315
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Acer\abFiles\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PC1\Pictures\2007-04\DSCF4542.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B9F8EF43-3AD1-4556-AC82-08BD90F64216}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{7CC70521-B49B-4750-AF96-D6FA6A2D7F81}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{F2A9C531-0840-4252-A999-F729FA75E882}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{17883264-F0BC-4E87-BD21-8B8728F3EAD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{B6A67B15-3612-409E-9C60-FF871A517BC2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{CFE035C3-2741-441E-AD8A-DFF1EFBDCDFB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{2C6628DF-9D60-4113-8EEF-941D344B047C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{5D3002CA-4E67-4CF2-998A-A77C92B46CC3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{0E391492-65DB-4481-98ED-EBFD2D49BBF1}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{01FF3F81-FD40-43A6-A80F-BF23ACD5A769}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{92F45B22-EB60-4EDC-A923-1C4E2E38F9A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{6F2DB46D-3622-4C21-A8E3-E1D126FB96A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{438417F8-0160-410A-AFED-BFF44655C361}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{6E7CC2B7-C7D2-4E0F-9C3F-A31847874852}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{85CB6F12-533E-4A0A-B367-BE001655AD30}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{82D659CD-FCA4-40A0-AD76-F6FB16869E3B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{C7B6C0B1-FCC6-498B-BCFF-336349AD329B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{06D51ED3-9979-4F3D-B249-9277AC5E28C7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{01A8826E-065D-4E15-BA79-1D972E26E9CD}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{30E8ABD7-F29C-4BDA-8EA7-3CE18954E8DA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{3104E404-ABE8-4787-8D64-37DAFC793050}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{3B5E562A-6E7F-41B2-95A6-8457B445B9F1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{0BF25D37-7A6B-4E41-A12B-62590D2F2C8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{5B0A8986-CF0E-444E-9980-89AA689A5F63}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{A4EC6FD9-64A9-43A5-988C-A12CA13A67ED}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{A02A79CD-3AF3-4727-B3C6-12435CE66D7C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{A634A7B9-DC92-4733-91A5-62440209799E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{BB065535-F3C5-4A3C-9FB0-90E9F8496509}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{32364E85-BC96-4E5F-B66E-C42B64913155}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{693F7DA1-D651-42E5-97EE-8E63195D98F2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{1414C8AC-D04A-428C-8526-E809CA219532}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{B993B544-30AC-424F-9A75-3614403D2F5C}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8B0F928F-4367-46C4-8501-FA952ED8E9A6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{468C6B7A-C61D-4688-BADA-AD246073885D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CE5D1FA6-1F12-4AB9-B120-8C601104D56F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CA4DC3C4-CCDE-4E26-87E8-7C01EB39ADF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{B6594DBD-DA02-43D0-8B47-3DD99E6A6ED4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{6EFB80F9-1F50-4BB4-AD9F-97974791B473}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{80478B5E-DA53-4F5A-8090-9236D5E754DB}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{42336124-C418-4217-8000-0DDD234B24B4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2CB6ED37-9B41-4083-A7E7-9D269CBDD465}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
05-01-2021 09:45:06 Naplánovaný kontrolní bod
14-01-2021 11:55:43 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/22/2021 10:51:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.546 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 1bdc
Čas spuštění: 01d6f0f728503c57
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
ID hlášení: 7ba54bc6-b615-41be-a8ac-ab72f14ed752
Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel
Typ zablokování: Quiesce
Error: (01/22/2021 10:27:09 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.
Error: (01/22/2021 09:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LockApp.exe verze 10.0.19041.423 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 25a0
Čas spuštění: 01d6f0f955e6a3bf
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
ID hlášení: e66f6a68-5852-4c28-b30c-4de4547074ec
Úplný název balíčku s chybou: Microsoft.LockApp_10.0.19041.423_neutral__cw5n1h2txyewy
ID aplikace relativní podle balíčku s chybou: WindowsDefaultLockScreen
Typ zablokování: Navigation
Error: (01/19/2021 08:35:29 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Acer (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
Error: (01/13/2021 12:26:18 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Acer (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
Error: (01/13/2021 11:13:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_Audiosrv, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.546, časové razítko: 0x5b56177b
Kód výjimky: 0xc0000409
Posun chyby: 0x00000000000a3608
ID chybujícího procesu: 0x9ac
Čas spuštění chybující aplikace: 0x01d6e981caa43ce3
Cesta k chybující aplikaci: C:\WINDOWS\System32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 2eafefba-9b0e-4b5b-b87b-30d79d95892c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (01/12/2021 07:54:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WpnUserService, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: NotificationController.dll, verze: 10.0.19041.488, časové razítko: 0xf534a604
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000024a7b
ID chybujícího procesu: 0x1fdc
Čas spuštění chybující aplikace: 0x01d6e8afbc7e4afc
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\NotificationController.dll
ID zprávy: 30b81431-1726-4fbe-988d-ae33e496e15f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (01/07/2021 08:12:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Cortana.exe verze 2.2009.2711.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 2890
Čas spuštění: 01d6e4c46a3446e0
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2009.2711.0_x64__8wekyb3d8bbwe\Cortana.exe
ID hlášení: 3325ece5-d773-43cc-ab0d-8c040ff161e0
Úplný název balíčku s chybou: Microsoft.549981C3F5F10_2.2009.2711.0_x64__8wekyb3d8bbwe
ID aplikace relativní podle balíčku s chybou: App
Typ zablokování: Quiesce
System errors:
=============
Error: (01/22/2021 10:45:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): 2021-01 Kumulativní aktualizace pro Windows 10 Version 2004 pro systémy typu x64 (KB4598242).
Error: (01/22/2021 10:45:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): 2020-11 Aktualizace pro Windows 10 Version 2004 pro systémy typu x64 (KB4023057).
Error: (01/22/2021 10:45:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.329.2656.0).
Error: (01/22/2021 10:44:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): 2021-01, kumulativní aktualizace pro .NET Framework 3.5 a 4.8 pro Windows 10 Version 2004 pro x64 (KB4586876).
Error: (01/22/2021 10:44:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): Nástroj k odstranění škodlivého softwaru v systému Windows, verze pro procesory x64 – v5.85 (KB890830).
Error: (01/22/2021 10:39:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.329.2656.0).
Error: (01/22/2021 10:32:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.329.2654.0).
Error: (01/22/2021 10:31:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.329.2654.0).
Windows Defender:
===================================
Date: 2021-01-22 08:42:02.3360000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {0E196009-AECC-4E0A-B0F9-FC582E13EE73}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-19 20:09:02.5150000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5A1EF6D6-CB77-46CA-8926-9ED452DBC98D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-19 07:50:24.3390000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D5DCFF01-CB33-4743-AA8F-22F4984CBCD4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-17 20:17:31.2720000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BFF855DC-98B0-4923-8AD9-3EED82C7DA08}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-16 21:01:43.2290000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A6C25574-0C9B-4EA3-9FCC-0A155CA128AC}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-22 22:39:06.4320000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80004002
Popis chyby: Neznámé rozhraní
Date: 2021-01-22 22:32:55.0760000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80004002
Popis chyby: Neznámé rozhraní
Date: 2021-01-22 22:31:29.9620000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80004002
Popis chyby: Neznámé rozhraní
Date: 2021-01-22 21:50:06.2920000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80240438
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-01-22 20:55:29.1590000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80004002
Popis chyby: Neznámé rozhraní
==================== Memory info ===========================
BIOS: Insyde Corp. V1.10 12/15/2014
Motherboard: Acer Aspire ES1-512
Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 86%
Total physical RAM: 3977.98 MB
Available physical RAM: 546.48 MB
Total Virtual: 7733.88 MB
Available Virtual: 3131.07 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:449.63 GB) (Free:396.49 GB) NTFS
\\?\Volume{414dccc3-71f7-4d72-b174-4e9bcbfbbdb4}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.3 GB) NTFS
\\?\Volume{20b6bdd9-f4d3-46ad-8a0e-df9d1f7349ff}\ (Push Button Reset) (Fixed) (Total:15.13 GB) (Free:2.05 GB) NTFS
\\?\Volume{c6fbe306-b887-45be-928c-50c805635f87}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: ADAB34DE)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu - vyskakují hlasky o hrozbě.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2021
Ran by PC1 (administrator) on PC (Acer Aspire ES1-512) (22-01-2021 22:41:51)
Running from C:\Users\PC1\Downloads
Loaded Profiles: PC1
Platform: Windows 10 Home Version 2004 19041.508 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <8>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\PC1\AppData\Local\Microsoft\Teams\current\Teams.exe <8>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2009.2711.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\...\Policies\Explorer\Run: [BtvStack] => "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\PC1\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-22] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-02-24]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
Startup: C:\Users\PC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-05-06]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\PC1\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F6CBEC-ED3B-44F9-A54C-FA29852B40E3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0C5D04A1-B36E-4F9D-82C0-CA730F1DAB29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0E5967DC-6B89-46A5-8CCE-DB77EA166233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-24] (Google Inc -> Google Inc.)
Task: {19BA59BC-BF86-4515-8171-D5ABA93D6E90} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {23BADF0E-668C-4C10-90B9-AE6727B4879A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {30A1BAAF-29FE-4F7A-A761-BC65F74C1EB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-24] (Google Inc -> Google Inc.)
Task: {325E65FC-C889-4174-B70A-1BA61E32C33A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3786972A-C67A-4519-B167-082A6B690463} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {53C0C257-7B3C-43E3-91BD-72835627AF7D} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {6A2CFE04-EACF-4B3E-97A7-0240555EBACE} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {70F38D9C-851C-4337-A093-9101F931AE67} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {79FFF4F9-349F-496B-AAEC-28FEA05C5682} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {85EE7EFE-FBC8-46A1-B68C-032920DF65CB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {86BB18D0-8E2A-4B8A-94FB-650491D63458} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472928 2015-07-17] (Acer Incorporated -> Acer Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {886618AC-8186-46A3-9FD5-F7E94C532D26} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {8ED9545E-057D-4FE7-8A43-520EC7E9F671} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A73D91F0-A237-4877-A104-B762434A1062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AC295934-0929-46CE-AB3D-9BF8B2CC6DF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF3D53FA-56AF-44AB-A042-66B14F390B22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B19C90E4-E2E0-4981-9048-47C15AF39C1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9D76858-C4B4-432B-9D75-94CFB9234AB0} - \WPD\SqmUpload_S-1-5-21-3621340843-3382866814-1888067393-1001 -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D0C8AD33-F793-4C59-B277-AD0053DD9BEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D3E7A086-3886-44E3-925D-532436F4D53E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DFA9C9A0-E1DB-4D2A-8EF8-AFF10E8DD84F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software)
Task: {E128A530-E9B5-48CB-991B-30D13B013818} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E181831A-B195-47A6-A234-9BBD96111346} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E5ED99A9-BFDE-414E-8B41-A783FE6BC852} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F00C49B7-77D6-426B-A90B-EE919FC52420} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{112a3ec0-ef5e-446f-89a2-54e2798b749d}: [DhcpNameServer] 84.16.120.1 84.16.96.2
Tcpip\..\Interfaces\{f2bfa094-9f8f-4b44-8357-107c4699269f}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\PC1\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-15]
Edge StartupUrls: Default -> "hxxps://seznam.cz/"
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default [2021-01-22]
CHR Notifications: Default -> hxxps://brnensky.denik.cz; hxxps://ruvid.net; hxxps://web.skype.com; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Extension: (Prezentace) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Dokumenty) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Disk Google) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-23]
CHR Extension: (YouTube) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-12]
CHR Extension: (Vyhledávání Google) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-12]
CHR Extension: (Tabulky) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-22]
CHR Profile: C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-06-22]
CHR Profile: C:\Users\PC1\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-30]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 DoSvc; C:\WINDOWS\system32\dosvc.dll [1492480 2020-09-11] (Microsoft Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
R2 UsoSvc; C:\WINDOWS\system32\usosvc.dll [566272 2020-09-11] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuaueng.dll [3384832 2020-09-11] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated -> Acer Incorporated)
R3 MpKsl38b54861; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7EE06B8-1B26-46BE-A4A6-3D8EC661BB1B}\MpKslDrv.sys [91376 2021-01-22] (Microsoft Windows -> Microsoft Corporation)
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated -> Acer Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 22:41 - 2021-01-22 22:44 - 000015916 _____ C:\Users\PC1\Downloads\FRST.txt
2021-01-22 22:41 - 2021-01-22 22:43 - 000000000 ____D C:\FRST
2021-01-22 22:14 - 2021-01-22 22:15 - 002296320 _____ (Farbar) C:\Users\PC1\Downloads\FRST64.exe
2021-01-22 19:49 - 2021-01-22 19:49 - 000000000 ____D C:\Users\PC1\AppData\Local\mbam
2021-01-22 19:47 - 2021-01-22 19:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-22 19:45 - 2021-01-22 19:45 - 000000000 ____D C:\Program Files\Malwarebytes
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 22:46 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-22 22:43 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-22 22:28 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-22 22:09 - 2020-09-01 16:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-22 20:18 - 2015-01-17 04:53 - 000000000 ____D C:\Program Files\Booking.COM
2021-01-22 19:17 - 2016-02-24 19:36 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-22 19:17 - 2016-02-24 19:36 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-22 19:11 - 2016-01-28 05:07 - 000000000 __SHD C:\Users\PC1\IntelGraphicsProfiles
2021-01-19 16:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-18 07:18 - 2020-09-01 17:14 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-18 07:18 - 2020-09-01 17:14 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-13 14:46 - 2020-09-01 16:37 - 000000000 ____D C:\Users\PC1
2021-01-13 08:57 - 2020-09-01 17:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-13 08:57 - 2020-09-01 16:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-11 08:30 - 2020-06-06 20:47 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-11 08:30 - 2020-06-06 20:47 - 000002261 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-11 08:30 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-11 08:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-28 19:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-12-27 15:54 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
==================== Files in the root of some directories ========
2016-11-27 09:41 - 2016-11-27 09:41 - 000000000 _____ () C:\Users\PC1\AppData\Local\{533362CA-CA49-435B-8BD3-BE710345CFB6}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Ran by PC1 (administrator) on PC (Acer Aspire ES1-512) (22-01-2021 22:41:51)
Running from C:\Users\PC1\Downloads
Loaded Profiles: PC1
Platform: Windows 10 Home Version 2004 19041.508 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <8>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\PC1\AppData\Local\Microsoft\Teams\current\Teams.exe <8>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2009.2711.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\...\Policies\Explorer\Run: [BtvStack] => "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\PC1\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-22] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-02-24]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
Startup: C:\Users\PC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-05-06]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\PC1\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F6CBEC-ED3B-44F9-A54C-FA29852B40E3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0C5D04A1-B36E-4F9D-82C0-CA730F1DAB29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0E5967DC-6B89-46A5-8CCE-DB77EA166233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-24] (Google Inc -> Google Inc.)
Task: {19BA59BC-BF86-4515-8171-D5ABA93D6E90} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {23BADF0E-668C-4C10-90B9-AE6727B4879A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {30A1BAAF-29FE-4F7A-A761-BC65F74C1EB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-24] (Google Inc -> Google Inc.)
Task: {325E65FC-C889-4174-B70A-1BA61E32C33A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3786972A-C67A-4519-B167-082A6B690463} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {53C0C257-7B3C-43E3-91BD-72835627AF7D} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {6A2CFE04-EACF-4B3E-97A7-0240555EBACE} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {70F38D9C-851C-4337-A093-9101F931AE67} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {79FFF4F9-349F-496B-AAEC-28FEA05C5682} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {85EE7EFE-FBC8-46A1-B68C-032920DF65CB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {86BB18D0-8E2A-4B8A-94FB-650491D63458} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472928 2015-07-17] (Acer Incorporated -> Acer Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {886618AC-8186-46A3-9FD5-F7E94C532D26} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {8ED9545E-057D-4FE7-8A43-520EC7E9F671} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A73D91F0-A237-4877-A104-B762434A1062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AC295934-0929-46CE-AB3D-9BF8B2CC6DF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF3D53FA-56AF-44AB-A042-66B14F390B22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B19C90E4-E2E0-4981-9048-47C15AF39C1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9D76858-C4B4-432B-9D75-94CFB9234AB0} - \WPD\SqmUpload_S-1-5-21-3621340843-3382866814-1888067393-1001 -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D0C8AD33-F793-4C59-B277-AD0053DD9BEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D3E7A086-3886-44E3-925D-532436F4D53E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DFA9C9A0-E1DB-4D2A-8EF8-AFF10E8DD84F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software)
Task: {E128A530-E9B5-48CB-991B-30D13B013818} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E181831A-B195-47A6-A234-9BBD96111346} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E5ED99A9-BFDE-414E-8B41-A783FE6BC852} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F00C49B7-77D6-426B-A90B-EE919FC52420} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{112a3ec0-ef5e-446f-89a2-54e2798b749d}: [DhcpNameServer] 84.16.120.1 84.16.96.2
Tcpip\..\Interfaces\{f2bfa094-9f8f-4b44-8357-107c4699269f}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\PC1\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-15]
Edge StartupUrls: Default -> "hxxps://seznam.cz/"
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default [2021-01-22]
CHR Notifications: Default -> hxxps://brnensky.denik.cz; hxxps://ruvid.net; hxxps://web.skype.com; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Extension: (Prezentace) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Dokumenty) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Disk Google) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-23]
CHR Extension: (YouTube) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-12]
CHR Extension: (Vyhledávání Google) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-12]
CHR Extension: (Tabulky) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-22]
CHR Profile: C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-06-22]
CHR Profile: C:\Users\PC1\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-30]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 DoSvc; C:\WINDOWS\system32\dosvc.dll [1492480 2020-09-11] (Microsoft Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
R2 UsoSvc; C:\WINDOWS\system32\usosvc.dll [566272 2020-09-11] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuaueng.dll [3384832 2020-09-11] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated -> Acer Incorporated)
R3 MpKsl38b54861; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7EE06B8-1B26-46BE-A4A6-3D8EC661BB1B}\MpKslDrv.sys [91376 2021-01-22] (Microsoft Windows -> Microsoft Corporation)
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated -> Acer Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 22:41 - 2021-01-22 22:44 - 000015916 _____ C:\Users\PC1\Downloads\FRST.txt
2021-01-22 22:41 - 2021-01-22 22:43 - 000000000 ____D C:\FRST
2021-01-22 22:14 - 2021-01-22 22:15 - 002296320 _____ (Farbar) C:\Users\PC1\Downloads\FRST64.exe
2021-01-22 19:49 - 2021-01-22 19:49 - 000000000 ____D C:\Users\PC1\AppData\Local\mbam
2021-01-22 19:47 - 2021-01-22 19:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-22 19:45 - 2021-01-22 19:45 - 000000000 ____D C:\Program Files\Malwarebytes
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 22:46 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-22 22:43 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-22 22:28 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-22 22:09 - 2020-09-01 16:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-22 20:18 - 2015-01-17 04:53 - 000000000 ____D C:\Program Files\Booking.COM
2021-01-22 19:17 - 2016-02-24 19:36 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-22 19:17 - 2016-02-24 19:36 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-22 19:11 - 2016-01-28 05:07 - 000000000 __SHD C:\Users\PC1\IntelGraphicsProfiles
2021-01-19 16:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-18 07:18 - 2020-09-01 17:14 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-18 07:18 - 2020-09-01 17:14 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-13 14:46 - 2020-09-01 16:37 - 000000000 ____D C:\Users\PC1
2021-01-13 08:57 - 2020-09-01 17:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-13 08:57 - 2020-09-01 16:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-11 08:30 - 2020-06-06 20:47 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-11 08:30 - 2020-06-06 20:47 - 000002261 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-11 08:30 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-11 08:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-28 19:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-12-27 15:54 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
==================== Files in the root of some directories ========
2016-11-27 09:41 - 2016-11-27 09:41 - 000000000 _____ () C:\Users\PC1\AppData\Local\{533362CA-CA49-435B-8BD3-BE710345CFB6}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
Ahoj 
Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
- Uloz na plochu a ukonci vsetky programy
- Spusti AdwCleaner ako spravca
- Odsuhlas licencne podmienky
- Klikni na Spustit skenovani a pockaj na dokoncenie
- V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
- V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
- Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
- Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
- Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
Taky zdravím, odkaz na soft se nechce otevrit. Jine stranky se nacitaji.
Tento web není dostupnýOdpověď webu toolslib.net trvala příliš dlouho.
Zkuste:
Zkontrolovat připojení
Zkontrolovat proxy server a firewall
Spustit Diagnostiku sítě systému Windows
ERR_CONNECTION_TIMED_OUT
Tento web není dostupnýOdpověď webu toolslib.net trvala příliš dlouho.
Zkuste:
Zkontrolovat připojení
Zkontrolovat proxy server a firewall
Spustit Diagnostiku sítě systému Windows
ERR_CONNECTION_TIMED_OUT
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
Je mozne, ze mali vypadok, kazdopadne teraz by to malo fungovat. Skus este raz, a ak stale nepojde, tak skus stiahnut AdwCleaner z tohto odkazu: https://downloads.malwarebytes.com/file/adwcleaner
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-22-2021
# Duration: 00:00:14
# OS: Windows 10 Home
# Cleaned: 16
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files\Booking.com
Deleted C:\Users\Public\Pokki
***** [ Files ] *****
Deleted C:\Users\PC1\Favorites\Booking.com.url
Deleted C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
Deleted C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Classes\pokki
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.ACERAOPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BacKGround Agent
Deleted Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Deleted Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Deleted Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}
Deleted Preinstalled.AcerDocsOfficeAddIn Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DCBF3379-246B-47E1-8173-639B63940838}
Deleted Preinstalled.AcerExplorerAgent Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{978724F6-1863-4DD5-9E66-FB77F5AB5613}
Deleted Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Deleted Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3029 octets] - [22/01/2021 23:28:12]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-22-2021
# Duration: 00:00:14
# OS: Windows 10 Home
# Cleaned: 16
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files\Booking.com
Deleted C:\Users\Public\Pokki
***** [ Files ] *****
Deleted C:\Users\PC1\Favorites\Booking.com.url
Deleted C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
Deleted C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Classes\pokki
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.ACERAOPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BacKGround Agent
Deleted Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Deleted Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Deleted Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}
Deleted Preinstalled.AcerDocsOfficeAddIn Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DCBF3379-246B-47E1-8173-639B63940838}
Deleted Preinstalled.AcerExplorerAgent Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{978724F6-1863-4DD5-9E66-FB77F5AB5613}
Deleted Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Deleted Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3029 octets] - [22/01/2021 23:28:12]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-22-2021
# Duration: 00:01:06
# OS: Windows 10 Home
# Scanned: 31956
# Detected: 16
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Adware.pokki C:\Users\Public\Pokki
PUP.Optional.Booking C:\Program Files\Booking.com
***** [ Files ] *****
PUP.Optional.Booking C:\Users\PC1\Favorites\Booking.com.url
PUP.Optional.Booking C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
PUP.Optional.Booking C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
Adware.pokki HKCU\Software\Classes\pokki
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.ACERAOPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BacKGround Agent
Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}
Preinstalled.AcerDocsOfficeAddIn Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DCBF3379-246B-47E1-8173-639B63940838}
Preinstalled.AcerExplorerAgent Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}
Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{978724F6-1863-4DD5-9E66-FB77F5AB5613}
Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-22-2021
# Duration: 00:01:06
# OS: Windows 10 Home
# Scanned: 31956
# Detected: 16
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Adware.pokki C:\Users\Public\Pokki
PUP.Optional.Booking C:\Program Files\Booking.com
***** [ Files ] *****
PUP.Optional.Booking C:\Users\PC1\Favorites\Booking.com.url
PUP.Optional.Booking C:\Windows\ServiceProfiles\LocalService\Favorites\Booking.com.url
PUP.Optional.Booking C:\Windows\ServiceProfiles\NetworkService\Favorites\Booking.com.url
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
Adware.pokki HKCU\Software\Classes\pokki
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.ACERAOPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|BacKGround Agent
Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}
Preinstalled.AcerDocsOfficeAddIn Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DCBF3379-246B-47E1-8173-639B63940838}
Preinstalled.AcerExplorerAgent Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}
Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{978724F6-1863-4DD5-9E66-FB77F5AB5613}
Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
OK, poprosim nove logy z FRST. Este otazka, udeje sa nieco po kliknuti na danu hlasku (napr. otvori sa nejaka webova stranka)?
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
Pokud na to kliknu otevre se nejaka varianta na youtube v azbuce ruvid.net
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2021
Ran by PC1 (23-01-2021 00:02:17)
Running from C:\Users\PC1\Downloads
Windows 10 Home Version 2004 19041.508 (X64) (2020-09-01 16:15:56)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3621340843-3382866814-1888067393-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3621340843-3382866814-1888067393-503 - Limited - Disabled)
Guest (S-1-5-21-3621340843-3382866814-1888067393-501 - Limited - Disabled)
PC1 (S-1-5-21-3621340843-3382866814-1888067393-1001 - Administrator - Enabled) => C:\Users\PC1
WDAGUtilityAccount (S-1-5-21-3621340843-3382866814-1888067393-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.44.2.0_x86__kgqvnymyfvs32 [2020-09-30] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 [2020-09-25] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-24] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-14] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-20] (Microsoft Studios) [MS Ad]
Star Wars: Commander -> C:\Program Files\WindowsApps\Disney.StarWarsCommander_4.9.0.3_x86__6rarf9sa4v8jt [2017-05-10] (Disney)
Váš telefon -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20091.84.0_x64__8wekyb3d8bbwe [2020-09-25] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\PC1\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\PC1\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download
==================== Loaded Modules (Whitelisted) =============
2020-05-01 09:23 - 2020-05-01 09:23 - 000774656 _____ () [File not signed] [File is in use] C:\Users\PC1\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2020-05-01 09:23 - 2020-05-01 09:23 - 001184256 _____ () [File not signed] [File is in use] C:\Users\PC1\AppData\Local\Facebook\Games\CefSharp.Core.dll
2020-05-01 09:23 - 2020-05-01 09:23 - 071641088 _____ () [File not signed] C:\Users\PC1\AppData\Local\Facebook\Games\libcef.dll
2020-05-01 09:23 - 2020-05-01 09:23 - 000078848 _____ () [File not signed] C:\Users\PC1\AppData\Local\Facebook\Games\libegl.dll
2020-05-01 09:23 - 2020-05-01 09:23 - 003149824 _____ () [File not signed] C:\Users\PC1\AppData\Local\Facebook\Games\libglesv2.dll
2020-09-11 13:42 - 2020-09-11 13:42 - 000566272 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\usosvc.dll
2020-09-11 13:17 - 2020-09-05 19:21 - 001711104 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_faefa4f37613d18e\gdiplus.dll
2020-09-11 13:17 - 2020-09-05 19:00 - 001449472 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_429cdbca8a8ffa94\gdiplus.dll
2020-05-01 09:23 - 2020-05-01 09:23 - 000433664 _____ (The Chromium Authors) [File not signed] C:\Users\PC1\AppData\Local\Facebook\Games\chrome_elf.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2018-07-09 18:20 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2016-03-11 09:38 - 2016-10-02 21:50 - 000000429 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 pc.mshome.net # 2021 3 3 10 8 38 25 315
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Acer\abFiles\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PC1\Pictures\2007-04\DSCF4542.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B9F8EF43-3AD1-4556-AC82-08BD90F64216}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{7CC70521-B49B-4750-AF96-D6FA6A2D7F81}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{F2A9C531-0840-4252-A999-F729FA75E882}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{17883264-F0BC-4E87-BD21-8B8728F3EAD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{B6A67B15-3612-409E-9C60-FF871A517BC2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{CFE035C3-2741-441E-AD8A-DFF1EFBDCDFB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{2C6628DF-9D60-4113-8EEF-941D344B047C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{5D3002CA-4E67-4CF2-998A-A77C92B46CC3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{0E391492-65DB-4481-98ED-EBFD2D49BBF1}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{01FF3F81-FD40-43A6-A80F-BF23ACD5A769}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{92F45B22-EB60-4EDC-A923-1C4E2E38F9A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{6F2DB46D-3622-4C21-A8E3-E1D126FB96A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{438417F8-0160-410A-AFED-BFF44655C361}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{6E7CC2B7-C7D2-4E0F-9C3F-A31847874852}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{85CB6F12-533E-4A0A-B367-BE001655AD30}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{82D659CD-FCA4-40A0-AD76-F6FB16869E3B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{C7B6C0B1-FCC6-498B-BCFF-336349AD329B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{06D51ED3-9979-4F3D-B249-9277AC5E28C7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{01A8826E-065D-4E15-BA79-1D972E26E9CD}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{30E8ABD7-F29C-4BDA-8EA7-3CE18954E8DA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{3104E404-ABE8-4787-8D64-37DAFC793050}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{3B5E562A-6E7F-41B2-95A6-8457B445B9F1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{0BF25D37-7A6B-4E41-A12B-62590D2F2C8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{5B0A8986-CF0E-444E-9980-89AA689A5F63}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{A4EC6FD9-64A9-43A5-988C-A12CA13A67ED}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{A02A79CD-3AF3-4727-B3C6-12435CE66D7C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{A634A7B9-DC92-4733-91A5-62440209799E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{BB065535-F3C5-4A3C-9FB0-90E9F8496509}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{32364E85-BC96-4E5F-B66E-C42B64913155}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{693F7DA1-D651-42E5-97EE-8E63195D98F2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{1414C8AC-D04A-428C-8526-E809CA219532}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{B993B544-30AC-424F-9A75-3614403D2F5C}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8B0F928F-4367-46C4-8501-FA952ED8E9A6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{468C6B7A-C61D-4688-BADA-AD246073885D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CE5D1FA6-1F12-4AB9-B120-8C601104D56F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CA4DC3C4-CCDE-4E26-87E8-7C01EB39ADF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{B6594DBD-DA02-43D0-8B47-3DD99E6A6ED4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{6EFB80F9-1F50-4BB4-AD9F-97974791B473}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{80478B5E-DA53-4F5A-8090-9236D5E754DB}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{42336124-C418-4217-8000-0DDD234B24B4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2CB6ED37-9B41-4083-A7E7-9D269CBDD465}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
05-01-2021 09:45:06 Naplánovaný kontrolní bod
14-01-2021 11:55:43 Naplánovaný kontrolní bod
22-01-2021 23:30:00 AdwCleaner_BeforeCleaning_22/01/2021_23:29:59
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/22/2021 11:32:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.
Error: (01/22/2021 11:32:57 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]
Error: (01/22/2021 11:32:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.
Error: (01/22/2021 11:32:57 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]
Error: (01/22/2021 10:51:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.546 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 1bdc
Čas spuštění: 01d6f0f728503c57
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
ID hlášení: 7ba54bc6-b615-41be-a8ac-ab72f14ed752
Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel
Typ zablokování: Quiesce
Error: (01/22/2021 10:27:09 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.
Error: (01/22/2021 09:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LockApp.exe verze 10.0.19041.423 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 25a0
Čas spuštění: 01d6f0f955e6a3bf
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
ID hlášení: e66f6a68-5852-4c28-b30c-4de4547074ec
Úplný název balíčku s chybou: Microsoft.LockApp_10.0.19041.423_neutral__cw5n1h2txyewy
ID aplikace relativní podle balíčku s chybou: WindowsDefaultLockScreen
Typ zablokování: Navigation
Error: (01/19/2021 08:35:29 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Acer (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
System errors:
=============
Error: (01/22/2021 11:45:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.329.2656.0).
Error: (01/22/2021 11:32:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AtherosSvc byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/22/2021 11:32:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (01/22/2021 11:32:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) HD Graphics Control Panel Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/22/2021 11:32:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Intel(R) Capability Licensing Service Interface byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (01/22/2021 10:45:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): 2021-01 Kumulativní aktualizace pro Windows 10 Version 2004 pro systémy typu x64 (KB4598242).
Error: (01/22/2021 10:45:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): 2020-11 Aktualizace pro Windows 10 Version 2004 pro systémy typu x64 (KB4023057).
Error: (01/22/2021 10:45:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.329.2656.0).
Windows Defender:
===================================
Date: 2021-01-22 23:46:35.5990000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {4AC308AA-9AF2-40E7-A023-00050984C1FC}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-22 08:42:02.3360000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {0E196009-AECC-4E0A-B0F9-FC582E13EE73}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-19 20:09:02.5150000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5A1EF6D6-CB77-46CA-8926-9ED452DBC98D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-19 07:50:24.3390000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D5DCFF01-CB33-4743-AA8F-22F4984CBCD4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-17 20:17:31.2720000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BFF855DC-98B0-4923-8AD9-3EED82C7DA08}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-22 23:45:27.7130000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80004002
Popis chyby: Neznámé rozhraní
Date: 2021-01-22 22:39:06.4320000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80004002
Popis chyby: Neznámé rozhraní
Date: 2021-01-22 22:32:55.0760000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80004002
Popis chyby: Neznámé rozhraní
Date: 2021-01-22 22:31:29.9620000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80004002
Popis chyby: Neznámé rozhraní
Date: 2021-01-22 21:50:06.2920000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80240438
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
==================== Memory info ===========================
BIOS: Insyde Corp. V1.10 12/15/2014
Motherboard: Acer Aspire ES1-512
Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 73%
Total physical RAM: 3977.98 MB
Available physical RAM: 1047.12 MB
Total Virtual: 6025.98 MB
Available Virtual: 2313.32 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:449.63 GB) (Free:397.55 GB) NTFS
\\?\Volume{414dccc3-71f7-4d72-b174-4e9bcbfbbdb4}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.3 GB) NTFS
\\?\Volume{20b6bdd9-f4d3-46ad-8a0e-df9d1f7349ff}\ (Push Button Reset) (Fixed) (Total:15.13 GB) (Free:2.05 GB) NTFS
\\?\Volume{c6fbe306-b887-45be-928c-50c805635f87}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: ADAB34DE)
Partition: GPT.
==================== End of Addition.txt =======================
Ran by PC1 (23-01-2021 00:02:17)
Running from C:\Users\PC1\Downloads
Windows 10 Home Version 2004 19041.508 (X64) (2020-09-01 16:15:56)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3621340843-3382866814-1888067393-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3621340843-3382866814-1888067393-503 - Limited - Disabled)
Guest (S-1-5-21-3621340843-3382866814-1888067393-501 - Limited - Disabled)
PC1 (S-1-5-21-3621340843-3382866814-1888067393-1001 - Administrator - Enabled) => C:\Users\PC1
WDAGUtilityAccount (S-1-5-21-3621340843-3382866814-1888067393-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.44.2.0_x86__kgqvnymyfvs32 [2020-09-30] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 [2020-09-25] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-24] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-14] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-20] (Microsoft Studios) [MS Ad]
Star Wars: Commander -> C:\Program Files\WindowsApps\Disney.StarWarsCommander_4.9.0.3_x86__6rarf9sa4v8jt [2017-05-10] (Disney)
Váš telefon -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20091.84.0_x64__8wekyb3d8bbwe [2020-09-25] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\PC1\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\PC1\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download
==================== Loaded Modules (Whitelisted) =============
2020-05-01 09:23 - 2020-05-01 09:23 - 000774656 _____ () [File not signed] [File is in use] C:\Users\PC1\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2020-05-01 09:23 - 2020-05-01 09:23 - 001184256 _____ () [File not signed] [File is in use] C:\Users\PC1\AppData\Local\Facebook\Games\CefSharp.Core.dll
2020-05-01 09:23 - 2020-05-01 09:23 - 071641088 _____ () [File not signed] C:\Users\PC1\AppData\Local\Facebook\Games\libcef.dll
2020-05-01 09:23 - 2020-05-01 09:23 - 000078848 _____ () [File not signed] C:\Users\PC1\AppData\Local\Facebook\Games\libegl.dll
2020-05-01 09:23 - 2020-05-01 09:23 - 003149824 _____ () [File not signed] C:\Users\PC1\AppData\Local\Facebook\Games\libglesv2.dll
2020-09-11 13:42 - 2020-09-11 13:42 - 000566272 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\usosvc.dll
2020-09-11 13:17 - 2020-09-05 19:21 - 001711104 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_faefa4f37613d18e\gdiplus.dll
2020-09-11 13:17 - 2020-09-05 19:00 - 001449472 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_429cdbca8a8ffa94\gdiplus.dll
2020-05-01 09:23 - 2020-05-01 09:23 - 000433664 _____ (The Chromium Authors) [File not signed] C:\Users\PC1\AppData\Local\Facebook\Games\chrome_elf.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2018-07-09 18:20 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2016-03-11 09:38 - 2016-10-02 21:50 - 000000429 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 pc.mshome.net # 2021 3 3 10 8 38 25 315
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Acer\abFiles\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PC1\Pictures\2007-04\DSCF4542.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B9F8EF43-3AD1-4556-AC82-08BD90F64216}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{7CC70521-B49B-4750-AF96-D6FA6A2D7F81}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{F2A9C531-0840-4252-A999-F729FA75E882}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{17883264-F0BC-4E87-BD21-8B8728F3EAD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{B6A67B15-3612-409E-9C60-FF871A517BC2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{CFE035C3-2741-441E-AD8A-DFF1EFBDCDFB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{2C6628DF-9D60-4113-8EEF-941D344B047C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{5D3002CA-4E67-4CF2-998A-A77C92B46CC3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{0E391492-65DB-4481-98ED-EBFD2D49BBF1}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{01FF3F81-FD40-43A6-A80F-BF23ACD5A769}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{92F45B22-EB60-4EDC-A923-1C4E2E38F9A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{6F2DB46D-3622-4C21-A8E3-E1D126FB96A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{438417F8-0160-410A-AFED-BFF44655C361}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{6E7CC2B7-C7D2-4E0F-9C3F-A31847874852}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{85CB6F12-533E-4A0A-B367-BE001655AD30}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{82D659CD-FCA4-40A0-AD76-F6FB16869E3B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{C7B6C0B1-FCC6-498B-BCFF-336349AD329B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{06D51ED3-9979-4F3D-B249-9277AC5E28C7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{01A8826E-065D-4E15-BA79-1D972E26E9CD}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{30E8ABD7-F29C-4BDA-8EA7-3CE18954E8DA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{3104E404-ABE8-4787-8D64-37DAFC793050}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{3B5E562A-6E7F-41B2-95A6-8457B445B9F1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{0BF25D37-7A6B-4E41-A12B-62590D2F2C8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{5B0A8986-CF0E-444E-9980-89AA689A5F63}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{A4EC6FD9-64A9-43A5-988C-A12CA13A67ED}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{A02A79CD-3AF3-4727-B3C6-12435CE66D7C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{A634A7B9-DC92-4733-91A5-62440209799E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{BB065535-F3C5-4A3C-9FB0-90E9F8496509}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{32364E85-BC96-4E5F-B66E-C42B64913155}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{693F7DA1-D651-42E5-97EE-8E63195D98F2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{1414C8AC-D04A-428C-8526-E809CA219532}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{B993B544-30AC-424F-9A75-3614403D2F5C}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8B0F928F-4367-46C4-8501-FA952ED8E9A6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{468C6B7A-C61D-4688-BADA-AD246073885D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CE5D1FA6-1F12-4AB9-B120-8C601104D56F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CA4DC3C4-CCDE-4E26-87E8-7C01EB39ADF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{B6594DBD-DA02-43D0-8B47-3DD99E6A6ED4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{6EFB80F9-1F50-4BB4-AD9F-97974791B473}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{80478B5E-DA53-4F5A-8090-9236D5E754DB}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{42336124-C418-4217-8000-0DDD234B24B4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2CB6ED37-9B41-4083-A7E7-9D269CBDD465}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
05-01-2021 09:45:06 Naplánovaný kontrolní bod
14-01-2021 11:55:43 Naplánovaný kontrolní bod
22-01-2021 23:30:00 AdwCleaner_BeforeCleaning_22/01/2021_23:29:59
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/22/2021 11:32:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.
Error: (01/22/2021 11:32:57 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]
Error: (01/22/2021 11:32:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.
Error: (01/22/2021 11:32:57 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]
Error: (01/22/2021 10:51:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.546 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 1bdc
Čas spuštění: 01d6f0f728503c57
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
ID hlášení: 7ba54bc6-b615-41be-a8ac-ab72f14ed752
Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel
Typ zablokování: Quiesce
Error: (01/22/2021 10:27:09 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.
Error: (01/22/2021 09:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LockApp.exe verze 10.0.19041.423 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 25a0
Čas spuštění: 01d6f0f955e6a3bf
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
ID hlášení: e66f6a68-5852-4c28-b30c-4de4547074ec
Úplný název balíčku s chybou: Microsoft.LockApp_10.0.19041.423_neutral__cw5n1h2txyewy
ID aplikace relativní podle balíčku s chybou: WindowsDefaultLockScreen
Typ zablokování: Navigation
Error: (01/19/2021 08:35:29 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Acer (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
System errors:
=============
Error: (01/22/2021 11:45:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.329.2656.0).
Error: (01/22/2021 11:32:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AtherosSvc byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/22/2021 11:32:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (01/22/2021 11:32:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) HD Graphics Control Panel Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/22/2021 11:32:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Intel(R) Capability Licensing Service Interface byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (01/22/2021 10:45:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): 2021-01 Kumulativní aktualizace pro Windows 10 Version 2004 pro systémy typu x64 (KB4598242).
Error: (01/22/2021 10:45:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): 2020-11 Aktualizace pro Windows 10 Version 2004 pro systémy typu x64 (KB4023057).
Error: (01/22/2021 10:45:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80004002): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.329.2656.0).
Windows Defender:
===================================
Date: 2021-01-22 23:46:35.5990000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {4AC308AA-9AF2-40E7-A023-00050984C1FC}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-22 08:42:02.3360000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {0E196009-AECC-4E0A-B0F9-FC582E13EE73}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-19 20:09:02.5150000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5A1EF6D6-CB77-46CA-8926-9ED452DBC98D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-19 07:50:24.3390000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D5DCFF01-CB33-4743-AA8F-22F4984CBCD4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-17 20:17:31.2720000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BFF855DC-98B0-4923-8AD9-3EED82C7DA08}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-01-22 23:45:27.7130000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80004002
Popis chyby: Neznámé rozhraní
Date: 2021-01-22 22:39:06.4320000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80004002
Popis chyby: Neznámé rozhraní
Date: 2021-01-22 22:32:55.0760000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80004002
Popis chyby: Neznámé rozhraní
Date: 2021-01-22 22:31:29.9620000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80004002
Popis chyby: Neznámé rozhraní
Date: 2021-01-22 21:50:06.2920000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.2557.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80240438
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
==================== Memory info ===========================
BIOS: Insyde Corp. V1.10 12/15/2014
Motherboard: Acer Aspire ES1-512
Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 73%
Total physical RAM: 3977.98 MB
Available physical RAM: 1047.12 MB
Total Virtual: 6025.98 MB
Available Virtual: 2313.32 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:449.63 GB) (Free:397.55 GB) NTFS
\\?\Volume{414dccc3-71f7-4d72-b174-4e9bcbfbbdb4}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.3 GB) NTFS
\\?\Volume{20b6bdd9-f4d3-46ad-8a0e-df9d1f7349ff}\ (Push Button Reset) (Fixed) (Total:15.13 GB) (Free:2.05 GB) NTFS
\\?\Volume{c6fbe306-b887-45be-928c-50c805635f87}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: ADAB34DE)
Partition: GPT.
==================== End of Addition.txt =======================
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2021
Ran by PC1 (administrator) on PC (Acer Aspire ES1-512) (22-01-2021 23:57:10)
Running from C:\Users\PC1\Downloads
Loaded Profiles: PC1
Platform: Windows 10 Home Version 2004 19041.508 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Facebook, Inc. -> Facebook) C:\Users\PC1\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Facebook, Inc. -> The CefSharp Authors) C:\Users\PC1\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\PC1\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2009.2711.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\...\Policies\Explorer\Run: [BtvStack] => "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\PC1\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-22] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-02-24]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
Startup: C:\Users\PC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-05-06]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\PC1\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F6CBEC-ED3B-44F9-A54C-FA29852B40E3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0C5D04A1-B36E-4F9D-82C0-CA730F1DAB29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0E5967DC-6B89-46A5-8CCE-DB77EA166233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-24] (Google Inc -> Google Inc.)
Task: {19BA59BC-BF86-4515-8171-D5ABA93D6E90} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {23BADF0E-668C-4C10-90B9-AE6727B4879A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {30A1BAAF-29FE-4F7A-A761-BC65F74C1EB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-24] (Google Inc -> Google Inc.)
Task: {325E65FC-C889-4174-B70A-1BA61E32C33A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3786972A-C67A-4519-B167-082A6B690463} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {53C0C257-7B3C-43E3-91BD-72835627AF7D} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {6A2CFE04-EACF-4B3E-97A7-0240555EBACE} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {70F38D9C-851C-4337-A093-9101F931AE67} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {79FFF4F9-349F-496B-AAEC-28FEA05C5682} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {85EE7EFE-FBC8-46A1-B68C-032920DF65CB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {86BB18D0-8E2A-4B8A-94FB-650491D63458} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472928 2015-07-17] (Acer Incorporated -> Acer Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {886618AC-8186-46A3-9FD5-F7E94C532D26} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {8ED9545E-057D-4FE7-8A43-520EC7E9F671} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A73D91F0-A237-4877-A104-B762434A1062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AC295934-0929-46CE-AB3D-9BF8B2CC6DF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF3D53FA-56AF-44AB-A042-66B14F390B22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B19C90E4-E2E0-4981-9048-47C15AF39C1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9D76858-C4B4-432B-9D75-94CFB9234AB0} - \WPD\SqmUpload_S-1-5-21-3621340843-3382866814-1888067393-1001 -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D0C8AD33-F793-4C59-B277-AD0053DD9BEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D3E7A086-3886-44E3-925D-532436F4D53E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DFA9C9A0-E1DB-4D2A-8EF8-AFF10E8DD84F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software)
Task: {E128A530-E9B5-48CB-991B-30D13B013818} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E181831A-B195-47A6-A234-9BBD96111346} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E5ED99A9-BFDE-414E-8B41-A783FE6BC852} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F00C49B7-77D6-426B-A90B-EE919FC52420} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{112a3ec0-ef5e-446f-89a2-54e2798b749d}: [DhcpNameServer] 84.16.120.1 84.16.96.2
Tcpip\..\Interfaces\{f2bfa094-9f8f-4b44-8357-107c4699269f}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\PC1\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-22]
Edge StartupUrls: Default -> "hxxps://seznam.cz/"
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default [2021-01-22]
CHR Notifications: Default -> hxxps://brnensky.denik.cz; hxxps://ruvid.net; hxxps://web.skype.com; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Extension: (Prezentace) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Dokumenty) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Disk Google) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-23]
CHR Extension: (YouTube) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-12]
CHR Extension: (Vyhledávání Google) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-12]
CHR Extension: (Tabulky) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-22]
CHR Profile: C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-06-22]
CHR Profile: C:\Users\PC1\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-30]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 DoSvc; C:\WINDOWS\system32\dosvc.dll [1492480 2020-09-11] (Microsoft Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
R2 UsoSvc; C:\WINDOWS\system32\usosvc.dll [566272 2020-09-11] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuaueng.dll [3384832 2020-09-11] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated -> Acer Incorporated)
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated -> Acer Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl38b54861; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7EE06B8-1B26-46BE-A4A6-3D8EC661BB1B}\MpKslDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 23:25 - 2021-01-22 23:32 - 000000000 ____D C:\AdwCleaner
2021-01-22 23:21 - 2021-01-22 23:21 - 008447152 _____ (Malwarebytes) C:\Users\PC1\Downloads\AdwCleaner.exe
2021-01-22 22:48 - 2021-01-22 22:53 - 000031307 _____ C:\Users\PC1\Downloads\Addition.txt
2021-01-22 22:41 - 2021-01-23 00:00 - 000015424 _____ C:\Users\PC1\Downloads\FRST.txt
2021-01-22 22:41 - 2021-01-22 23:58 - 000000000 ____D C:\FRST
2021-01-22 22:14 - 2021-01-22 22:15 - 002296320 _____ (Farbar) C:\Users\PC1\Downloads\FRST64.exe
2021-01-22 19:49 - 2021-01-22 19:49 - 000000000 ____D C:\Users\PC1\AppData\Local\mbam
2021-01-22 19:47 - 2021-01-22 19:47 - 000000000 ____D C:\ProgramData\Malwarebytes
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 23:35 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-22 23:35 - 2016-01-28 05:07 - 000000000 __SHD C:\Users\PC1\IntelGraphicsProfiles
2021-01-22 23:34 - 2020-09-01 17:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-22 23:34 - 2020-09-01 16:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-22 23:33 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-22 23:32 - 2014-07-25 10:32 - 000000000 ____D C:\ProgramData\acer
2021-01-22 23:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-22 22:47 - 2020-09-01 16:55 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-22 22:47 - 2019-12-07 15:41 - 000717844 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-22 22:47 - 2019-12-07 15:41 - 000144986 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-22 22:47 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-22 22:28 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-22 22:09 - 2020-09-01 16:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-22 19:17 - 2016-02-24 19:36 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-22 19:17 - 2016-02-24 19:36 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-19 16:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-18 07:18 - 2020-09-01 17:14 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-18 07:18 - 2020-09-01 17:14 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-13 14:46 - 2020-09-01 16:37 - 000000000 ____D C:\Users\PC1
2021-01-11 08:30 - 2020-06-06 20:47 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-11 08:30 - 2020-06-06 20:47 - 000002261 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-11 08:30 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-11 08:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
==================== Files in the root of some directories ========
2016-11-27 09:41 - 2016-11-27 09:41 - 000000000 _____ () C:\Users\PC1\AppData\Local\{533362CA-CA49-435B-8BD3-BE710345CFB6}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Ran by PC1 (administrator) on PC (Acer Aspire ES1-512) (22-01-2021 23:57:10)
Running from C:\Users\PC1\Downloads
Loaded Profiles: PC1
Platform: Windows 10 Home Version 2004 19041.508 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Facebook, Inc. -> Facebook) C:\Users\PC1\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Facebook, Inc. -> The CefSharp Authors) C:\Users\PC1\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\PC1\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2009.2711.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\...\Policies\Explorer\Run: [BtvStack] => "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\PC1\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-22] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-04-29] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-02-24]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
Startup: C:\Users\PC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-05-06]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\PC1\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F6CBEC-ED3B-44F9-A54C-FA29852B40E3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0C5D04A1-B36E-4F9D-82C0-CA730F1DAB29} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0E5967DC-6B89-46A5-8CCE-DB77EA166233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-24] (Google Inc -> Google Inc.)
Task: {19BA59BC-BF86-4515-8171-D5ABA93D6E90} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {23BADF0E-668C-4C10-90B9-AE6727B4879A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {30A1BAAF-29FE-4F7A-A761-BC65F74C1EB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-24] (Google Inc -> Google Inc.)
Task: {325E65FC-C889-4174-B70A-1BA61E32C33A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3786972A-C67A-4519-B167-082A6B690463} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {53C0C257-7B3C-43E3-91BD-72835627AF7D} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {6A2CFE04-EACF-4B3E-97A7-0240555EBACE} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {70F38D9C-851C-4337-A093-9101F931AE67} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {79FFF4F9-349F-496B-AAEC-28FEA05C5682} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {85EE7EFE-FBC8-46A1-B68C-032920DF65CB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {86BB18D0-8E2A-4B8A-94FB-650491D63458} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472928 2015-07-17] (Acer Incorporated -> Acer Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {886618AC-8186-46A3-9FD5-F7E94C532D26} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {8ED9545E-057D-4FE7-8A43-520EC7E9F671} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A73D91F0-A237-4877-A104-B762434A1062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AC295934-0929-46CE-AB3D-9BF8B2CC6DF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF3D53FA-56AF-44AB-A042-66B14F390B22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B19C90E4-E2E0-4981-9048-47C15AF39C1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9D76858-C4B4-432B-9D75-94CFB9234AB0} - \WPD\SqmUpload_S-1-5-21-3621340843-3382866814-1888067393-1001 -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D0C8AD33-F793-4C59-B277-AD0053DD9BEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D3E7A086-3886-44E3-925D-532436F4D53E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DFA9C9A0-E1DB-4D2A-8EF8-AFF10E8DD84F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software)
Task: {E128A530-E9B5-48CB-991B-30D13B013818} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E181831A-B195-47A6-A234-9BBD96111346} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E5ED99A9-BFDE-414E-8B41-A783FE6BC852} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F00C49B7-77D6-426B-A90B-EE919FC52420} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{112a3ec0-ef5e-446f-89a2-54e2798b749d}: [DhcpNameServer] 84.16.120.1 84.16.96.2
Tcpip\..\Interfaces\{f2bfa094-9f8f-4b44-8357-107c4699269f}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\PC1\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-22]
Edge StartupUrls: Default -> "hxxps://seznam.cz/"
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default [2021-01-22]
CHR Notifications: Default -> hxxps://brnensky.denik.cz; hxxps://ruvid.net; hxxps://web.skype.com; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Extension: (Prezentace) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Dokumenty) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Disk Google) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-23]
CHR Extension: (YouTube) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-12]
CHR Extension: (Vyhledávání Google) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-12]
CHR Extension: (Tabulky) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-22]
CHR Profile: C:\Users\PC1\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-06-22]
CHR Profile: C:\Users\PC1\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-30]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 DoSvc; C:\WINDOWS\system32\dosvc.dll [1492480 2020-09-11] (Microsoft Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
R2 UsoSvc; C:\WINDOWS\system32\usosvc.dll [566272 2020-09-11] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuaueng.dll [3384832 2020-09-11] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated -> Acer Incorporated)
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated -> Acer Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl38b54861; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7EE06B8-1B26-46BE-A4A6-3D8EC661BB1B}\MpKslDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 23:25 - 2021-01-22 23:32 - 000000000 ____D C:\AdwCleaner
2021-01-22 23:21 - 2021-01-22 23:21 - 008447152 _____ (Malwarebytes) C:\Users\PC1\Downloads\AdwCleaner.exe
2021-01-22 22:48 - 2021-01-22 22:53 - 000031307 _____ C:\Users\PC1\Downloads\Addition.txt
2021-01-22 22:41 - 2021-01-23 00:00 - 000015424 _____ C:\Users\PC1\Downloads\FRST.txt
2021-01-22 22:41 - 2021-01-22 23:58 - 000000000 ____D C:\FRST
2021-01-22 22:14 - 2021-01-22 22:15 - 002296320 _____ (Farbar) C:\Users\PC1\Downloads\FRST64.exe
2021-01-22 19:49 - 2021-01-22 19:49 - 000000000 ____D C:\Users\PC1\AppData\Local\mbam
2021-01-22 19:47 - 2021-01-22 19:47 - 000000000 ____D C:\ProgramData\Malwarebytes
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-22 23:35 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-22 23:35 - 2016-01-28 05:07 - 000000000 __SHD C:\Users\PC1\IntelGraphicsProfiles
2021-01-22 23:34 - 2020-09-01 17:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-22 23:34 - 2020-09-01 16:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-22 23:33 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-22 23:32 - 2014-07-25 10:32 - 000000000 ____D C:\ProgramData\acer
2021-01-22 23:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-22 22:47 - 2020-09-01 16:55 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-22 22:47 - 2019-12-07 15:41 - 000717844 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-22 22:47 - 2019-12-07 15:41 - 000144986 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-22 22:47 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-22 22:28 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-22 22:09 - 2020-09-01 16:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-22 19:17 - 2016-02-24 19:36 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-22 19:17 - 2016-02-24 19:36 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-19 16:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-18 07:18 - 2020-09-01 17:14 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-18 07:18 - 2020-09-01 17:14 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-13 14:46 - 2020-09-01 16:37 - 000000000 ____D C:\Users\PC1
2021-01-11 08:30 - 2020-06-06 20:47 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-11 08:30 - 2020-06-06 20:47 - 000002261 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-11 08:30 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-11 08:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
==================== Files in the root of some directories ========
2016-11-27 09:41 - 2016-11-27 09:41 - 000000000 _____ () C:\Users\PC1\AppData\Local\{533362CA-CA49-435B-8BD3-BE710345CFB6}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
Otvor poznamkovy blok (Win+R -> notepad -> enter)
- Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:
Kód: Vybrat vše
Start CloseProcesses: CreateRestorePoint: PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum CMD: dsregcmd /status HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-02-24] ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) Task: {03F6CBEC-ED3B-44F9-A54C-FA29852B40E3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {19BA59BC-BF86-4515-8171-D5ABA93D6E90} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {23BADF0E-668C-4C10-90B9-AE6727B4879A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {3786972A-C67A-4519-B167-082A6B690463} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {79FFF4F9-349F-496B-AAEC-28FEA05C5682} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {85EE7EFE-FBC8-46A1-B68C-032920DF65CB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {8ED9545E-057D-4FE7-8A43-520EC7E9F671} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {A73D91F0-A237-4877-A104-B762434A1062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {B19C90E4-E2E0-4981-9048-47C15AF39C1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {B9D76858-C4B4-432B-9D75-94CFB9234AB0} - \WPD\SqmUpload_S-1-5-21-3621340843-3382866814-1888067393-1001 -> No File <==== ATTENTION Task: {D0C8AD33-F793-4C59-B277-AD0053DD9BEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {E128A530-E9B5-48CB-991B-30D13B013818} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {E181831A-B195-47A6-A234-9BBD96111346} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {E5ED99A9-BFDE-414E-8B41-A783FE6BC852} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION CHR Notifications: Default -> hxxps://brnensky.denik.cz; hxxps://ruvid.net; hxxps://web.skype.com; hxxps://www.facebook.com S3 MpKsl38b54861; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7EE06B8-1B26-46BE-A4A6-3D8EC661BB1B}\MpKslDrv.sys [X] 2016-11-27 09:41 - 2016-11-27 09:41 - 000000000 _____ () C:\Users\PC1\AppData\Local\{533362CA-CA49-435B-8BD3-BE710345CFB6} CustomCLSID: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\PC1\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File FirewallRules: [{B9F8EF43-3AD1-4556-AC82-08BD90F64216}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File FirewallRules: [{7CC70521-B49B-4750-AF96-D6FA6A2D7F81}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File FirewallRules: [{F2A9C531-0840-4252-A999-F729FA75E882}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File FirewallRules: [{17883264-F0BC-4E87-BD21-8B8728F3EAD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File FirewallRules: [{B6A67B15-3612-409E-9C60-FF871A517BC2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File FirewallRules: [{CFE035C3-2741-441E-AD8A-DFF1EFBDCDFB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File FirewallRules: [{2C6628DF-9D60-4113-8EEF-941D344B047C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File FirewallRules: [{5D3002CA-4E67-4CF2-998A-A77C92B46CC3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File FirewallRules: [{0E391492-65DB-4481-98ED-EBFD2D49BBF1}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File FirewallRules: [{01FF3F81-FD40-43A6-A80F-BF23ACD5A769}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File FirewallRules: [{92F45B22-EB60-4EDC-A923-1C4E2E38F9A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File FirewallRules: [{6F2DB46D-3622-4C21-A8E3-E1D126FB96A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File FirewallRules: [{438417F8-0160-410A-AFED-BFF44655C361}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File FirewallRules: [{6E7CC2B7-C7D2-4E0F-9C3F-A31847874852}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File FirewallRules: [{85CB6F12-533E-4A0A-B367-BE001655AD30}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File FirewallRules: [{82D659CD-FCA4-40A0-AD76-F6FB16869E3B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File FirewallRules: [{C7B6C0B1-FCC6-498B-BCFF-336349AD329B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File FirewallRules: [{06D51ED3-9979-4F3D-B249-9277AC5E28C7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File FirewallRules: [{01A8826E-065D-4E15-BA79-1D972E26E9CD}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File FirewallRules: [{30E8ABD7-F29C-4BDA-8EA7-3CE18954E8DA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File FirewallRules: [{3104E404-ABE8-4787-8D64-37DAFC793050}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File FirewallRules: [{3B5E562A-6E7F-41B2-95A6-8457B445B9F1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File FirewallRules: [{0BF25D37-7A6B-4E41-A12B-62590D2F2C8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File FirewallRules: [{5B0A8986-CF0E-444E-9980-89AA689A5F63}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File FirewallRules: [{A4EC6FD9-64A9-43A5-988C-A12CA13A67ED}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File FirewallRules: [{A02A79CD-3AF3-4727-B3C6-12435CE66D7C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File FirewallRules: [{A634A7B9-DC92-4733-91A5-62440209799E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File FirewallRules: [{BB065535-F3C5-4A3C-9FB0-90E9F8496509}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File FirewallRules: [{32364E85-BC96-4E5F-B66E-C42B64913155}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File FirewallRules: [{693F7DA1-D651-42E5-97EE-8E63195D98F2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File FirewallRules: [{1414C8AC-D04A-428C-8526-E809CA219532}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File FirewallRules: [TCP Query User{B6594DBD-DA02-43D0-8B47-3DD99E6A6ED4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{6EFB80F9-1F50-4BB4-AD9F-97974791B473}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{80478B5E-DA53-4F5A-8090-9236D5E754DB}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{42336124-C418-4217-8000-0DDD234B24B4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) EmptyTemp: End - Uloz na plochu s nazvom fixlist.txt
- Spusti znovu FRST a klikni na Fix
- Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
- Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2021
Ran by PC1 (23-01-2021 01:11:12) Run:1
Running from C:\Users\PC1\Desktop
Loaded Profiles: PC1
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
CMD: dsregcmd /status
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-02-24]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
Task: {03F6CBEC-ED3B-44F9-A54C-FA29852B40E3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {19BA59BC-BF86-4515-8171-D5ABA93D6E90} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {23BADF0E-668C-4C10-90B9-AE6727B4879A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3786972A-C67A-4519-B167-082A6B690463} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {79FFF4F9-349F-496B-AAEC-28FEA05C5682} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {85EE7EFE-FBC8-46A1-B68C-032920DF65CB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8ED9545E-057D-4FE7-8A43-520EC7E9F671} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A73D91F0-A237-4877-A104-B762434A1062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B19C90E4-E2E0-4981-9048-47C15AF39C1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9D76858-C4B4-432B-9D75-94CFB9234AB0} - \WPD\SqmUpload_S-1-5-21-3621340843-3382866814-1888067393-1001 -> No File <==== ATTENTION
Task: {D0C8AD33-F793-4C59-B277-AD0053DD9BEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E128A530-E9B5-48CB-991B-30D13B013818} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E181831A-B195-47A6-A234-9BBD96111346} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E5ED99A9-BFDE-414E-8B41-A783FE6BC852} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
CHR Notifications: Default -> hxxps://brnensky.denik.cz; hxxps://ruvid.net; hxxps://web.skype.com; hxxps://www.facebook.com
S3 MpKsl38b54861; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7EE06B8-1B26-46BE-A4A6-3D8EC661BB1B}\MpKslDrv.sys [X]
2016-11-27 09:41 - 2016-11-27 09:41 - 000000000 _____ () C:\Users\PC1\AppData\Local\{533362CA-CA49-435B-8BD3-BE710345CFB6}
CustomCLSID: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\PC1\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{B9F8EF43-3AD1-4556-AC82-08BD90F64216}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{7CC70521-B49B-4750-AF96-D6FA6A2D7F81}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{F2A9C531-0840-4252-A999-F729FA75E882}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{17883264-F0BC-4E87-BD21-8B8728F3EAD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{B6A67B15-3612-409E-9C60-FF871A517BC2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{CFE035C3-2741-441E-AD8A-DFF1EFBDCDFB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{2C6628DF-9D60-4113-8EEF-941D344B047C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{5D3002CA-4E67-4CF2-998A-A77C92B46CC3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{0E391492-65DB-4481-98ED-EBFD2D49BBF1}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{01FF3F81-FD40-43A6-A80F-BF23ACD5A769}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{92F45B22-EB60-4EDC-A923-1C4E2E38F9A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{6F2DB46D-3622-4C21-A8E3-E1D126FB96A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{438417F8-0160-410A-AFED-BFF44655C361}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{6E7CC2B7-C7D2-4E0F-9C3F-A31847874852}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{85CB6F12-533E-4A0A-B367-BE001655AD30}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{82D659CD-FCA4-40A0-AD76-F6FB16869E3B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{C7B6C0B1-FCC6-498B-BCFF-336349AD329B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{06D51ED3-9979-4F3D-B249-9277AC5E28C7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{01A8826E-065D-4E15-BA79-1D972E26E9CD}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{30E8ABD7-F29C-4BDA-8EA7-3CE18954E8DA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{3104E404-ABE8-4787-8D64-37DAFC793050}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{3B5E562A-6E7F-41B2-95A6-8457B445B9F1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{0BF25D37-7A6B-4E41-A12B-62590D2F2C8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{5B0A8986-CF0E-444E-9980-89AA689A5F63}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{A4EC6FD9-64A9-43A5-988C-A12CA13A67ED}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{A02A79CD-3AF3-4727-B3C6-12435CE66D7C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{A634A7B9-DC92-4733-91A5-62440209799E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{BB065535-F3C5-4A3C-9FB0-90E9F8496509}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{32364E85-BC96-4E5F-B66E-C42B64913155}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{693F7DA1-D651-42E5-97EE-8E63195D98F2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{1414C8AC-D04A-428C-8526-E809CA219532}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [TCP Query User{B6594DBD-DA02-43D0-8B47-3DD99E6A6ED4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{6EFB80F9-1F50-4BB4-AD9F-97974791B473}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{80478B5E-DA53-4F5A-8090-9236D5E754DB}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{42336124-C418-4217-8000-0DDD234B24B4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========
Count : 9
Average :
Sum : 2343487
Maximum :
Minimum :
Property : Length
========= End of Powershell: =========
========= dsregcmd /status =========
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : NO
Device Name : pc
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO
+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+
Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+
Access Type : DIRECT
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : NO
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision
For more information, please visit https://www.microsoft.com/aadjerrors
========= End of CMD: =========
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk => moved successfully
"ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03F6CBEC-ED3B-44F9-A54C-FA29852B40E3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03F6CBEC-ED3B-44F9-A54C-FA29852B40E3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19BA59BC-BF86-4515-8171-D5ABA93D6E90}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19BA59BC-BF86-4515-8171-D5ABA93D6E90}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23BADF0E-668C-4C10-90B9-AE6727B4879A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23BADF0E-668C-4C10-90B9-AE6727B4879A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3786972A-C67A-4519-B167-082A6B690463}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3786972A-C67A-4519-B167-082A6B690463}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79FFF4F9-349F-496B-AAEC-28FEA05C5682}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79FFF4F9-349F-496B-AAEC-28FEA05C5682}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85EE7EFE-FBC8-46A1-B68C-032920DF65CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85EE7EFE-FBC8-46A1-B68C-032920DF65CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8ED9545E-057D-4FE7-8A43-520EC7E9F671}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ED9545E-057D-4FE7-8A43-520EC7E9F671}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A73D91F0-A237-4877-A104-B762434A1062}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A73D91F0-A237-4877-A104-B762434A1062}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B19C90E4-E2E0-4981-9048-47C15AF39C1C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B19C90E4-E2E0-4981-9048-47C15AF39C1C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9D76858-C4B4-432B-9D75-94CFB9234AB0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9D76858-C4B4-432B-9D75-94CFB9234AB0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3621340843-3382866814-1888067393-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0C8AD33-F793-4C59-B277-AD0053DD9BEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0C8AD33-F793-4C59-B277-AD0053DD9BEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E128A530-E9B5-48CB-991B-30D13B013818}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E128A530-E9B5-48CB-991B-30D13B013818}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E181831A-B195-47A6-A234-9BBD96111346}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E181831A-B195-47A6-A234-9BBD96111346}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5ED99A9-BFDE-414E-8B41-A783FE6BC852}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5ED99A9-BFDE-414E-8B41-A783FE6BC852}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"Chrome Notifications" => removed successfully
MpKsl38b54861 => service not found.
C:\Users\PC1\AppData\Local\{533362CA-CA49-435B-8BD3-BE710345CFB6} => moved successfully
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9F8EF43-3AD1-4556-AC82-08BD90F64216}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CC70521-B49B-4750-AF96-D6FA6A2D7F81}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2A9C531-0840-4252-A999-F729FA75E882}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17883264-F0BC-4E87-BD21-8B8728F3EAD3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6A67B15-3612-409E-9C60-FF871A517BC2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CFE035C3-2741-441E-AD8A-DFF1EFBDCDFB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C6628DF-9D60-4113-8EEF-941D344B047C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D3002CA-4E67-4CF2-998A-A77C92B46CC3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E391492-65DB-4481-98ED-EBFD2D49BBF1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01FF3F81-FD40-43A6-A80F-BF23ACD5A769}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92F45B22-EB60-4EDC-A923-1C4E2E38F9A9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F2DB46D-3622-4C21-A8E3-E1D126FB96A0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{438417F8-0160-410A-AFED-BFF44655C361}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E7CC2B7-C7D2-4E0F-9C3F-A31847874852}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85CB6F12-533E-4A0A-B367-BE001655AD30}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82D659CD-FCA4-40A0-AD76-F6FB16869E3B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7B6C0B1-FCC6-498B-BCFF-336349AD329B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06D51ED3-9979-4F3D-B249-9277AC5E28C7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01A8826E-065D-4E15-BA79-1D972E26E9CD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30E8ABD7-F29C-4BDA-8EA7-3CE18954E8DA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3104E404-ABE8-4787-8D64-37DAFC793050}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B5E562A-6E7F-41B2-95A6-8457B445B9F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0BF25D37-7A6B-4E41-A12B-62590D2F2C8F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B0A8986-CF0E-444E-9980-89AA689A5F63}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4EC6FD9-64A9-43A5-988C-A12CA13A67ED}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A02A79CD-3AF3-4727-B3C6-12435CE66D7C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A634A7B9-DC92-4733-91A5-62440209799E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB065535-F3C5-4A3C-9FB0-90E9F8496509}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32364E85-BC96-4E5F-B66E-C42B64913155}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{693F7DA1-D651-42E5-97EE-8E63195D98F2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1414C8AC-D04A-428C-8526-E809CA219532}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B6594DBD-DA02-43D0-8B47-3DD99E6A6ED4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6EFB80F9-1F50-4BB4-AD9F-97974791B473}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{80478B5E-DA53-4F5A-8090-9236D5E754DB}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{42336124-C418-4217-8000-0DDD234B24B4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 17850368 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 208156128 B
Java, Flash, Steam htmlcache => 6779 B
Windows/system/drivers => 2070591 B
Edge => 5119688 B
Chrome => 1335565143 B
Brave => 0 B
Vivaldi => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 16854 B
NetworkService => 12501174 B
PC1 => 33624870 B
RecycleBin => 1684669759 B
EmptyTemp: => 3.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 01:20:17 ====
Ran by PC1 (23-01-2021 01:11:12) Run:1
Running from C:\Users\PC1\Desktop
Loaded Profiles: PC1
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
CMD: dsregcmd /status
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-02-24]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
Task: {03F6CBEC-ED3B-44F9-A54C-FA29852B40E3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {19BA59BC-BF86-4515-8171-D5ABA93D6E90} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {23BADF0E-668C-4C10-90B9-AE6727B4879A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3786972A-C67A-4519-B167-082A6B690463} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {79FFF4F9-349F-496B-AAEC-28FEA05C5682} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {85EE7EFE-FBC8-46A1-B68C-032920DF65CB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8ED9545E-057D-4FE7-8A43-520EC7E9F671} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A73D91F0-A237-4877-A104-B762434A1062} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B19C90E4-E2E0-4981-9048-47C15AF39C1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9D76858-C4B4-432B-9D75-94CFB9234AB0} - \WPD\SqmUpload_S-1-5-21-3621340843-3382866814-1888067393-1001 -> No File <==== ATTENTION
Task: {D0C8AD33-F793-4C59-B277-AD0053DD9BEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E128A530-E9B5-48CB-991B-30D13B013818} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E181831A-B195-47A6-A234-9BBD96111346} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E5ED99A9-BFDE-414E-8B41-A783FE6BC852} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
CHR Notifications: Default -> hxxps://brnensky.denik.cz; hxxps://ruvid.net; hxxps://web.skype.com; hxxps://www.facebook.com
S3 MpKsl38b54861; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7EE06B8-1B26-46BE-A4A6-3D8EC661BB1B}\MpKslDrv.sys [X]
2016-11-27 09:41 - 2016-11-27 09:41 - 000000000 _____ () C:\Users\PC1\AppData\Local\{533362CA-CA49-435B-8BD3-BE710345CFB6}
CustomCLSID: HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\PC1\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{B9F8EF43-3AD1-4556-AC82-08BD90F64216}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{7CC70521-B49B-4750-AF96-D6FA6A2D7F81}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{F2A9C531-0840-4252-A999-F729FA75E882}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{17883264-F0BC-4E87-BD21-8B8728F3EAD3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{B6A67B15-3612-409E-9C60-FF871A517BC2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{CFE035C3-2741-441E-AD8A-DFF1EFBDCDFB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{2C6628DF-9D60-4113-8EEF-941D344B047C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{5D3002CA-4E67-4CF2-998A-A77C92B46CC3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{0E391492-65DB-4481-98ED-EBFD2D49BBF1}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{01FF3F81-FD40-43A6-A80F-BF23ACD5A769}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{92F45B22-EB60-4EDC-A923-1C4E2E38F9A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{6F2DB46D-3622-4C21-A8E3-E1D126FB96A0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{438417F8-0160-410A-AFED-BFF44655C361}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{6E7CC2B7-C7D2-4E0F-9C3F-A31847874852}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{85CB6F12-533E-4A0A-B367-BE001655AD30}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{82D659CD-FCA4-40A0-AD76-F6FB16869E3B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe => No File
FirewallRules: [{C7B6C0B1-FCC6-498B-BCFF-336349AD329B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{06D51ED3-9979-4F3D-B249-9277AC5E28C7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe => No File
FirewallRules: [{01A8826E-065D-4E15-BA79-1D972E26E9CD}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{30E8ABD7-F29C-4BDA-8EA7-3CE18954E8DA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{3104E404-ABE8-4787-8D64-37DAFC793050}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{3B5E562A-6E7F-41B2-95A6-8457B445B9F1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{0BF25D37-7A6B-4E41-A12B-62590D2F2C8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{5B0A8986-CF0E-444E-9980-89AA689A5F63}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{A4EC6FD9-64A9-43A5-988C-A12CA13A67ED}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{A02A79CD-3AF3-4727-B3C6-12435CE66D7C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{A634A7B9-DC92-4733-91A5-62440209799E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{BB065535-F3C5-4A3C-9FB0-90E9F8496509}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{32364E85-BC96-4E5F-B66E-C42B64913155}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe => No File
FirewallRules: [{693F7DA1-D651-42E5-97EE-8E63195D98F2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [{1414C8AC-D04A-428C-8526-E809CA219532}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe => No File
FirewallRules: [TCP Query User{B6594DBD-DA02-43D0-8B47-3DD99E6A6ED4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{6EFB80F9-1F50-4BB4-AD9F-97974791B473}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{80478B5E-DA53-4F5A-8090-9236D5E754DB}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{42336124-C418-4217-8000-0DDD234B24B4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========
Count : 9
Average :
Sum : 2343487
Maximum :
Minimum :
Property : Length
========= End of Powershell: =========
========= dsregcmd /status =========
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : NO
Device Name : pc
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO
+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+
Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+
Access Type : DIRECT
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : NO
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision
For more information, please visit https://www.microsoft.com/aadjerrors
========= End of CMD: =========
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk => moved successfully
"ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03F6CBEC-ED3B-44F9-A54C-FA29852B40E3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03F6CBEC-ED3B-44F9-A54C-FA29852B40E3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19BA59BC-BF86-4515-8171-D5ABA93D6E90}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19BA59BC-BF86-4515-8171-D5ABA93D6E90}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23BADF0E-668C-4C10-90B9-AE6727B4879A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23BADF0E-668C-4C10-90B9-AE6727B4879A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3786972A-C67A-4519-B167-082A6B690463}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3786972A-C67A-4519-B167-082A6B690463}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79FFF4F9-349F-496B-AAEC-28FEA05C5682}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79FFF4F9-349F-496B-AAEC-28FEA05C5682}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85EE7EFE-FBC8-46A1-B68C-032920DF65CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85EE7EFE-FBC8-46A1-B68C-032920DF65CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8ED9545E-057D-4FE7-8A43-520EC7E9F671}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ED9545E-057D-4FE7-8A43-520EC7E9F671}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A73D91F0-A237-4877-A104-B762434A1062}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A73D91F0-A237-4877-A104-B762434A1062}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B19C90E4-E2E0-4981-9048-47C15AF39C1C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B19C90E4-E2E0-4981-9048-47C15AF39C1C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9D76858-C4B4-432B-9D75-94CFB9234AB0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9D76858-C4B4-432B-9D75-94CFB9234AB0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3621340843-3382866814-1888067393-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0C8AD33-F793-4C59-B277-AD0053DD9BEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0C8AD33-F793-4C59-B277-AD0053DD9BEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E128A530-E9B5-48CB-991B-30D13B013818}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E128A530-E9B5-48CB-991B-30D13B013818}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E181831A-B195-47A6-A234-9BBD96111346}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E181831A-B195-47A6-A234-9BBD96111346}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5ED99A9-BFDE-414E-8B41-A783FE6BC852}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5ED99A9-BFDE-414E-8B41-A783FE6BC852}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"Chrome Notifications" => removed successfully
MpKsl38b54861 => service not found.
C:\Users\PC1\AppData\Local\{533362CA-CA49-435B-8BD3-BE710345CFB6} => moved successfully
HKU\S-1-5-21-3621340843-3382866814-1888067393-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9F8EF43-3AD1-4556-AC82-08BD90F64216}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CC70521-B49B-4750-AF96-D6FA6A2D7F81}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2A9C531-0840-4252-A999-F729FA75E882}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17883264-F0BC-4E87-BD21-8B8728F3EAD3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6A67B15-3612-409E-9C60-FF871A517BC2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CFE035C3-2741-441E-AD8A-DFF1EFBDCDFB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C6628DF-9D60-4113-8EEF-941D344B047C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D3002CA-4E67-4CF2-998A-A77C92B46CC3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E391492-65DB-4481-98ED-EBFD2D49BBF1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01FF3F81-FD40-43A6-A80F-BF23ACD5A769}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92F45B22-EB60-4EDC-A923-1C4E2E38F9A9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F2DB46D-3622-4C21-A8E3-E1D126FB96A0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{438417F8-0160-410A-AFED-BFF44655C361}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E7CC2B7-C7D2-4E0F-9C3F-A31847874852}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85CB6F12-533E-4A0A-B367-BE001655AD30}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82D659CD-FCA4-40A0-AD76-F6FB16869E3B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7B6C0B1-FCC6-498B-BCFF-336349AD329B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06D51ED3-9979-4F3D-B249-9277AC5E28C7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01A8826E-065D-4E15-BA79-1D972E26E9CD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30E8ABD7-F29C-4BDA-8EA7-3CE18954E8DA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3104E404-ABE8-4787-8D64-37DAFC793050}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B5E562A-6E7F-41B2-95A6-8457B445B9F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0BF25D37-7A6B-4E41-A12B-62590D2F2C8F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B0A8986-CF0E-444E-9980-89AA689A5F63}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4EC6FD9-64A9-43A5-988C-A12CA13A67ED}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A02A79CD-3AF3-4727-B3C6-12435CE66D7C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A634A7B9-DC92-4733-91A5-62440209799E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB065535-F3C5-4A3C-9FB0-90E9F8496509}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32364E85-BC96-4E5F-B66E-C42B64913155}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{693F7DA1-D651-42E5-97EE-8E63195D98F2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1414C8AC-D04A-428C-8526-E809CA219532}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B6594DBD-DA02-43D0-8B47-3DD99E6A6ED4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6EFB80F9-1F50-4BB4-AD9F-97974791B473}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{80478B5E-DA53-4F5A-8090-9236D5E754DB}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{42336124-C418-4217-8000-0DDD234B24B4}C:\users\pc1\appdata\local\microsoft\teams\current\teams.exe" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 17850368 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 208156128 B
Java, Flash, Steam htmlcache => 6779 B
Windows/system/drivers => 2070591 B
Edge => 5119688 B
Chrome => 1335565143 B
Brave => 0 B
Vivaldi => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 16854 B
NetworkService => 12501174 B
PC1 => 33624870 B
RecycleBin => 1684669759 B
EmptyTemp: => 3.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 01:20:17 ====
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
Ako to vyzera s PC? Nastala nejaka zmena?
Problem s tymito hlaskami by mal byt odstraneny. Podla vsetkeho islo o Chrome notifikacie z pomerne pochybnej stranky ruvid.net, kedze tato stranka mala (v Chrome) povolene zasielaie notifikacii. Predchadzajucim krokom sa povolenia na zasielanie notifikacii v Chrome vycistili, takze uz by sa uz nemali objavovat.
Podla logov boli mali predtym notifikacie povolene aj tieto stranky - https://brnensky.denik.cz; https://web.skype.com; https://www.facebook.com - ak z tychto stranok chces mat nadalej povolene notifikacie, treba ich znovu povolit alebo tieto stranky rucne pridat na zoznam stranok s povolenymi notifikaciami (Chrome -> Nastavenia -> Nastavenia webu -> Upozornenia (alebo Oznameni v cestine) -> v casti Povolit klikni na Pridat).
Problem s tymito hlaskami by mal byt odstraneny. Podla vsetkeho islo o Chrome notifikacie z pomerne pochybnej stranky ruvid.net, kedze tato stranka mala (v Chrome) povolene zasielaie notifikacii. Predchadzajucim krokom sa povolenia na zasielanie notifikacii v Chrome vycistili, takze uz by sa uz nemali objavovat.
Podla logov boli mali predtym notifikacie povolene aj tieto stranky - https://brnensky.denik.cz; https://web.skype.com; https://www.facebook.com - ak z tychto stranok chces mat nadalej povolene notifikacie, treba ich znovu povolit alebo tieto stranky rucne pridat na zoznam stranok s povolenymi notifikaciami (Chrome -> Nastavenia -> Nastavenia webu -> Upozornenia (alebo Oznameni v cestine) -> v casti Povolit klikni na Pridat).
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Prosím o kontrolu - vyskakují hlasky o hrozbě.
Děkuji, za opravu. Jiz se chiva standardně.
Přispějete na provoz fóra?