VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Poshukach

https://forum.viry.cz:443/viewtopic.php?t=158517

Stránka 1 z 1

Poshukach

Napsal: 28 led 2022 14:13
od sok1
Dobrý den,
přítelkyni se dostala do PC tahle potvora prosíme o pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-01-2022
Ran by Elisk (administrator) on DESKTOP-C29UHKI (HP HP ENVY x360 Convertible 13-ar0xxx) (28-01-2022 14:09:49)
Running from C:\Users\Elisk\Desktop
Loaded Profiles: Elisk
Platform: Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_54a828a51f6769c8\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\BridgeCommunication.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\SysInfoCap.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7b66b6662cf6d72b\RtkAudUService64.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7b66b6662cf6d72b\RtkAudUService64.exe [1211696 2021-02-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EzTiltPenSrvc] => C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe [238280 2019-04-22] (ELAN Microelectronics Corporation -> ELAN) [File not signed]
HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-04-18] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [122427152 2021-07-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2593128 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Elisk\AppData\Local\Microsoft\Teams\Update.exe [2459304 2022-01-14] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-20] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {105D676A-D551-4274-81E7-97AC52E4FD87} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {109B5047-B3E3-426E-A9B7-7A9749716854} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {1949073A-8FDA-4EA4-8E59-407CDB02440F} - \Microsoft\Windows\WindowsUpdate\sihpostreboot -> No File <==== ATTENTION
Task: {2CED0F94-7C65-4DB7-97AD-995DE4BC66F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3165135B-2B53-43DF-A33A-69837C174697} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-05] (Google LLC -> Google LLC)
Task: {36BA328C-AC66-4801-86D0-A29C195D22D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3DDAAD28-CF7A-48EF-9E96-C44ED5D82474} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4191328 2021-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {44FA9334-67A2-4698-82FB-8A74D41825AE} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C24E33B-0831-487F-A883-F20266D755DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2022-01-20] (HP Inc. -> HP Inc.)
Task: {50800969-57D1-463A-AD3E-22E215382294} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {568B7D7D-0A11-4AF7-ADBB-BAE000D5738C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1613720 2022-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {5DFFC143-7ABC-4A60-B4EB-9F897DD0CC9C} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {67D2A29E-6C16-46DC-98DC-6CABF4AF13DC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {710FEE0C-1CCA-4935-88A7-8F5D363FEB34} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {754BADA9-DD58-465A-A264-95D275CF1100} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {7C118297-A4DB-4B77-9DA7-C976FA15A666} - \StartDVR -> No File <==== ATTENTION
Task: {82072FFC-2DF4-41E5-B537-F13C71506E97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-05] (Google LLC -> Google LLC)
Task: {84E7760F-794D-4EEF-BA50-6AE25B39BAE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90014BBC-F7CF-422F-8CD6-D024286C5A82} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8EDBA35-834E-4D97-A010-964889D9813C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF22DA64-D38E-4E38-84DB-C746133FAA79} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-763118441-806889825-3821141486-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB332E74-7A32-4A03-8F4B-E9D095F0DB04} - \StartCN -> No File <==== ATTENTION
Task: {BF6576D4-97EA-4B86-A74E-9DE550000F5F} - System32\Tasks\Opera scheduled Autoupdate 1643205912 => C:\Users\Elisk\AppData\Local\Programs\Opera\launcher.exe [2333904 2022-01-26] (Opera Software AS -> Opera Software)
Task: {C7B1B1A7-8ADB-4F9E-A165-AB096E652A51} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {CBFF089A-6A36-4489-8E80-FCE9FEF97EED} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {EDF37DA1-0AD5-43F8-8573-0BAD76F9EC08} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{4e21c260-7345-468f-9d68-20031fc98be6}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{aba4634f-7fd8-4923-9e41-8889ecfb12dd}: [DhcpNameServer] 172.168.0.7

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Elisk\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-28]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default [2022-01-28]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://sizeer.cz; hxxps://www.bezvasport.cz; hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
CHR StartupUrls: Default -> "hxxps://poshukach.com?fr=ps&gp=496723&altserp=1"
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxps://suggest.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Extension: (Prezentace) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-05]
CHR Extension: (Dokumenty) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-05]
CHR Extension: (Disk Google) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-05]
CHR Extension: (YouTube) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-05]
CHR Extension: (Tabulky) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-21]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-01-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Gmail) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-05]
CHR Profile: C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-01-28]
CHR HomePage: Profile 1 -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
CHR StartupUrls: Profile 1 -> "hxxps://poshukach.com?fr=ps&gp=496723&altserp=1"
CHR DefaultSearchURL: Profile 1 -> hxxps://poshukach.com/search?q={searchTerms}&fr=ps&gp=496723&altserp=1
CHR DefaultSearchKeyword: Profile 1 -> Poshukach Engin Search
CHR DefaultSuggestURL: Profile 1 -> hxxps://suggest.finditnowonline.com/suggestionfeed/suggestion?format=json&gd=496721&q={searchTerms}
CHR Extension: (Prezentace) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-05]
CHR Extension: (Dokumenty) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-05]
CHR Extension: (Disk Google) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-05]
CHR Extension: (YouTube) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-05]
CHR Extension: (Tabulky) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Gmail) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-05]
CHR Extension: (Chrome Media Router) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-05]
CHR Profile: C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\System Profile [2021-02-05]

Opera:
=======
OPR Profile: C:\Users\Elisk\AppData\Roaming\Opera Software\Opera Stable [2022-01-28]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Elisk\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-01-28]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Elisk\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-01-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12119432 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncHelper.exe [3354520 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\AppHelperCap.exe [757280 2021-12-02] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\DiagsCap.exe [755184 2021-12-02] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\NetworkCap.exe [752120 2021-12-02] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\SysInfoCap.exe [755192 2021-12-02] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_54a828a51f6769c8\x64\TouchpointAnalyticsClientService.exe [494672 2021-11-21] (HP Inc. -> HP Inc.)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-02-05] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\OneDriveUpdaterService.exe [3812248 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2562776 2022-01-18] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3481312 2022-01-18] (Electronic Arts, Inc. -> Electronic Arts)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12835096 2021-01-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [50616 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 -> HP)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [60448 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 -> HP)
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys [37112 2021-01-02] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [49152 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-17] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-28 14:09 - 2022-01-28 14:10 - 000022386 _____ C:\Users\Elisk\Desktop\FRST.txt
2022-01-28 14:09 - 2022-01-28 14:10 - 000000000 ____D C:\FRST
2022-01-28 14:05 - 2022-01-28 14:05 - 000002275 _____ C:\Users\Elisk\Desktop\AdwCleaner[C05].txt
2022-01-28 14:03 - 2022-01-28 14:03 - 002311680 _____ (Farbar) C:\Users\Elisk\Desktop\FRST64.exe
2022-01-28 14:00 - 2022-01-28 14:00 - 000000871 _____ C:\Users\Elisk\Desktop\JRT.txt
2022-01-28 13:59 - 2022-01-28 13:59 - 000000000 ____D C:\Users\Elisk\AppData\Local\CrashDumps
2022-01-28 13:58 - 2022-01-28 13:58 - 000150737 _____ C:\Users\Elisk\Desktop\zoek-results.txt
2022-01-28 13:55 - 2022-01-28 13:35 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2022-01-28 13:38 - 2022-01-28 13:38 - 001790024 _____ (Malwarebytes) C:\Users\Elisk\Desktop\JRT.exe
2022-01-28 13:35 - 2022-01-28 13:48 - 000000000 ____D C:\zoek_backup
2022-01-28 13:35 - 2015-09-23 17:00 - 001308672 _____ C:\Users\Elisk\Desktop\zoek.exe
2022-01-28 13:29 - 2022-01-28 13:29 - 008540344 _____ (Malwarebytes) C:\Users\Elisk\Desktop\AdwCleaner.exe
2022-01-28 13:15 - 2022-01-28 13:16 - 000000000 ____D C:\AdwCleaner
2022-01-28 13:15 - 2022-01-28 13:15 - 008540344 _____ (Malwarebytes) C:\Users\Elisk\Downloads\adwcleaner_8.3.1.exe
2022-01-28 13:03 - 2022-01-28 13:03 - 000000000 ____D C:\Users\Elisk\AppData\LocalLow\uTorrent
2022-01-28 12:15 - 2022-01-28 12:15 - 000008444 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (8).pdf
2022-01-28 12:11 - 2022-01-28 12:11 - 000009885 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (7).pdf
2022-01-27 12:16 - 2022-01-27 12:16 - 000008419 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (6).pdf
2022-01-27 12:11 - 2022-01-27 12:11 - 000015171 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (5).pdf
2022-01-27 12:07 - 2022-01-27 12:08 - 000015168 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (4).pdf
2022-01-27 12:07 - 2022-01-27 12:07 - 000015165 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (3).pdf
2022-01-27 11:43 - 2022-01-27 11:43 - 000009888 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (2).pdf
2022-01-27 11:42 - 2022-01-27 11:42 - 000009884 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (1).pdf
2022-01-27 11:38 - 2022-01-27 11:38 - 000008444 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp.pdf
2022-01-26 16:18 - 2022-01-26 16:18 - 000054587 _____ C:\Users\Elisk\Downloads\zákon 108 o sociálních službách (1).pptx
2022-01-26 15:07 - 2022-01-26 15:07 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2022-01-26 15:05 - 2022-01-28 13:19 - 000000000 ____D C:\ProgramData\Avast Software
2022-01-26 15:05 - 2022-01-28 12:59 - 000000000 ____D C:\Users\Elisk\AppData\Local\Lavasoft
2022-01-26 15:05 - 2022-01-26 15:05 - 000004210 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1643205912
2022-01-26 15:05 - 2022-01-26 15:05 - 000001416 _____ C:\Users\Elisk\Desktop\Prohlížeč Opera.lnk
2022-01-26 15:05 - 2022-01-26 15:05 - 000001406 _____ C:\Users\Elisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2022-01-26 15:05 - 2022-01-26 15:05 - 000000000 ____D C:\Users\Elisk\AppData\Local\Opera Software
2022-01-26 15:04 - 2022-01-28 13:03 - 000000000 ____D C:\Users\Elisk\AppData\Local\BitTorrentHelper
2022-01-26 15:04 - 2022-01-26 15:04 - 000367096 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2022-01-26 15:03 - 2022-01-26 15:03 - 000000903 _____ C:\Users\Elisk\Desktop\µTorrent.lnk
2022-01-26 15:03 - 2022-01-26 15:03 - 000000883 _____ C:\Users\Elisk\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2022-01-26 15:03 - 2022-01-26 15:03 - 000000000 ____D C:\Users\Elisk\AppData\Roaming\Opera Software
2022-01-26 15:03 - 2022-01-26 15:03 - 000000000 ____D C:\Users\Elisk\AppData\Local\UT008
2022-01-26 15:02 - 2022-01-26 15:03 - 005353128 _____ (BitTorrent Inc.) C:\Users\Elisk\Downloads\uTorrent.exe
2022-01-25 21:57 - 2022-01-25 21:57 - 000051019 _____ C:\Users\Elisk\Downloads\faktura_202200105.pdf
2022-01-24 22:04 - 2022-01-24 22:04 - 020952536 _____ C:\Users\Elisk\Downloads\Photos (1).zip
2022-01-24 22:03 - 2022-01-24 22:03 - 020952536 _____ C:\Users\Elisk\Downloads\Photos.zip
2022-01-21 12:11 - 2022-01-21 12:11 - 000054587 _____ C:\Users\Elisk\Downloads\zákon 108 o sociálních službách.pptx
2022-01-21 12:08 - 2022-01-21 12:08 - 001960060 _____ C:\Users\Elisk\Downloads\komunikační partneři poradenského pracovníka.pptx
2022-01-21 11:56 - 2022-01-21 11:56 - 000063522 _____ C:\Users\Elisk\Downloads\osobnost poradce.pptx
2022-01-21 11:47 - 2022-01-21 11:47 - 000606780 _____ C:\Users\Elisk\Downloads\Podpůrná opatření.pdf
2022-01-21 11:21 - 2022-01-21 11:21 - 000186124 _____ C:\Users\Elisk\Downloads\PO 1 stupeň.pptx
2022-01-20 22:23 - 2022-01-20 22:23 - 000088882 _____ C:\Users\Elisk\Desktop\slevomat-cz-voucher-4-pobyt-v-praze-jidlo-i-relax-ve-wellness-6182440040U-263.pdf
2022-01-20 22:21 - 2022-01-20 22:22 - 000088882 _____ C:\Users\Elisk\Downloads\slevomat-cz-voucher-4-pobyt-v-praze-jidlo-i-relax-ve-wellness-6182440040U-263.pdf
2022-01-19 15:32 - 2022-01-19 15:32 - 000046874 _____ C:\Users\Elisk\Downloads\fáze poradenského procesu.pptx
2022-01-19 15:25 - 2022-01-19 15:25 - 000412302 _____ C:\Users\Elisk\Downloads\SP_charakteristika postižení a dopady do vzdělávání.pdf
2022-01-17 18:02 - 2022-01-17 18:02 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-17 18:02 - 2022-01-17 18:02 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-17 18:02 - 2022-01-17 18:02 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-17 17:55 - 2022-01-17 17:55 - 000000000 ___HD C:\$WinREAgent
2022-01-17 15:57 - 2022-01-17 15:57 - 000038400 _____ C:\Users\Elisk\Downloads\faktura VZOR.xls
2022-01-16 17:54 - 2022-01-16 17:54 - 000053878 _____ C:\Users\Elisk\Downloads\faktura_202200104.pdf
2022-01-16 17:42 - 2022-01-16 17:42 - 000053836 _____ C:\Users\Elisk\Downloads\faktura_4 (4).pdf
2022-01-16 17:41 - 2022-01-16 17:41 - 000053199 _____ C:\Users\Elisk\Downloads\faktura_4 (3).pdf
2022-01-16 17:40 - 2022-01-16 17:40 - 000053257 _____ C:\Users\Elisk\Downloads\faktura_4 (2).pdf
2022-01-16 17:40 - 2022-01-16 17:40 - 000053257 _____ C:\Users\Elisk\Downloads\faktura_4 (1).pdf
2022-01-16 16:53 - 2022-01-16 16:53 - 000053154 _____ C:\Users\Elisk\Downloads\faktura_4.pdf
2022-01-13 15:03 - 2022-01-13 15:03 - 015708567 _____ C:\Users\Elisk\Downloads\10-31 (1).pdf
2022-01-12 20:42 - 2022-01-12 20:42 - 001898412 _____ C:\WINDOWS\Minidump\011222-28750-01.dmp
2022-01-11 17:33 - 2022-01-11 17:33 - 002471628 _____ C:\WINDOWS\Minidump\011122-10843-01.dmp
2022-01-05 20:37 - 2022-01-24 22:47 - 000000000 ____D C:\Users\Elisk\Desktop\dřevo s láskou
2022-01-05 17:53 - 2022-01-05 18:08 - 000000000 ____D C:\Users\Elisk\AppData\Local\UnravelTwo
2022-01-05 17:51 - 2022-01-05 17:52 - 000000000 ____D C:\ProgramData\Electronic Arts
2022-01-05 17:49 - 2022-01-22 17:08 - 000000000 ____D C:\Program Files (x86)\Origin
2022-01-05 17:49 - 2022-01-05 17:49 - 000001069 _____ C:\Users\Public\Desktop\Origin.lnk
2022-01-05 17:49 - 2022-01-05 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2022-01-05 17:46 - 2022-01-26 14:58 - 000000000 ____D C:\Users\Elisk\AppData\Roaming\Origin
2022-01-05 17:46 - 2022-01-26 14:58 - 000000000 ____D C:\ProgramData\Origin
2022-01-05 17:46 - 2022-01-26 14:31 - 000000000 ____D C:\Users\Elisk\AppData\Local\Origin
2022-01-05 17:46 - 2022-01-05 17:46 - 000000000 ____D C:\Users\Elisk\.QtWebEngineProcess
2022-01-05 17:46 - 2022-01-05 17:46 - 000000000 ____D C:\Users\Elisk\.Origin
2022-01-05 16:40 - 2022-01-05 16:40 - 000000012 _____ C:\Users\Elisk\Desktop\STEAM.txt
2022-01-05 14:31 - 2022-01-25 21:58 - 000000000 ____D C:\Users\Elisk\Desktop\Faktury

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-28 14:11 - 2021-02-05 17:03 - 000000512 _____ C:\Users\Public\amdsfhdcd.bin
2022-01-28 14:05 - 2021-02-05 17:03 - 000000000 ____D C:\ProgramData\HP
2022-01-28 14:04 - 2020-01-04 20:40 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-01-28 14:03 - 2021-02-05 17:15 - 001605802 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-28 14:03 - 2019-12-07 15:41 - 000683426 _____ C:\WINDOWS\system32\perfh005.dat
2022-01-28 14:03 - 2019-12-07 15:41 - 000137206 _____ C:\WINDOWS\system32\perfc005.dat
2022-01-28 14:03 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-28 13:58 - 2021-02-05 17:44 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-28 13:58 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-28 13:56 - 2021-02-19 18:43 - 000003126 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2022-01-28 13:56 - 2021-02-05 18:07 - 000003110 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2022-01-28 13:56 - 2021-02-05 17:54 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-01-28 13:56 - 2021-02-05 17:02 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-28 13:56 - 2021-02-05 17:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-28 13:56 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-01-28 13:56 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-01-28 13:55 - 2021-02-05 17:38 - 000000000 ____D C:\Users\Elisk\AppData\Local\D3DSCache
2022-01-28 13:33 - 2021-02-05 17:02 - 000542584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-28 13:27 - 2021-02-05 17:57 - 000000000 ____D C:\Users\Elisk\AppData\Roaming\Hewlett-Packard
2022-01-28 13:27 - 2019-05-14 03:38 - 000000000 ____D C:\Program Files (x86)\HP
2022-01-28 13:27 - 2019-04-26 21:22 - 000000000 ___HD C:\hp
2022-01-28 13:01 - 2021-02-05 17:35 - 000000000 ____D C:\Users\Elisk\AppData\Local\Packages
2022-01-28 13:01 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-28 13:01 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-28 12:45 - 2021-02-05 17:54 - 000000000 ____D C:\Users\Elisk\AppData\Local\TeamViewer
2022-01-28 12:23 - 2021-10-18 17:27 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-01-28 12:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-28 12:10 - 2021-02-19 17:23 - 000000000 ____D C:\Steam
2022-01-28 11:57 - 2021-02-05 17:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-28 07:41 - 2021-12-13 09:37 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-763118441-806889825-3821141486-1001
2022-01-28 07:41 - 2021-10-09 20:00 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-01-28 07:41 - 2021-10-09 20:00 - 000002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-28 07:40 - 2021-07-11 12:30 - 000004208 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{535E2AA2-D2C5-49F0-A079-DA6631CF4B82}
2022-01-28 07:38 - 2021-02-08 21:43 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-28 07:38 - 2021-02-08 21:43 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-26 16:00 - 2019-04-15 16:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-01-26 15:07 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-01-23 19:37 - 2021-02-08 21:44 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-23 19:37 - 2021-02-08 21:44 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-01-22 17:29 - 2021-02-05 17:44 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-22 17:29 - 2021-02-05 17:44 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-20 22:01 - 2021-02-05 17:46 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-20 22:01 - 2021-02-05 17:46 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-19 10:47 - 2021-02-19 18:32 - 000000000 ____D C:\Users\Elisk\AppData\Local\AMD_Common
2022-01-17 20:33 - 2021-02-05 17:35 - 000000000 ____D C:\Users\Elisk
2022-01-17 18:05 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-17 17:55 - 2021-02-05 22:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-17 17:53 - 2021-02-05 22:34 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-16 17:37 - 2021-02-05 17:41 - 000000000 ____D C:\Users\Elisk\AppData\Local\PlaceholderTileLogoFolder
2022-01-14 17:06 - 2019-05-14 03:41 - 000000000 ____D C:\Program Files\Microsoft Office
2022-01-14 11:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2022-01-14 10:06 - 2021-02-05 18:20 - 000002371 _____ C:\Users\Elisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-01-12 20:42 - 2021-10-22 13:03 - 846670662 _____ C:\WINDOWS\MEMORY.DMP
2022-01-12 20:42 - 2021-10-22 13:03 - 000000000 ____D C:\WINDOWS\Minidump
2021-12-29 20:22 - 2021-02-05 17:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2022
Ran by Elisk (28-01-2022 14:11:28)
Running from C:\Users\Elisk\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) (2021-02-05 16:12:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-763118441-806889825-3821141486-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-763118441-806889825-3821141486-503 - Limited - Disabled)
Elisk (S-1-5-21-763118441-806889825-3821141486-1001 - Administrator - Enabled) => C:\Users\Elisk
Guest (S-1-5-21-763118441-806889825-3821141486-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-763118441-806889825-3821141486-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\uTorrent) (Version: 3.5.5.46148 - BitTorrent Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.13.27.501 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{40c19864-e557-4855-95ee-075689dfcf8e}) (Version: 2.13.27.501 - Advanced Micro Devices, Inc.) Hidden
Aplikácie Microsoft 365 pre veľké organizácie - sk-sk (HKLM\...\O365ProPlusRetail - sk-sk) (Version: 16.0.14729.20260 - Microsoft Corporation)
Branding64 (HKLM\...\{7659552A-136F-4615-A9FA-3E3EF2CCA77C}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Creaks (HKLM-x32\...\1623513243_is1) (Version: 1.0 - GOG.com)
EzTiltPen (HKLM\...\{359DAC8D-CE33-4729-84E9-22D3367A44A9}_is1) (Version: 1.0.0.25 - ELAN microelectronics Crop.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.99 - Google LLC)
Happy Game (HKLM-x32\...\Happy Game_is1) (Version: - )
HP Audio Switch (HKLM-x32\...\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}) (Version: 1.0.154.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.69 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 97.0.1072.69 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 83.0.4254.27 (HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\Opera 83.0.4254.27) (Version: 83.0.4254.27 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.110.50000 - Electronic Arts, Inc.)
Polda II (HKLM-x32\...\Polda II_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 9.4.14.0 - 2BrightSparks)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.14.5 - TeamViewer)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)

Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-03-04] (Advanced Micro Devices Inc.)
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.15.226.0_x64__v10z8vjag6ke6 [2021-11-08] (HP Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-01-16] (Microsoft Corporation)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2021-02-05] (HP Inc.)
HP Command Center -> C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.10.30.0_x64__v10z8vjag6ke6 [2022-01-14] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.8.0.0_x64__v10z8vjag6ke6 [2021-10-18] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2021-11-08] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_134.1.221.0_x64__v10z8vjag6ke6 [2022-01-27] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.13.85.0_x64__v10z8vjag6ke6 [2022-01-26] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6 [2022-01-23] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-14] (Microsoft Studios) [MS Ad]
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2021-11-08] (Random Salad Games LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-763118441-806889825-3821141486-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Elisk\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21264.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-01-05 17:49 - 2022-01-05 17:49 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2022-01-05 17:49 - 2022-01-05 17:49 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2022-01-05 17:49 - 2022-01-05 17:49 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-763118441-806889825-3821141486-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-763118441-806889825-3821141486-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\sharepoint.com -> hxxps://upolomouc-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2021-11-02 18:15 - 000002480 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site

2021-04-29 12:09 - 2021-04-29 12:09 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-763118441-806889825-3821141486-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "EzTiltPenSrvc"
HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E0605002-A4FF-47D5-8F18-6124BB7BC65F}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{9D111252-2FBD-4251-80A9-EE5B20184480}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{CEB78B7E-A0B1-463A-9E72-FC3D06E25132}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4B026E66-F2BF-4969-8A5D-4231BE27BDE8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{286FFC4E-B214-4171-BF0A-C81BDC4EF305}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B4C65368-90FD-4EC5-A98F-56B5ED4AF625}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AC4D8A34-9F81-470F-9D1C-47DE7154B968}] => (Allow) C:\Users\Elisk\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B6B99DA0-3F85-4AA3-88C9-466CD14AF8EA}] => (Allow) C:\Users\Elisk\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{6AF51994-28CC-4CE5-B403-6149173BB687}] => (Allow) C:\Users\Elisk\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A14D1D2A-49DC-4C9B-B5E1-EAD314FD616C}] => (Allow) C:\Eliška\Ostatní\steam\znova!!\Steam.exe => No File
FirewallRules: [{B46C0F77-E6CC-46EE-A6D9-743BE4BD53FE}] => (Allow) C:\Eliška\Ostatní\steam\znova!!\Steam.exe => No File
FirewallRules: [{55169A24-43A0-4BD0-B0D1-0C56F447A6A1}] => (Allow) C:\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F1F9044F-A7E4-4D54-82D6-5AC4550C6E87}] => (Allow) C:\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{76A92F53-22B2-4B90-89F2-6718D72F8C7D}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5F937B88-AC40-4896-B92B-7D4B2BD84E58}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{29F368D2-411A-460A-B028-66CD55C41632}C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D7E2637B-C923-4C32-830B-98AD26F91190}C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A733F354-0708-477D-925A-BCBD3033C51D}C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0B1DD49D-498F-450F-B9BB-FB6BD92AFDD6}C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3944EF4B-92E0-4567-8212-B937EF51FDFB}] => (Allow) C:\Steam\steamapps\common\ObraDinn\ObraDinn.exe () [File not signed]
FirewallRules: [{E292DD04-FCD4-4FB3-8D7A-CEBD43521BA5}] => (Allow) C:\Steam\steamapps\common\ObraDinn\ObraDinn.exe () [File not signed]
FirewallRules: [{D78B2097-1F62-4B42-BF8F-07DDF653E1E6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A1FB31EC-7A7C-4F17-B53D-259F00268EB6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C0479DD8-1436-4196-A782-836928D26C49}] => (Allow) C:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe => No File
FirewallRules: [{F58C83D3-0115-4789-AC3B-606200301CA0}] => (Allow) C:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe => No File
FirewallRules: [{B35E48C0-636A-44A4-9D24-E4ED67209262}] => (Allow) C:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe => No File
FirewallRules: [{381CB7D4-B56F-47A0-8381-8FE2C6621D30}] => (Allow) C:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe => No File
FirewallRules: [{72DEAA74-8E33-49D0-8269-5080D18D6DA3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D5597608-3160-43A8-9ED8-CDBF2F1EAEE7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{15830CE5-5218-4A56-845D-A1C1919256E3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6F6DA089-5FB2-4351-9AED-33A7173213B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D3984893-D5BE-47AC-AAC7-B2CA6577A76A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2ED9D991-AEA1-4DC0-8C85-4C2655CD05B9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{358F9B7C-9BB2-4BBE-9691-AD0F8372BC21}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AC0E8192-75AC-4ACC-88DC-9BBD869C27BB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5667D6E8-F2A8-480B-A7CF-8C813730D057}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\97.0.1072.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9195C0EC-F7A7-4281-9D1D-ECA26513A7B7}] => (Allow) C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{33D0C193-E1BC-4078-9C5D-2A86C5D4C440}] => (Allow) C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{95DC98F6-7153-4F92-8911-82A9424F01CF}] => (Allow) C:\Users\Elisk\AppData\Local\Programs\Opera\83.0.4254.27\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

28-01-2022 13:36:13 zoek.exe restore point
28-01-2022 13:59:08 JRT Pre-Junkware Removal
28-01-2022 14:04:42 AdwCleaner_BeforeCleaning_28/01/2022_14:04:42

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/28/2022 01:59:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: StartMenuExperienceHost.exe, verze: 0.0.0.0, časové razítko: 0x4fe0bcb3
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1466, časové razítko: 0xe01c7650
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000010b362
ID chybujícího procesu: 0x256c
Čas spuštění chybující aplikace: 0x01d81446e06e6520
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 0c2aa1c3-e8c3-4171-9121-17d7e2778f66
Úplný název chybujícího balíčku: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: App

Error: (01/28/2022 01:56:33 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-C29UHKI$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(31ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (01/28/2022 01:56:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/28/2022 01:56:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (01/28/2022 01:56:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/28/2022 01:56:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (01/28/2022 01:33:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-C29UHKI$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(31ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (01/28/2022 01:19:53 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-C29UHKI$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(78ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)


System errors:
=============
Error: (01/28/2022 02:04:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Analytics service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (01/28/2022 02:04:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Realtek Audio Universal Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (01/28/2022 02:04:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft Office Click-to-Run Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (01/28/2022 02:04:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Realtek Bluetooth Device Manager Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/28/2022 02:04:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Sound Research SECOMN Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/28/2022 02:04:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Storage Middleware Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/28/2022 02:04:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP System Info HSA Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (01/28/2022 02:04:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SynTPEnhService byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
================
Date: 2022-01-28 14:11:16
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\updates\3.5.5_46148.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.355.2657.0, AS: 1.355.2657.0, NIS: 1.355.2657.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-28 13:51:38
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\updates\3.5.5_46148.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\AppData\Local\Temp\PEVZ.EXE
Verze bezpečnostních informací: AV: 1.355.2657.0, AS: 1.355.2657.0, NIS: 1.355.2657.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-28 13:51:37
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\AppData\Local\Temp\PEVZ.EXE
Verze bezpečnostních informací: AV: 1.355.2657.0, AS: 1.355.2657.0, NIS: 1.355.2657.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-28 13:50:44
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\AppData\Local\Temp\PEVZ.EXE
Verze bezpečnostních informací: AV: 1.355.2657.0, AS: 1.355.2657.0, NIS: 1.355.2657.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-28 13:49:59
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\AppData\Local\Temp\PEVZ.EXE
Verze bezpečnostních informací: AV: 1.355.2657.0, AS: 1.355.2657.0, NIS: 1.355.2657.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4
Event[0]:

Date: 2021-08-26 22:44:55
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Zálohování
Kód chyby: 0x80004004
Popis chyby: Operace přerušena
Verze bezpečnostních informací: 1.347.314.0;1.347.314.0
Verze modulu: 1.1.18400.5

Date: 2021-08-26 22:44:55
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80004004
Popis chyby: Operace přerušena
Verze bezpečnostních informací: 1.347.449.0;1.347.449.0
Verze modulu: 1.1.18400.5

CodeIntegrity:
===============
Date: 2022-01-28 12:28:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2022-01-28 12:24:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.19 12/26/2019
Motherboard: HP 85DE
Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
Percentage of memory in use: 60%
Total physical RAM: 6018.2 MB
Available physical RAM: 2388.41 MB
Total Virtual: 10882.2 MB
Available Virtual: 6783.9 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.19 GB) (Free:178.23 GB) (Protected) NTFS

\\?\Volume{f7827af1-f20f-4344-8a8d-87261c2b95d3}\ () (Fixed) (Total:0.48 GB) (Free:0.03 GB) NTFS
\\?\Volume{efb534da-5cb6-41d6-9d28-b0320ed690bb}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Poshukach

Napsal: 28 led 2022 14:50
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Poshukach

Napsal: 31 led 2022 21:02
od sok1
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-31-2022
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4326 octets] - [28/01/2022 13:16:14]
AdwCleaner[C00].txt - [2009 octets] - [28/01/2022 13:16:31]
AdwCleaner[S01].txt - [3923 octets] - [28/01/2022 13:17:36]
AdwCleaner[S02].txt - [3984 octets] - [28/01/2022 13:21:24]
AdwCleaner[S03].txt - [4045 octets] - [28/01/2022 13:27:07]
AdwCleaner[C03].txt - [4493 octets] - [28/01/2022 13:27:44]
AdwCleaner[S04].txt - [1842 octets] - [28/01/2022 13:31:58]
AdwCleaner[C04].txt - [2235 octets] - [28/01/2022 13:32:04]
AdwCleaner[S05].txt - [2061 octets] - [28/01/2022 14:04:37]
AdwCleaner[C05].txt - [2275 octets] - [28/01/2022 14:04:54]
AdwCleaner[S06].txt - [2183 octets] - [31/01/2022 21:00:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C06].txt ##########

Re: Poshukach

Napsal: 31 led 2022 21:03
od sok1
Pořád tam je.

Re: Poshukach

Napsal: 31 led 2022 21:51
od Rudy
Dejte nové logy FRST+Addition.

Re: Poshukach

Napsal: 01 úno 2022 12:37
od sok1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-01-2022
Ran by Elisk (administrator) on DESKTOP-C29UHKI (HP HP ENVY x360 Convertible 13-ar0xxx) (01-02-2022 12:31:49)
Running from C:\Users\Elisk\Desktop
Loaded Profiles: Elisk
Platform: Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_54a828a51f6769c8\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\BridgeCommunication.exe <2>
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.10.30.0_x64__v10z8vjag6ke6\HpSystemManagement.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.10.30.0_x64__v10z8vjag6ke6\Win32Process\HPCC.Bg.BackgroundApp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7b66b6662cf6d72b\RtkAudUService64.exe <2>
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7b66b6662cf6d72b\RtkAudUService64.exe [1211696 2021-02-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EzTiltPenSrvc] => C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe [238280 2019-04-22] (ELAN Microelectronics Corporation -> ELAN) [File not signed]
HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-04-18] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [122427152 2021-07-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2593128 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Elisk\AppData\Local\Microsoft\Teams\Update.exe [2459304 2022-01-14] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-20] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {105D676A-D551-4274-81E7-97AC52E4FD87} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {109B5047-B3E3-426E-A9B7-7A9749716854} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {1949073A-8FDA-4EA4-8E59-407CDB02440F} - \Microsoft\Windows\WindowsUpdate\sihpostreboot -> No File <==== ATTENTION
Task: {2CED0F94-7C65-4DB7-97AD-995DE4BC66F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3165135B-2B53-43DF-A33A-69837C174697} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-05] (Google LLC -> Google LLC)
Task: {36BA328C-AC66-4801-86D0-A29C195D22D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3DDAAD28-CF7A-48EF-9E96-C44ED5D82474} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4191328 2021-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {44FA9334-67A2-4698-82FB-8A74D41825AE} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C24E33B-0831-487F-A883-F20266D755DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2022-01-20] (HP Inc. -> HP Inc.)
Task: {50800969-57D1-463A-AD3E-22E215382294} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {568B7D7D-0A11-4AF7-ADBB-BAE000D5738C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1613720 2022-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {67D2A29E-6C16-46DC-98DC-6CABF4AF13DC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {710FEE0C-1CCA-4935-88A7-8F5D363FEB34} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {754BADA9-DD58-465A-A264-95D275CF1100} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {7C118297-A4DB-4B77-9DA7-C976FA15A666} - \StartDVR -> No File <==== ATTENTION
Task: {82072FFC-2DF4-41E5-B537-F13C71506E97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-05] (Google LLC -> Google LLC)
Task: {84E7760F-794D-4EEF-BA50-6AE25B39BAE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90014BBC-F7CF-422F-8CD6-D024286C5A82} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {A3B363B1-6580-4121-B388-A2D36CF8581A} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {A8EDBA35-834E-4D97-A010-964889D9813C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF22DA64-D38E-4E38-84DB-C746133FAA79} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-763118441-806889825-3821141486-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB332E74-7A32-4A03-8F4B-E9D095F0DB04} - \StartCN -> No File <==== ATTENTION
Task: {BF6576D4-97EA-4B86-A74E-9DE550000F5F} - System32\Tasks\Opera scheduled Autoupdate 1643205912 => C:\Users\Elisk\AppData\Local\Programs\Opera\launcher.exe [2333904 2022-01-26] (Opera Software AS -> Opera Software)
Task: {CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Task: {CBFF089A-6A36-4489-8E80-FCE9FEF97EED} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {EDF37DA1-0AD5-43F8-8573-0BAD76F9EC08} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE0A20C1-B34E-4134-8846-8BDDAFA476A7} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{4e21c260-7345-468f-9d68-20031fc98be6}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{aba4634f-7fd8-4923-9e41-8889ecfb12dd}: [DhcpNameServer] 172.168.0.7

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Elisk\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-28]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default [2022-01-31]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://sizeer.cz; hxxps://www.bezvasport.cz; hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
CHR StartupUrls: Default -> "hxxps://poshukach.com?fr=ps&gp=496723&altserp=1"
CHR Extension: (Prezentace) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-05]
CHR Extension: (Dokumenty) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-05]
CHR Extension: (Disk Google) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-05]
CHR Extension: (YouTube) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-05]
CHR Extension: (Tabulky) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-21]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-01-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Gmail) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-05]
CHR Profile: C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-01-28]
CHR HomePage: Profile 1 -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
CHR StartupUrls: Profile 1 -> "hxxps://poshukach.com?fr=ps&gp=496723&altserp=1"
CHR DefaultSearchURL: Profile 1 -> hxxps://poshukach.com/search?q={searchTerms}&fr=ps&gp=496723&altserp=1
CHR DefaultSearchKeyword: Profile 1 -> Poshukach Engin Search
CHR DefaultSuggestURL: Profile 1 -> hxxps://suggest.finditnowonline.com/suggestionfeed/suggestion?format=json&gd=496721&q={searchTerms}
CHR Extension: (Prezentace) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-05]
CHR Extension: (Dokumenty) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-05]
CHR Extension: (Disk Google) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-05]
CHR Extension: (YouTube) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-05]
CHR Extension: (Tabulky) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Gmail) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-05]
CHR Extension: (Chrome Media Router) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-05]
CHR Profile: C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\System Profile [2021-02-05]

Opera:
=======
OPR Profile: C:\Users\Elisk\AppData\Roaming\Opera Software\Opera Stable [2022-01-28]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Elisk\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-01-28]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Elisk\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-01-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12119432 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncHelper.exe [3354520 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\AppHelperCap.exe [757280 2021-12-02] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\DiagsCap.exe [755184 2021-12-02] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\NetworkCap.exe [752120 2021-12-02] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\SysInfoCap.exe [755192 2021-12-02] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_54a828a51f6769c8\x64\TouchpointAnalyticsClientService.exe [494672 2021-11-21] (HP Inc. -> HP Inc.)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-02-05] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\OneDriveUpdaterService.exe [3812248 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2562776 2022-01-18] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3481312 2022-01-18] (Electronic Arts, Inc. -> Electronic Arts)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12835096 2021-01-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [50616 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 -> HP)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
S0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [60448 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 -> HP)
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys [37112 2021-01-02] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [49152 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-17] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-01 12:31 - 2022-02-01 12:31 - 000000000 ____D C:\Users\Elisk\Desktop\FRST-OlderVersion
2022-01-28 17:34 - 2022-01-28 17:34 - 000401127 _____ C:\Users\Elisk\Downloads\UPRV_sdělení dg.pptx
2022-01-28 16:40 - 2022-01-28 16:40 - 000010129 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (11).pdf
2022-01-28 14:32 - 2022-01-28 14:32 - 000009886 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (10).pdf
2022-01-28 14:26 - 2022-01-28 14:26 - 000008547 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (9).pdf
2022-01-28 14:24 - 2022-01-28 14:24 - 000000000 ____D C:\Users\Elisk\AppData\Local\VirtualStore
2022-01-28 14:11 - 2022-01-28 14:12 - 000040781 _____ C:\Users\Elisk\Desktop\Addition.txt
2022-01-28 14:09 - 2022-02-01 12:32 - 000023198 _____ C:\Users\Elisk\Desktop\FRST.txt
2022-01-28 14:09 - 2022-02-01 12:32 - 000000000 ____D C:\FRST
2022-01-28 14:05 - 2022-01-28 14:05 - 000002275 _____ C:\Users\Elisk\Desktop\AdwCleaner[C05].txt
2022-01-28 14:03 - 2022-02-01 12:31 - 002311680 _____ (Farbar) C:\Users\Elisk\Desktop\FRST64.exe
2022-01-28 14:00 - 2022-01-28 14:00 - 000000871 _____ C:\Users\Elisk\Desktop\JRT.txt
2022-01-28 13:59 - 2022-01-28 13:59 - 000000000 ____D C:\Users\Elisk\AppData\Local\CrashDumps
2022-01-28 13:58 - 2022-01-28 13:58 - 000150737 _____ C:\Users\Elisk\Desktop\zoek-results.txt
2022-01-28 13:55 - 2022-01-28 13:35 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2022-01-28 13:38 - 2022-01-28 13:38 - 001790024 _____ (Malwarebytes) C:\Users\Elisk\Desktop\JRT.exe
2022-01-28 13:35 - 2022-01-28 13:48 - 000000000 ____D C:\zoek_backup
2022-01-28 13:35 - 2015-09-23 17:00 - 001308672 _____ C:\Users\Elisk\Desktop\zoek.exe
2022-01-28 13:29 - 2022-01-28 13:29 - 008540344 _____ (Malwarebytes) C:\Users\Elisk\Desktop\AdwCleaner.exe
2022-01-28 13:15 - 2022-01-28 13:16 - 000000000 ____D C:\AdwCleaner
2022-01-28 13:15 - 2022-01-28 13:15 - 008540344 _____ (Malwarebytes) C:\Users\Elisk\Downloads\adwcleaner_8.3.1.exe
2022-01-28 13:03 - 2022-01-28 13:03 - 000000000 ____D C:\Users\Elisk\AppData\LocalLow\uTorrent
2022-01-28 12:15 - 2022-01-28 12:15 - 000008444 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (8).pdf
2022-01-28 12:11 - 2022-01-28 12:11 - 000009885 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (7).pdf
2022-01-27 12:16 - 2022-01-27 12:16 - 000008419 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (6).pdf
2022-01-27 12:11 - 2022-01-27 12:11 - 000015171 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (5).pdf
2022-01-27 12:07 - 2022-01-27 12:08 - 000015168 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (4).pdf
2022-01-27 12:07 - 2022-01-27 12:07 - 000015165 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (3).pdf
2022-01-27 11:43 - 2022-01-27 11:43 - 000009888 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (2).pdf
2022-01-27 11:42 - 2022-01-27 11:42 - 000009884 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (1).pdf
2022-01-27 11:38 - 2022-01-27 11:38 - 000008444 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp.pdf
2022-01-26 16:18 - 2022-01-26 16:18 - 000054587 _____ C:\Users\Elisk\Downloads\zákon 108 o sociálních službách (1).pptx
2022-01-26 15:07 - 2022-01-26 15:07 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2022-01-26 15:05 - 2022-01-28 13:19 - 000000000 ____D C:\ProgramData\Avast Software
2022-01-26 15:05 - 2022-01-28 12:59 - 000000000 ____D C:\Users\Elisk\AppData\Local\Lavasoft
2022-01-26 15:05 - 2022-01-26 15:05 - 000004210 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1643205912
2022-01-26 15:05 - 2022-01-26 15:05 - 000001416 _____ C:\Users\Elisk\Desktop\Prohlížeč Opera.lnk
2022-01-26 15:05 - 2022-01-26 15:05 - 000001406 _____ C:\Users\Elisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2022-01-26 15:05 - 2022-01-26 15:05 - 000000000 ____D C:\Users\Elisk\AppData\Local\Opera Software
2022-01-26 15:04 - 2022-01-28 13:03 - 000000000 ____D C:\Users\Elisk\AppData\Local\BitTorrentHelper
2022-01-26 15:04 - 2022-01-26 15:04 - 000367096 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2022-01-26 15:03 - 2022-01-26 15:03 - 000000903 _____ C:\Users\Elisk\Desktop\µTorrent.lnk
2022-01-26 15:03 - 2022-01-26 15:03 - 000000883 _____ C:\Users\Elisk\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2022-01-26 15:03 - 2022-01-26 15:03 - 000000000 ____D C:\Users\Elisk\AppData\Roaming\Opera Software
2022-01-26 15:03 - 2022-01-26 15:03 - 000000000 ____D C:\Users\Elisk\AppData\Local\UT008
2022-01-26 15:02 - 2022-01-26 15:03 - 005353128 _____ (BitTorrent Inc.) C:\Users\Elisk\Downloads\uTorrent.exe
2022-01-25 21:57 - 2022-01-25 21:57 - 000051019 _____ C:\Users\Elisk\Downloads\faktura_202200105.pdf
2022-01-24 22:04 - 2022-01-24 22:04 - 020952536 _____ C:\Users\Elisk\Downloads\Photos (1).zip
2022-01-24 22:03 - 2022-01-24 22:03 - 020952536 _____ C:\Users\Elisk\Downloads\Photos.zip
2022-01-21 12:11 - 2022-01-21 12:11 - 000054587 _____ C:\Users\Elisk\Downloads\zákon 108 o sociálních službách.pptx
2022-01-21 12:08 - 2022-01-21 12:08 - 001960060 _____ C:\Users\Elisk\Downloads\komunikační partneři poradenského pracovníka.pptx
2022-01-21 11:56 - 2022-01-21 11:56 - 000063522 _____ C:\Users\Elisk\Downloads\osobnost poradce.pptx
2022-01-21 11:47 - 2022-01-21 11:47 - 000606780 _____ C:\Users\Elisk\Downloads\Podpůrná opatření.pdf
2022-01-21 11:21 - 2022-01-21 11:21 - 000186124 _____ C:\Users\Elisk\Downloads\PO 1 stupeň.pptx
2022-01-20 22:23 - 2022-01-20 22:23 - 000088882 _____ C:\Users\Elisk\Desktop\slevomat-cz-voucher-4-pobyt-v-praze-jidlo-i-relax-ve-wellness-6182440040U-263.pdf
2022-01-20 22:21 - 2022-01-20 22:22 - 000088882 _____ C:\Users\Elisk\Downloads\slevomat-cz-voucher-4-pobyt-v-praze-jidlo-i-relax-ve-wellness-6182440040U-263.pdf
2022-01-19 15:32 - 2022-01-19 15:32 - 000046874 _____ C:\Users\Elisk\Downloads\fáze poradenského procesu.pptx
2022-01-19 15:25 - 2022-01-19 15:25 - 000412302 _____ C:\Users\Elisk\Downloads\SP_charakteristika postižení a dopady do vzdělávání.pdf
2022-01-17 18:02 - 2022-01-17 18:02 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-17 18:02 - 2022-01-17 18:02 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-17 18:02 - 2022-01-17 18:02 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-17 17:55 - 2022-01-17 17:55 - 000000000 ___HD C:\$WinREAgent
2022-01-17 15:57 - 2022-01-17 15:57 - 000038400 _____ C:\Users\Elisk\Downloads\faktura VZOR.xls
2022-01-16 17:54 - 2022-01-16 17:54 - 000053878 _____ C:\Users\Elisk\Downloads\faktura_202200104.pdf
2022-01-16 17:42 - 2022-01-16 17:42 - 000053836 _____ C:\Users\Elisk\Downloads\faktura_4 (4).pdf
2022-01-16 17:41 - 2022-01-16 17:41 - 000053199 _____ C:\Users\Elisk\Downloads\faktura_4 (3).pdf
2022-01-16 17:40 - 2022-01-16 17:40 - 000053257 _____ C:\Users\Elisk\Downloads\faktura_4 (2).pdf
2022-01-16 17:40 - 2022-01-16 17:40 - 000053257 _____ C:\Users\Elisk\Downloads\faktura_4 (1).pdf
2022-01-16 16:53 - 2022-01-16 16:53 - 000053154 _____ C:\Users\Elisk\Downloads\faktura_4.pdf
2022-01-13 15:03 - 2022-01-13 15:03 - 015708567 _____ C:\Users\Elisk\Downloads\10-31 (1).pdf
2022-01-12 20:42 - 2022-01-12 20:42 - 001898412 _____ C:\WINDOWS\Minidump\011222-28750-01.dmp
2022-01-11 17:33 - 2022-01-11 17:33 - 002471628 _____ C:\WINDOWS\Minidump\011122-10843-01.dmp
2022-01-05 20:37 - 2022-01-24 22:47 - 000000000 ____D C:\Users\Elisk\Desktop\dřevo s láskou
2022-01-05 17:53 - 2022-01-05 18:08 - 000000000 ____D C:\Users\Elisk\AppData\Local\UnravelTwo
2022-01-05 17:51 - 2022-01-05 17:52 - 000000000 ____D C:\ProgramData\Electronic Arts
2022-01-05 17:49 - 2022-01-22 17:08 - 000000000 ____D C:\Program Files (x86)\Origin
2022-01-05 17:49 - 2022-01-05 17:49 - 000001069 _____ C:\Users\Public\Desktop\Origin.lnk
2022-01-05 17:49 - 2022-01-05 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2022-01-05 17:46 - 2022-01-26 14:58 - 000000000 ____D C:\Users\Elisk\AppData\Roaming\Origin
2022-01-05 17:46 - 2022-01-26 14:58 - 000000000 ____D C:\ProgramData\Origin
2022-01-05 17:46 - 2022-01-26 14:31 - 000000000 ____D C:\Users\Elisk\AppData\Local\Origin
2022-01-05 17:46 - 2022-01-05 17:46 - 000000000 ____D C:\Users\Elisk\.QtWebEngineProcess
2022-01-05 17:46 - 2022-01-05 17:46 - 000000000 ____D C:\Users\Elisk\.Origin
2022-01-05 16:40 - 2022-01-05 16:40 - 000000012 _____ C:\Users\Elisk\Desktop\STEAM.txt
2022-01-05 14:31 - 2022-01-25 21:58 - 000000000 ____D C:\Users\Elisk\Desktop\Faktury

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-01 12:33 - 2021-02-05 17:03 - 000000512 _____ C:\Users\Public\amdsfhdcd.bin
2022-02-01 12:32 - 2021-07-11 12:30 - 000004208 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{535E2AA2-D2C5-49F0-A079-DA6631CF4B82}
2022-02-01 12:31 - 2020-01-04 20:40 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-02-01 12:30 - 2021-02-05 17:44 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-01 12:30 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-01 12:29 - 2021-02-19 18:43 - 000003126 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2022-02-01 12:29 - 2021-02-05 18:07 - 000003110 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2022-01-31 21:02 - 2021-02-05 17:03 - 000000000 ____D C:\ProgramData\HP
2022-01-31 20:56 - 2021-02-05 17:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-31 17:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-28 17:44 - 2021-02-08 21:44 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-28 17:44 - 2021-02-08 21:44 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-01-28 17:44 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-28 17:32 - 2021-02-05 17:41 - 000000000 ____D C:\Users\Elisk\AppData\Local\PlaceholderTileLogoFolder
2022-01-28 14:46 - 2021-10-22 07:30 - 000001332 _____ C:\Users\Elisk\Desktop\MGR. Speciální pedagogika - poradenství.lnk
2022-01-28 14:03 - 2021-02-05 17:15 - 001605802 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-28 14:03 - 2019-12-07 15:41 - 000683426 _____ C:\WINDOWS\system32\perfh005.dat
2022-01-28 14:03 - 2019-12-07 15:41 - 000137206 _____ C:\WINDOWS\system32\perfc005.dat
2022-01-28 14:03 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-28 13:56 - 2021-02-05 17:54 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-01-28 13:56 - 2021-02-05 17:02 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-28 13:56 - 2021-02-05 17:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-28 13:56 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-01-28 13:56 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-01-28 13:55 - 2021-02-05 17:38 - 000000000 ____D C:\Users\Elisk\AppData\Local\D3DSCache
2022-01-28 13:33 - 2021-02-05 17:02 - 000542584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-28 13:27 - 2021-02-05 17:57 - 000000000 ____D C:\Users\Elisk\AppData\Roaming\Hewlett-Packard
2022-01-28 13:27 - 2019-05-14 03:38 - 000000000 ____D C:\Program Files (x86)\HP
2022-01-28 13:27 - 2019-04-26 21:22 - 000000000 ___HD C:\hp
2022-01-28 13:01 - 2021-02-05 17:35 - 000000000 ____D C:\Users\Elisk\AppData\Local\Packages
2022-01-28 12:45 - 2021-02-05 17:54 - 000000000 ____D C:\Users\Elisk\AppData\Local\TeamViewer
2022-01-28 12:23 - 2021-10-18 17:27 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-01-28 12:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-28 12:10 - 2021-02-19 17:23 - 000000000 ____D C:\Steam
2022-01-28 07:41 - 2021-12-13 09:37 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-763118441-806889825-3821141486-1001
2022-01-28 07:41 - 2021-10-09 20:00 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-01-28 07:41 - 2021-10-09 20:00 - 000002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-28 07:38 - 2021-02-08 21:43 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-28 07:38 - 2021-02-08 21:43 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-26 16:00 - 2019-04-15 16:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-01-26 15:07 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-01-22 17:29 - 2021-02-05 17:44 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-22 17:29 - 2021-02-05 17:44 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-20 22:01 - 2021-02-05 17:46 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-20 22:01 - 2021-02-05 17:46 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-19 10:47 - 2021-02-19 18:32 - 000000000 ____D C:\Users\Elisk\AppData\Local\AMD_Common
2022-01-17 20:33 - 2021-02-05 17:35 - 000000000 ____D C:\Users\Elisk
2022-01-17 18:05 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-17 17:55 - 2021-02-05 22:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-17 17:53 - 2021-02-05 22:34 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-14 17:06 - 2019-05-14 03:41 - 000000000 ____D C:\Program Files\Microsoft Office
2022-01-14 11:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2022-01-14 10:06 - 2021-02-05 18:20 - 000002371 _____ C:\Users\Elisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-01-12 20:42 - 2021-10-22 13:03 - 846670662 _____ C:\WINDOWS\MEMORY.DMP
2022-01-12 20:42 - 2021-10-22 13:03 - 000000000 ____D C:\WINDOWS\Minidump

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-01-2022
Ran by Elisk (01-02-2022 12:33:36)
Running from C:\Users\Elisk\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) (2021-02-05 16:12:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-763118441-806889825-3821141486-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-763118441-806889825-3821141486-503 - Limited - Disabled)
Elisk (S-1-5-21-763118441-806889825-3821141486-1001 - Administrator - Enabled) => C:\Users\Elisk
Guest (S-1-5-21-763118441-806889825-3821141486-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-763118441-806889825-3821141486-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\uTorrent) (Version: 3.5.5.46148 - BitTorrent Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.13.27.501 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{40c19864-e557-4855-95ee-075689dfcf8e}) (Version: 2.13.27.501 - Advanced Micro Devices, Inc.) Hidden
Aplikácie Microsoft 365 pre veľké organizácie - sk-sk (HKLM\...\O365ProPlusRetail - sk-sk) (Version: 16.0.14729.20260 - Microsoft Corporation)
Branding64 (HKLM\...\{7659552A-136F-4615-A9FA-3E3EF2CCA77C}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Creaks (HKLM-x32\...\1623513243_is1) (Version: 1.0 - GOG.com)
EzTiltPen (HKLM\...\{359DAC8D-CE33-4729-84E9-22D3367A44A9}_is1) (Version: 1.0.0.25 - ELAN microelectronics Crop.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.99 - Google LLC)
Happy Game (HKLM-x32\...\Happy Game_is1) (Version: - )
HP Audio Switch (HKLM-x32\...\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}) (Version: 1.0.154.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.76 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 97.0.1072.76 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 83.0.4254.27 (HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\Opera 83.0.4254.27) (Version: 83.0.4254.27 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.110.50000 - Electronic Arts, Inc.)
Polda II (HKLM-x32\...\Polda II_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 9.4.14.0 - 2BrightSparks)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.14.5 - TeamViewer)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)

Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-03-04] (Advanced Micro Devices Inc.)
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.15.226.0_x64__v10z8vjag6ke6 [2021-11-08] (HP Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-01-16] (Microsoft Corporation)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2021-02-05] (HP Inc.)
HP Command Center -> C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.10.30.0_x64__v10z8vjag6ke6 [2022-01-14] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.8.0.0_x64__v10z8vjag6ke6 [2021-10-18] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2021-11-08] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_134.1.221.0_x64__v10z8vjag6ke6 [2022-01-27] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.13.85.0_x64__v10z8vjag6ke6 [2022-01-26] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6 [2022-01-23] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-14] (Microsoft Studios) [MS Ad]
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2021-11-08] (Random Salad Games LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-763118441-806889825-3821141486-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Elisk\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21264.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-07-27 14:14 - 2020-07-27 14:14 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-07-06 12:48 - 2020-07-06 12:48 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2022-01-14 15:55 - 2022-01-14 15:55 - 029770240 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.10.30.0_x64__v10z8vjag6ke6\HpSystemManagement.dll
2022-01-05 17:49 - 2022-01-05 17:49 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2022-01-05 17:49 - 2022-01-05 17:49 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2022-01-05 17:49 - 2022-01-05 17:49 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-763118441-806889825-3821141486-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-763118441-806889825-3821141486-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\sharepoint.com -> hxxps://upolomouc-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2021-11-02 18:15 - 000002480 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site

2021-04-29 12:09 - 2021-04-29 12:09 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-763118441-806889825-3821141486-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "EzTiltPenSrvc"
HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E0605002-A4FF-47D5-8F18-6124BB7BC65F}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{9D111252-2FBD-4251-80A9-EE5B20184480}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{CEB78B7E-A0B1-463A-9E72-FC3D06E25132}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4B026E66-F2BF-4969-8A5D-4231BE27BDE8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{286FFC4E-B214-4171-BF0A-C81BDC4EF305}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B4C65368-90FD-4EC5-A98F-56B5ED4AF625}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AC4D8A34-9F81-470F-9D1C-47DE7154B968}] => (Allow) C:\Users\Elisk\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B6B99DA0-3F85-4AA3-88C9-466CD14AF8EA}] => (Allow) C:\Users\Elisk\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{6AF51994-28CC-4CE5-B403-6149173BB687}] => (Allow) C:\Users\Elisk\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A14D1D2A-49DC-4C9B-B5E1-EAD314FD616C}] => (Allow) C:\Eliška\Ostatní\steam\znova!!\Steam.exe => No File
FirewallRules: [{B46C0F77-E6CC-46EE-A6D9-743BE4BD53FE}] => (Allow) C:\Eliška\Ostatní\steam\znova!!\Steam.exe => No File
FirewallRules: [{55169A24-43A0-4BD0-B0D1-0C56F447A6A1}] => (Allow) C:\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F1F9044F-A7E4-4D54-82D6-5AC4550C6E87}] => (Allow) C:\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{76A92F53-22B2-4B90-89F2-6718D72F8C7D}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5F937B88-AC40-4896-B92B-7D4B2BD84E58}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{29F368D2-411A-460A-B028-66CD55C41632}C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D7E2637B-C923-4C32-830B-98AD26F91190}C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A733F354-0708-477D-925A-BCBD3033C51D}C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0B1DD49D-498F-450F-B9BB-FB6BD92AFDD6}C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3944EF4B-92E0-4567-8212-B937EF51FDFB}] => (Allow) C:\Steam\steamapps\common\ObraDinn\ObraDinn.exe () [File not signed]
FirewallRules: [{E292DD04-FCD4-4FB3-8D7A-CEBD43521BA5}] => (Allow) C:\Steam\steamapps\common\ObraDinn\ObraDinn.exe () [File not signed]
FirewallRules: [{D78B2097-1F62-4B42-BF8F-07DDF653E1E6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A1FB31EC-7A7C-4F17-B53D-259F00268EB6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C0479DD8-1436-4196-A782-836928D26C49}] => (Allow) C:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe => No File
FirewallRules: [{F58C83D3-0115-4789-AC3B-606200301CA0}] => (Allow) C:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe => No File
FirewallRules: [{B35E48C0-636A-44A4-9D24-E4ED67209262}] => (Allow) C:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe => No File
FirewallRules: [{381CB7D4-B56F-47A0-8381-8FE2C6621D30}] => (Allow) C:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe => No File
FirewallRules: [{72DEAA74-8E33-49D0-8269-5080D18D6DA3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D5597608-3160-43A8-9ED8-CDBF2F1EAEE7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{15830CE5-5218-4A56-845D-A1C1919256E3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6F6DA089-5FB2-4351-9AED-33A7173213B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D3984893-D5BE-47AC-AAC7-B2CA6577A76A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2ED9D991-AEA1-4DC0-8C85-4C2655CD05B9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{358F9B7C-9BB2-4BBE-9691-AD0F8372BC21}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AC0E8192-75AC-4ACC-88DC-9BBD869C27BB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{9195C0EC-F7A7-4281-9D1D-ECA26513A7B7}] => (Allow) C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{33D0C193-E1BC-4078-9C5D-2A86C5D4C440}] => (Allow) C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{95DC98F6-7153-4F92-8911-82A9424F01CF}] => (Allow) C:\Users\Elisk\AppData\Local\Programs\Opera\83.0.4254.27\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{4003C28A-2311-4463-A57A-90516629C706}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\97.0.1072.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

28-01-2022 13:36:13 zoek.exe restore point
28-01-2022 13:59:08 JRT Pre-Junkware Removal
28-01-2022 14:04:42 AdwCleaner_BeforeCleaning_28/01/2022_14:04:42
31-01-2022 21:01:20 AdwCleaner_BeforeCleaning_31/01/2022_21:01:19

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/31/2022 05:26:20 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/31/2022 05:23:13 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: DESKTOP-C29UHKI)
Description: Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy-2147023878

Error: (01/28/2022 01:59:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: StartMenuExperienceHost.exe, verze: 0.0.0.0, časové razítko: 0x4fe0bcb3
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1466, časové razítko: 0xe01c7650
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000010b362
ID chybujícího procesu: 0x256c
Čas spuštění chybující aplikace: 0x01d81446e06e6520
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 0c2aa1c3-e8c3-4171-9121-17d7e2778f66
Úplný název chybujícího balíčku: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: App

Error: (01/28/2022 01:56:33 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-C29UHKI$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(31ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (01/28/2022 01:56:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/28/2022 01:56:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (01/28/2022 01:56:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/28/2022 01:56:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (01/31/2022 09:01:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft Office Click-to-Run Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (01/31/2022 09:01:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Analytics service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (01/31/2022 09:01:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP System Info HSA Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (01/31/2022 09:01:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Diagnostics HSA Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (01/31/2022 09:01:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Network HSA Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (01/31/2022 09:01:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP App Helper HSA Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (01/31/2022 09:01:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Realtek Audio Universal Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (01/28/2022 08:18:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-C29UHKI)
Description: Server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2022-02-01 12:33:21
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\updates\3.5.5_46148.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.355.2814.0, AS: 1.355.2814.0, NIS: 1.355.2814.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-28 14:11:16
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\updates\3.5.5_46148.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.355.2657.0, AS: 1.355.2657.0, NIS: 1.355.2657.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-28 13:51:38
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\updates\3.5.5_46148.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\AppData\Local\Temp\PEVZ.EXE
Verze bezpečnostních informací: AV: 1.355.2657.0, AS: 1.355.2657.0, NIS: 1.355.2657.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-28 13:51:37
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\AppData\Local\Temp\PEVZ.EXE
Verze bezpečnostních informací: AV: 1.355.2657.0, AS: 1.355.2657.0, NIS: 1.355.2657.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-28 13:50:44
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\AppData\Local\Temp\PEVZ.EXE
Verze bezpečnostních informací: AV: 1.355.2657.0, AS: 1.355.2657.0, NIS: 1.355.2657.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

CodeIntegrity:
===============
Date: 2022-01-28 12:28:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2022-01-28 12:24:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.19 12/26/2019
Motherboard: HP 85DE
Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
Percentage of memory in use: 64%
Total physical RAM: 6018.2 MB
Available physical RAM: 2164.6 MB
Total Virtual: 10882.2 MB
Available Virtual: 5496.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.19 GB) (Free:177.19 GB) (Protected) NTFS

\\?\Volume{f7827af1-f20f-4344-8a8d-87261c2b95d3}\ () (Fixed) (Total:0.48 GB) (Free:0.03 GB) NTFS
\\?\Volume{efb534da-5cb6-41d6-9d28-b0320ed690bb}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Poshukach

Napsal: 01 úno 2022 14:08
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {105D676A-D551-4274-81E7-97AC52E4FD87} - \Microsoft\Windows\Speech\HeadsetButtonPress -> No File <==== ATTENTION
Task: {1949073A-8FDA-4EA4-8E59-407CDB02440F} - \Microsoft\Windows\WindowsUpdate\sihpostreboot -> No File <==== ATTENTION
Task: {3165135B-2B53-43DF-A33A-69837C174697} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-05] (Google LLC -> Google LLC)
Task: {7C118297-A4DB-4B77-9DA7-C976FA15A666} - \StartDVR -> No File <==== ATTENTION
Task: {82072FFC-2DF4-41E5-B537-F13C71506E97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-05] (Google LLC -> Google LLC)
ask: {BB332E74-7A32-4A03-8F4B-E9D095F0DB04} - \StartCN -> No File <==== ATTENTION
Task: {CBFB6BE6-9828-4121-A91C-8ADE8B6B1C36} - \Microsoft\Windows\Management\Provisioning\PostResetBoot -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR HomePage: Default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
CHR StartupUrls: Default -> "hxxps://poshukach.com?fr=ps&gp=496723&altserp=1"
CHR HomePage: Profile 1 -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
CHR StartupUrls: Profile 1 -> "hxxps://poshukach.com?fr=ps&gp=496723&altserp=1"
CHR DefaultSearchURL: Profile 1 -> hxxps://poshukach.com/search?q={searchTerms}&fr=ps&gp=496723&altserp=1
CHR DefaultSearchKeyword: Profile 1 -> Poshukach Engin Search
U3 aspnet_state; no ImagePath
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [{E0605002-A4FF-47D5-8F18-6124BB7BC65F}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{9D111252-2FBD-4251-80A9-EE5B20184480}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{B6B99DA0-3F85-4AA3-88C9-466CD14AF8EA}] => (Allow) C:\Users\Elisk\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{6AF51994-28CC-4CE5-B403-6149173BB687}] => (Allow) C:\Users\Elisk\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A14D1D2A-49DC-4C9B-B5E1-EAD314FD616C}] => (Allow) C:\Eliška\Ostatní\steam\znova!!\Steam.exe => No File
FirewallRules: [{B46C0F77-E6CC-46EE-A6D9-743BE4BD53FE}] => (Allow) C:\Eliška\Ostatní\steam\znova!!\Steam.exe => No File
FirewallRules: [{C0479DD8-1436-4196-A782-836928D26C49}] => (Allow) C:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe => No File
FirewallRules: [{F58C83D3-0115-4789-AC3B-606200301CA0}] => (Allow) C:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe => No File
FirewallRules: [{B35E48C0-636A-44A4-9D24-E4ED67209262}] => (Allow) C:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe => No File
FirewallRules: [{381CB7D4-B56F-47A0-8381-8FE2C6621D30}] => (Allow) C:\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe => No File
FirewallRules: [{9195C0EC-F7A7-4281-9D1D-ECA26513A7B7}] => (Allow) C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{33D0C193-E1BC-4078-9C5D-2A86C5D4C440}] => (Allow) C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe => No File

EmptyTemp:
Hosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Poshukach

Napsal: 02 úno 2022 15:51
od sok1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-01-2022
Ran by Elisk (administrator) on DESKTOP-C29UHKI (HP HP ENVY x360 Convertible 13-ar0xxx) (02-02-2022 15:40:32)
Running from C:\Users\Elisk\Desktop
Loaded Profiles: Elisk
Platform: Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361132.inf_amd64_4863ccf4c1b997c9\B361196\atiesrxx.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_54a828a51f6769c8\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\BridgeCommunication.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.10.30.0_x64__v10z8vjag6ke6\HpSystemManagement.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.10.30.0_x64__v10z8vjag6ke6\Win32Process\HPCC.Bg.BackgroundApp.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ef0d14a478b232f4\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7b66b6662cf6d72b\RtkAudUService64.exe <2>
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7b66b6662cf6d72b\RtkAudUService64.exe [1211696 2021-02-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EzTiltPenSrvc] => C:\Program Files\ELAN\EzTiltPen\EzTiltPenAgent.exe [238280 2019-04-22] (ELAN Microelectronics Corporation -> ELAN) [File not signed]
HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-04-18] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [122427152 2021-07-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2593128 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Elisk\AppData\Local\Microsoft\Teams\Update.exe [2459304 2022-01-14] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-20] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06B4F5C3-3892-4249-8EFD-BEDE0C2A63F1} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {109B5047-B3E3-426E-A9B7-7A9749716854} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {2CED0F94-7C65-4DB7-97AD-995DE4BC66F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36BA328C-AC66-4801-86D0-A29C195D22D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {44FA9334-67A2-4698-82FB-8A74D41825AE} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C24E33B-0831-487F-A883-F20266D755DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2022-01-20] (HP Inc. -> HP Inc.)
Task: {50800969-57D1-463A-AD3E-22E215382294} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {568B7D7D-0A11-4AF7-ADBB-BAE000D5738C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1613720 2022-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {67D2A29E-6C16-46DC-98DC-6CABF4AF13DC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {710FEE0C-1CCA-4935-88A7-8F5D363FEB34} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {754BADA9-DD58-465A-A264-95D275CF1100} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {84E7760F-794D-4EEF-BA50-6AE25B39BAE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90014BBC-F7CF-422F-8CD6-D024286C5A82} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8EDBA35-834E-4D97-A010-964889D9813C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF22DA64-D38E-4E38-84DB-C746133FAA79} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-763118441-806889825-3821141486-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB332E74-7A32-4A03-8F4B-E9D095F0DB04} - \StartCN -> No File <==== ATTENTION
Task: {BF6576D4-97EA-4B86-A74E-9DE550000F5F} - System32\Tasks\Opera scheduled Autoupdate 1643205912 => C:\Users\Elisk\AppData\Local\Programs\Opera\launcher.exe [2333904 2022-01-26] (Opera Software AS -> Opera Software)
Task: {CBFF089A-6A36-4489-8E80-FCE9FEF97EED} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {D79FFA3E-D807-41D3-8460-021F43911D79} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4191328 2021-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {E81BFFBE-F505-4789-89C1-5A47103A93ED} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {EDF37DA1-0AD5-43F8-8573-0BAD76F9EC08} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{4e21c260-7345-468f-9d68-20031fc98be6}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{aba4634f-7fd8-4923-9e41-8889ecfb12dd}: [DhcpNameServer] 172.168.0.7

Edge:
=======
Edge Profile: C:\Users\Elisk\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-28]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default [2022-02-02]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://sizeer.cz; hxxps://www.bezvasport.cz; hxxps://www.facebook.com
CHR Extension: (Slides) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-05]
CHR Extension: (Docs) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-05]
CHR Extension: (Google Drive) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-05]
CHR Extension: (YouTube) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-05]
CHR Extension: (Sheets) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-01-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-02]
CHR Extension: (Gmail) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-05]
CHR Profile: C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-02-02]
CHR DefaultSuggestURL: Profile 1 -> hxxps://suggest.finditnowonline.com/suggestionfeed/suggestion?format=json&gd=496721&q={searchTerms}
CHR Extension: (Prezentace) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-05]
CHR Extension: (Dokumenty) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-05]
CHR Extension: (Disk Google) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-05]
CHR Extension: (YouTube) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-05]
CHR Extension: (Tabulky) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Gmail) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-05]
CHR Extension: (Chrome Media Router) - C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-05]
CHR Profile: C:\Users\Elisk\AppData\Local\Google\Chrome\User Data\System Profile [2022-02-02]

Opera:
=======
OPR Profile: C:\Users\Elisk\AppData\Roaming\Opera Software\Opera Stable [2022-02-02]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Elisk\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-01-28]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Elisk\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-01-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12119432 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncHelper.exe [3354520 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\AppHelperCap.exe [757280 2021-12-02] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\DiagsCap.exe [755184 2021-12-02] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\NetworkCap.exe [752120 2021-12-02] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_6838598e8963231b\x64\SysInfoCap.exe [755192 2021-12-02] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_54a828a51f6769c8\x64\TouchpointAnalyticsClientService.exe [494672 2021-11-21] (HP Inc. -> HP Inc.)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-02-05] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\OneDriveUpdaterService.exe [3812248 2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2562776 2022-01-18] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3481312 2022-01-18] (Electronic Arts, Inc. -> Electronic Arts)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13036464 2022-01-24] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [50616 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 -> HP)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [60448 2021-11-24] (WDKTestCert VssAdministrator,132811656475919983 -> HP)
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys [37112 2021-01-02] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [49152 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-17] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [37280 2021-11-23] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-02 15:32 - 2022-02-02 15:32 - 000011557 _____ C:\Users\Elisk\Desktop\Fixlog.txt
2022-02-01 12:35 - 2022-02-01 12:35 - 000000000 ____D C:\Users\Elisk\AppData\Local\cache
2022-01-28 17:34 - 2022-01-28 17:34 - 000401127 _____ C:\Users\Elisk\Downloads\UPRV_sdělení dg.pptx
2022-01-28 16:40 - 2022-01-28 16:40 - 000010129 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (11).pdf
2022-01-28 14:32 - 2022-01-28 14:32 - 000009886 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (10).pdf
2022-01-28 14:26 - 2022-01-28 14:26 - 000008547 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (9).pdf
2022-01-28 14:24 - 2022-01-28 14:24 - 000000000 ____D C:\Users\Elisk\AppData\Local\VirtualStore
2022-01-28 14:11 - 2022-02-01 12:34 - 000042658 _____ C:\Users\Elisk\Desktop\Addition.txt
2022-01-28 14:09 - 2022-02-02 15:41 - 000021612 _____ C:\Users\Elisk\Desktop\FRST.txt
2022-01-28 14:09 - 2022-02-02 15:40 - 000000000 ____D C:\FRST
2022-01-28 14:05 - 2022-01-28 14:05 - 000002275 _____ C:\Users\Elisk\Desktop\AdwCleaner[C05].txt
2022-01-28 14:03 - 2022-02-01 12:31 - 002311680 _____ (Farbar) C:\Users\Elisk\Desktop\FRST64.exe
2022-01-28 14:00 - 2022-01-28 14:00 - 000000871 _____ C:\Users\Elisk\Desktop\JRT.txt
2022-01-28 13:59 - 2022-01-28 13:59 - 000000000 ____D C:\Users\Elisk\AppData\Local\CrashDumps
2022-01-28 13:58 - 2022-01-28 13:58 - 000150737 _____ C:\Users\Elisk\Desktop\zoek-results.txt
2022-01-28 13:55 - 2022-01-28 13:35 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2022-01-28 13:38 - 2022-01-28 13:38 - 001790024 _____ (Malwarebytes) C:\Users\Elisk\Desktop\JRT.exe
2022-01-28 13:35 - 2022-01-28 13:48 - 000000000 ____D C:\zoek_backup
2022-01-28 13:35 - 2015-09-23 17:00 - 001308672 _____ C:\Users\Elisk\Desktop\zoek.exe
2022-01-28 13:29 - 2022-01-28 13:29 - 008540344 _____ (Malwarebytes) C:\Users\Elisk\Desktop\AdwCleaner.exe
2022-01-28 13:15 - 2022-01-28 13:16 - 000000000 ____D C:\AdwCleaner
2022-01-28 13:15 - 2022-01-28 13:15 - 008540344 _____ (Malwarebytes) C:\Users\Elisk\Downloads\adwcleaner_8.3.1.exe
2022-01-28 13:03 - 2022-01-28 13:03 - 000000000 ____D C:\Users\Elisk\AppData\LocalLow\uTorrent
2022-01-28 12:15 - 2022-01-28 12:15 - 000008444 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (8).pdf
2022-01-28 12:11 - 2022-01-28 12:11 - 000009885 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (7).pdf
2022-01-27 12:16 - 2022-01-27 12:16 - 000008419 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (6).pdf
2022-01-27 12:11 - 2022-01-27 12:11 - 000015171 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (5).pdf
2022-01-27 12:07 - 2022-01-27 12:08 - 000015168 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (4).pdf
2022-01-27 12:07 - 2022-01-27 12:07 - 000015165 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (3).pdf
2022-01-27 11:43 - 2022-01-27 11:43 - 000009888 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (2).pdf
2022-01-27 11:42 - 2022-01-27 11:42 - 000009884 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp (1).pdf
2022-01-27 11:38 - 2022-01-27 11:38 - 000008444 _____ C:\Users\Elisk\Downloads\temata_vskp_-_podklady_pro_zadani_vskp.pdf
2022-01-26 16:18 - 2022-01-26 16:18 - 000054587 _____ C:\Users\Elisk\Downloads\zákon 108 o sociálních službách (1).pptx
2022-01-26 15:07 - 2022-01-26 15:07 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2022-01-26 15:05 - 2022-01-28 13:19 - 000000000 ____D C:\ProgramData\Avast Software
2022-01-26 15:05 - 2022-01-28 12:59 - 000000000 ____D C:\Users\Elisk\AppData\Local\Lavasoft
2022-01-26 15:05 - 2022-01-26 15:05 - 000004210 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1643205912
2022-01-26 15:05 - 2022-01-26 15:05 - 000001416 _____ C:\Users\Elisk\Desktop\Prohlížeč Opera.lnk
2022-01-26 15:05 - 2022-01-26 15:05 - 000001406 _____ C:\Users\Elisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2022-01-26 15:05 - 2022-01-26 15:05 - 000000000 ____D C:\Users\Elisk\AppData\Local\Opera Software
2022-01-26 15:04 - 2022-01-28 13:03 - 000000000 ____D C:\Users\Elisk\AppData\Local\BitTorrentHelper
2022-01-26 15:04 - 2022-01-26 15:04 - 000367096 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2022-01-26 15:03 - 2022-01-26 15:03 - 000000903 _____ C:\Users\Elisk\Desktop\µTorrent.lnk
2022-01-26 15:03 - 2022-01-26 15:03 - 000000883 _____ C:\Users\Elisk\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2022-01-26 15:03 - 2022-01-26 15:03 - 000000000 ____D C:\Users\Elisk\AppData\Roaming\Opera Software
2022-01-26 15:03 - 2022-01-26 15:03 - 000000000 ____D C:\Users\Elisk\AppData\Local\UT008
2022-01-26 15:02 - 2022-01-26 15:03 - 005353128 _____ (BitTorrent Inc.) C:\Users\Elisk\Downloads\uTorrent.exe
2022-01-25 21:57 - 2022-01-25 21:57 - 000051019 _____ C:\Users\Elisk\Downloads\faktura_202200105.pdf
2022-01-24 22:04 - 2022-01-24 22:04 - 020952536 _____ C:\Users\Elisk\Downloads\Photos (1).zip
2022-01-24 22:03 - 2022-01-24 22:03 - 020952536 _____ C:\Users\Elisk\Downloads\Photos.zip
2022-01-21 12:11 - 2022-01-21 12:11 - 000054587 _____ C:\Users\Elisk\Downloads\zákon 108 o sociálních službách.pptx
2022-01-21 12:08 - 2022-01-21 12:08 - 001960060 _____ C:\Users\Elisk\Downloads\komunikační partneři poradenského pracovníka.pptx
2022-01-21 11:56 - 2022-01-21 11:56 - 000063522 _____ C:\Users\Elisk\Downloads\osobnost poradce.pptx
2022-01-21 11:47 - 2022-01-21 11:47 - 000606780 _____ C:\Users\Elisk\Downloads\Podpůrná opatření.pdf
2022-01-21 11:21 - 2022-01-21 11:21 - 000186124 _____ C:\Users\Elisk\Downloads\PO 1 stupeň.pptx
2022-01-20 22:23 - 2022-01-20 22:23 - 000088882 _____ C:\Users\Elisk\Desktop\slevomat-cz-voucher-4-pobyt-v-praze-jidlo-i-relax-ve-wellness-6182440040U-263.pdf
2022-01-20 22:21 - 2022-01-20 22:22 - 000088882 _____ C:\Users\Elisk\Downloads\slevomat-cz-voucher-4-pobyt-v-praze-jidlo-i-relax-ve-wellness-6182440040U-263.pdf
2022-01-19 15:32 - 2022-01-19 15:32 - 000046874 _____ C:\Users\Elisk\Downloads\fáze poradenského procesu.pptx
2022-01-19 15:25 - 2022-01-19 15:25 - 000412302 _____ C:\Users\Elisk\Downloads\SP_charakteristika postižení a dopady do vzdělávání.pdf
2022-01-17 18:02 - 2022-01-17 18:02 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-17 18:02 - 2022-01-17 18:02 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-17 18:02 - 2022-01-17 18:02 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-17 17:55 - 2022-01-17 17:55 - 000000000 ___HD C:\$WinREAgent
2022-01-17 15:57 - 2022-01-17 15:57 - 000038400 _____ C:\Users\Elisk\Downloads\faktura VZOR.xls
2022-01-16 17:54 - 2022-01-16 17:54 - 000053878 _____ C:\Users\Elisk\Downloads\faktura_202200104.pdf
2022-01-16 17:42 - 2022-01-16 17:42 - 000053836 _____ C:\Users\Elisk\Downloads\faktura_4 (4).pdf
2022-01-16 17:41 - 2022-01-16 17:41 - 000053199 _____ C:\Users\Elisk\Downloads\faktura_4 (3).pdf
2022-01-16 17:40 - 2022-01-16 17:40 - 000053257 _____ C:\Users\Elisk\Downloads\faktura_4 (2).pdf
2022-01-16 17:40 - 2022-01-16 17:40 - 000053257 _____ C:\Users\Elisk\Downloads\faktura_4 (1).pdf
2022-01-16 16:53 - 2022-01-16 16:53 - 000053154 _____ C:\Users\Elisk\Downloads\faktura_4.pdf
2022-01-13 15:03 - 2022-01-13 15:03 - 015708567 _____ C:\Users\Elisk\Downloads\10-31 (1).pdf
2022-01-12 20:42 - 2022-01-12 20:42 - 001898412 _____ C:\WINDOWS\Minidump\011222-28750-01.dmp
2022-01-11 17:33 - 2022-01-11 17:33 - 002471628 _____ C:\WINDOWS\Minidump\011122-10843-01.dmp
2022-01-05 20:37 - 2022-01-24 22:47 - 000000000 ____D C:\Users\Elisk\Desktop\dřevo s láskou
2022-01-05 17:53 - 2022-01-05 18:08 - 000000000 ____D C:\Users\Elisk\AppData\Local\UnravelTwo
2022-01-05 17:51 - 2022-01-05 17:52 - 000000000 ____D C:\ProgramData\Electronic Arts
2022-01-05 17:49 - 2022-01-22 17:08 - 000000000 ____D C:\Program Files (x86)\Origin
2022-01-05 17:49 - 2022-01-05 17:49 - 000001069 _____ C:\Users\Public\Desktop\Origin.lnk
2022-01-05 17:49 - 2022-01-05 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2022-01-05 17:46 - 2022-01-26 14:58 - 000000000 ____D C:\Users\Elisk\AppData\Roaming\Origin
2022-01-05 17:46 - 2022-01-26 14:58 - 000000000 ____D C:\ProgramData\Origin
2022-01-05 17:46 - 2022-01-26 14:31 - 000000000 ____D C:\Users\Elisk\AppData\Local\Origin
2022-01-05 17:46 - 2022-01-05 17:46 - 000000000 ____D C:\Users\Elisk\.QtWebEngineProcess
2022-01-05 17:46 - 2022-01-05 17:46 - 000000000 ____D C:\Users\Elisk\.Origin
2022-01-05 16:40 - 2022-01-05 16:40 - 000000012 _____ C:\Users\Elisk\Desktop\STEAM.txt
2022-01-05 14:31 - 2022-01-25 21:58 - 000000000 ____D C:\Users\Elisk\Desktop\Faktury

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-02 15:42 - 2021-02-05 17:03 - 000000512 _____ C:\Users\Public\amdsfhdcd.bin
2022-02-02 15:39 - 2021-02-05 17:44 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-02 15:39 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-02 15:37 - 2021-02-19 18:43 - 000003126 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2022-02-02 15:37 - 2021-02-05 18:07 - 000003110 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2022-02-02 15:37 - 2021-02-05 17:54 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-02-02 15:37 - 2021-02-05 17:02 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-02 15:37 - 2021-02-05 17:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-02 15:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-02-02 15:37 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-02-02 15:32 - 2021-02-17 18:50 - 000000000 ____D C:\Users\Elisk\AppData\LocalLow\Temp
2022-02-02 15:17 - 2021-02-05 17:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-02 13:15 - 2021-02-05 17:38 - 000000000 ____D C:\Users\Elisk\AppData\Local\D3DSCache
2022-02-02 13:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-02 12:54 - 2021-07-11 12:30 - 000004208 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{535E2AA2-D2C5-49F0-A079-DA6631CF4B82}
2022-02-01 12:31 - 2020-01-04 20:40 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-01-31 21:02 - 2021-02-05 17:03 - 000000000 ____D C:\ProgramData\HP
2022-01-28 17:44 - 2021-02-08 21:44 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-28 17:44 - 2021-02-08 21:44 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-01-28 17:44 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-28 17:32 - 2021-02-05 17:41 - 000000000 ____D C:\Users\Elisk\AppData\Local\PlaceholderTileLogoFolder
2022-01-28 14:46 - 2021-10-22 07:30 - 000001332 _____ C:\Users\Elisk\Desktop\MGR. Speciální pedagogika - poradenství.lnk
2022-01-28 14:03 - 2021-02-05 17:15 - 001605802 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-28 14:03 - 2019-12-07 15:41 - 000683426 _____ C:\WINDOWS\system32\perfh005.dat
2022-01-28 14:03 - 2019-12-07 15:41 - 000137206 _____ C:\WINDOWS\system32\perfc005.dat
2022-01-28 14:03 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-28 13:33 - 2021-02-05 17:02 - 000542584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-28 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-28 13:27 - 2021-02-05 17:57 - 000000000 ____D C:\Users\Elisk\AppData\Roaming\Hewlett-Packard
2022-01-28 13:27 - 2019-05-14 03:38 - 000000000 ____D C:\Program Files (x86)\HP
2022-01-28 13:27 - 2019-04-26 21:22 - 000000000 ___HD C:\hp
2022-01-28 13:01 - 2021-02-05 17:35 - 000000000 ____D C:\Users\Elisk\AppData\Local\Packages
2022-01-28 12:45 - 2021-02-05 17:54 - 000000000 ____D C:\Users\Elisk\AppData\Local\TeamViewer
2022-01-28 12:23 - 2021-10-18 17:27 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-01-28 12:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-28 12:10 - 2021-02-19 17:23 - 000000000 ____D C:\Steam
2022-01-28 07:41 - 2021-12-13 09:37 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-763118441-806889825-3821141486-1001
2022-01-28 07:41 - 2021-10-09 20:00 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-01-28 07:41 - 2021-10-09 20:00 - 000002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-28 07:38 - 2021-02-08 21:43 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-28 07:38 - 2021-02-08 21:43 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-26 16:00 - 2019-04-15 16:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-01-26 15:07 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-01-20 22:01 - 2021-02-05 17:46 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-20 22:01 - 2021-02-05 17:46 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-19 10:47 - 2021-02-19 18:32 - 000000000 ____D C:\Users\Elisk\AppData\Local\AMD_Common
2022-01-17 20:33 - 2021-02-05 17:35 - 000000000 ____D C:\Users\Elisk
2022-01-17 18:05 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-17 17:55 - 2021-02-05 22:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-17 17:53 - 2021-02-05 22:34 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-14 17:06 - 2019-05-14 03:41 - 000000000 ____D C:\Program Files\Microsoft Office
2022-01-14 11:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2022-01-14 10:06 - 2021-02-05 18:20 - 000002371 _____ C:\Users\Elisk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-01-12 20:42 - 2021-10-22 13:03 - 846670662 _____ C:\WINDOWS\MEMORY.DMP
2022-01-12 20:42 - 2021-10-22 13:03 - 000000000 ____D C:\WINDOWS\Minidump

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-01-2022
Ran by Elisk (02-02-2022 15:42:11)
Running from C:\Users\Elisk\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) (2021-02-05 16:12:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-763118441-806889825-3821141486-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-763118441-806889825-3821141486-503 - Limited - Disabled)
Elisk (S-1-5-21-763118441-806889825-3821141486-1001 - Administrator - Enabled) => C:\Users\Elisk
Guest (S-1-5-21-763118441-806889825-3821141486-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-763118441-806889825-3821141486-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\uTorrent) (Version: 3.5.5.46148 - BitTorrent Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.13.27.501 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.2 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{40c19864-e557-4855-95ee-075689dfcf8e}) (Version: 2.13.27.501 - Advanced Micro Devices, Inc.) Hidden
Aplikácie Microsoft 365 pre veľké organizácie - sk-sk (HKLM\...\O365ProPlusRetail - sk-sk) (Version: 16.0.14729.20260 - Microsoft Corporation)
Branding64 (HKLM\...\{7659552A-136F-4615-A9FA-3E3EF2CCA77C}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Creaks (HKLM-x32\...\1623513243_is1) (Version: 1.0 - GOG.com)
EzTiltPen (HKLM\...\{359DAC8D-CE33-4729-84E9-22D3367A44A9}_is1) (Version: 1.0.0.25 - ELAN microelectronics Crop.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.99 - Google LLC)
Happy Game (HKLM-x32\...\Happy Game_is1) (Version: - )
HP Audio Switch (HKLM-x32\...\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}) (Version: 1.0.154.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.76 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 97.0.1072.76 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Opera Stable 83.0.4254.27 (HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\Opera 83.0.4254.27) (Version: 83.0.4254.27 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.110.50000 - Electronic Arts, Inc.)
Polda II (HKLM-x32\...\Polda II_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 9.4.14.0 - 2BrightSparks)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.26.4 - TeamViewer)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\ZoomUMX) (Version: 5.5.2 (12494.0204) - Zoom Video Communications, Inc.)

Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2021-03-04] (Advanced Micro Devices Inc.)
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.15.226.0_x64__v10z8vjag6ke6 [2021-11-08] (HP Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-01-16] (Microsoft Corporation)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2021-02-05] (HP Inc.)
HP Command Center -> C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.10.30.0_x64__v10z8vjag6ke6 [2022-01-14] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.8.0.0_x64__v10z8vjag6ke6 [2021-10-18] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.42.0_x64__v10z8vjag6ke6 [2021-11-08] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_134.1.221.0_x64__v10z8vjag6ke6 [2022-01-27] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.13.85.0_x64__v10z8vjag6ke6 [2022-01-26] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6 [2022-01-23] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-14] (Microsoft Studios) [MS Ad]
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.4.0_x64__kx24dqmazqk8j [2021-11-08] (Random Salad Games LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-763118441-806889825-3821141486-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Elisk\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21264.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-07-27 14:14 - 2020-07-27 14:14 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-07-06 12:48 - 2020-07-06 12:48 - 000014336 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.2.15.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2022-01-14 15:55 - 2022-01-14 15:55 - 029770240 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPThermalControl_1.10.30.0_x64__v10z8vjag6ke6\HpSystemManagement.dll
2022-01-05 17:49 - 2022-01-05 17:49 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2022-01-05 17:49 - 2022-01-05 17:49 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2022-01-05 17:49 - 2022-01-05 17:49 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2022-01-22 17:08 - 2022-01-05 17:49 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2020-07-27 14:15 - 2020-07-27 14:15 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 14:14 - 2020-07-27 14:14 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-763118441-806889825-3821141486-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-763118441-806889825-3821141486-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\sharepoint.com -> hxxps://upolomouc-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2022-02-02 15:32 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2021-04-29 12:09 - 2021-04-29 12:09 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-763118441-806889825-3821141486-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "EzTiltPenSrvc"
HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-763118441-806889825-3821141486-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CEB78B7E-A0B1-463A-9E72-FC3D06E25132}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4B026E66-F2BF-4969-8A5D-4231BE27BDE8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{286FFC4E-B214-4171-BF0A-C81BDC4EF305}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B4C65368-90FD-4EC5-A98F-56B5ED4AF625}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AC4D8A34-9F81-470F-9D1C-47DE7154B968}] => (Allow) C:\Users\Elisk\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{55169A24-43A0-4BD0-B0D1-0C56F447A6A1}] => (Allow) C:\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F1F9044F-A7E4-4D54-82D6-5AC4550C6E87}] => (Allow) C:\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{76A92F53-22B2-4B90-89F2-6718D72F8C7D}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5F937B88-AC40-4896-B92B-7D4B2BD84E58}] => (Allow) C:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{29F368D2-411A-460A-B028-66CD55C41632}C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D7E2637B-C923-4C32-830B-98AD26F91190}C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A733F354-0708-477D-925A-BCBD3033C51D}C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0B1DD49D-498F-450F-B9BB-FB6BD92AFDD6}C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\elisk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3944EF4B-92E0-4567-8212-B937EF51FDFB}] => (Allow) C:\Steam\steamapps\common\ObraDinn\ObraDinn.exe () [File not signed]
FirewallRules: [{E292DD04-FCD4-4FB3-8D7A-CEBD43521BA5}] => (Allow) C:\Steam\steamapps\common\ObraDinn\ObraDinn.exe () [File not signed]
FirewallRules: [{D78B2097-1F62-4B42-BF8F-07DDF653E1E6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A1FB31EC-7A7C-4F17-B53D-259F00268EB6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{72DEAA74-8E33-49D0-8269-5080D18D6DA3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D5597608-3160-43A8-9ED8-CDBF2F1EAEE7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{15830CE5-5218-4A56-845D-A1C1919256E3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6F6DA089-5FB2-4351-9AED-33A7173213B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D3984893-D5BE-47AC-AAC7-B2CA6577A76A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2ED9D991-AEA1-4DC0-8C85-4C2655CD05B9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{358F9B7C-9BB2-4BBE-9691-AD0F8372BC21}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AC0E8192-75AC-4ACC-88DC-9BBD869C27BB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{95DC98F6-7153-4F92-8911-82A9424F01CF}] => (Allow) C:\Users\Elisk\AppData\Local\Programs\Opera\83.0.4254.27\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{4003C28A-2311-4463-A57A-90516629C706}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\97.0.1072.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F01E25DE-2CCA-4645-8AF3-3AD3A91EFB21}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{49888707-B58D-4965-80C0-839FE8FA3BC9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C7E63522-BC86-4B92-8437-D09CF485F700}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{22377DEE-398F-49F7-9E27-921DAE82F761}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

28-01-2022 13:36:13 zoek.exe restore point
28-01-2022 13:59:08 JRT Pre-Junkware Removal
28-01-2022 14:04:42 AdwCleaner_BeforeCleaning_28/01/2022_14:04:42
31-01-2022 21:01:20 AdwCleaner_BeforeCleaning_31/01/2022_21:01:19

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/02/2022 03:37:32 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-C29UHKI$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(0ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/02/2022 12:57:15 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/31/2022 05:26:20 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/31/2022 05:23:13 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: DESKTOP-C29UHKI)
Description: Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy-2147023878

Error: (01/28/2022 01:59:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: StartMenuExperienceHost.exe, verze: 0.0.0.0, časové razítko: 0x4fe0bcb3
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1466, časové razítko: 0xe01c7650
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000010b362
ID chybujícího procesu: 0x256c
Čas spuštění chybující aplikace: 0x01d81446e06e6520
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 0c2aa1c3-e8c3-4171-9121-17d7e2778f66
Úplný název chybujícího balíčku: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: App

Error: (01/28/2022 01:56:33 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-C29UHKI$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(31ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (01/28/2022 01:56:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/28/2022 01:56:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (02/02/2022 03:39:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HP Comm Recovery neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (02/02/2022 03:37:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll

Error: (02/02/2022 03:37:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll

Error: (02/02/2022 03:37:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll

Error: (02/02/2022 03:32:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba TeamViewer byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 2000 milisekund: Restartovat službu.

Error: (02/02/2022 03:32:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Diagnostics HSA Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (02/02/2022 03:32:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Analytics service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/02/2022 03:32:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Network HSA Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.


Windows Defender:
================
Date: 2022-02-02 15:41:59
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\updates\3.5.5_46148.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.355.2927.0, AS: 1.355.2927.0, NIS: 1.355.2927.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-02-02 13:15:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {80DA986B-4A9F-46C7-ACF9-994B565C794D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-02-02 13:10:44
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {7195B7FE-F146-4FFA-901E-93CCFC2E2C18}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-02-01 12:33:21
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\updates\3.5.5_46148.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.355.2814.0, AS: 1.355.2814.0, NIS: 1.355.2814.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

Date: 2022-01-28 14:11:16
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Misleading:Win32/Lodi
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Elisk\AppData\Roaming\uTorrent\uTorrent.exe; file:_C:\Users\Elisk\Downloads\uTorrent.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\updates\3.5.5_46148.exe; file:_C:\zoek_backup\C_Users_Elisk_AppData_Roaming_uTorrent\uTorrent.exe; process:_pid:1968,ProcessStart:132878449981029771
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel:
Název procesu: C:\Users\Elisk\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.355.2657.0, AS: 1.355.2657.0, NIS: 1.355.2657.0
Verze modulu: AM: 1.1.18800.4, NIS: 1.1.18800.4

CodeIntegrity:
===============
Date: 2022-01-28 12:28:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2022-01-28 12:24:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.19 12/26/2019
Motherboard: HP 85DE
Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
Percentage of memory in use: 61%
Total physical RAM: 6018.2 MB
Available physical RAM: 2340.03 MB
Total Virtual: 9986.2 MB
Available Virtual: 4733.55 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.19 GB) (Free:177.56 GB) (Protected) NTFS

\\?\Volume{f7827af1-f20f-4344-8a8d-87261c2b95d3}\ () (Fixed) (Total:0.48 GB) (Free:0.03 GB) NTFS
\\?\Volume{efb534da-5cb6-41d6-9d28-b0320ed690bb}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt =======================


Tam ten log po fixu jsem nestihl PC se restartovalo a už tam pak nebyl, ale je to asi úspěšně pryč. Už je ve vyhledavači zase google. Moc děkujeme posíláme maly donate.

Re: Poshukach

Napsal: 02 úno 2022 15:53
od Rudy
To jsem rád, logy jsou OK. Za příspěvek děkujeme! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz