VIRY.CZ

Dobrý den,

kamarád se na mě obrátil ohledně výpadků internetu, s ISP to řešil a u něj je všechno v pořádku.

Díky moc za rady.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by Slávek (26-07-2022 18:04:50)
Running from C:\Users\Slávek\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) (2021-01-06 19:25:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-135731915-3674959227-2928559306-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-135731915-3674959227-2928559306-503 - Limited - Disabled)
Guest (S-1-5-21-135731915-3674959227-2928559306-501 - Limited - Disabled)
Slávek (S-1-5-21-135731915-3674959227-2928559306-1001 - Administrator - Enabled) => C:\Users\Slávek
WDAGUtilityAccount (S-1-5-21-135731915-3674959227-2928559306-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.6.6022 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 6.02 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 103.0.17593.116 - Autoři prohlížeče CCleaner Browser)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1208.2 - Piriform Software) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.27.55 - Conexant)
Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.259.0 - Conexant Systems)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.77.5342 - GOM & Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001010-0210-1029-84C8-B8D95FA3C8C3}) (Version: 21.10.1.1 - Intel Corporation)
Java 8 Update 333 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180333F0}) (Version: 8.0.3330.2 - Oracle Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.71 - Microsoft Corporation)
Microsoft Office Access MUI (Czech) 2007 (HKLM-x32\...\{90120000-0015-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel MUI (Czech) 2007 (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Czech) 2007 (HKLM-x32\...\{90120000-00BA-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2007 (HKLM-x32\...\{90120000-0044-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Czech) 2007 (HKLM-x32\...\{90120000-00A1-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (HKLM-x32\...\{90120000-002C-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (HKLM-x32\...\{90120000-0019-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2007 (HKLM\...\{90120000-002A-0405-1000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\OneDriveSetup.exe) (Version: 22.141.0703.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Outlook (HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.31.5 - TeamViewer)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.00 - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Web Companion (HKLM-x32\...\{f11aa0f2-815b-4aa8-9f6e-ca75d28e0428}) (Version: 7.0.2417.4248 - Lavasoft)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )

Packages:
=========
Adobe Photoshop Express: Editor obrazů, úpravy, filtry, efekty, okraje -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.6.385.0_x64__ynb6jyjzte8ga [2022-03-17] (Adobe Inc.)
Cradle of Empires -> C:\Program Files\WindowsApps\AWEMGAMESLTD.CradleofEmpires_7.50.670.0_x86__bk6jmky90x9y4 [2022-07-02] (AWEM GAMES LTD)
Crime Mysteries™: Find hidden objects & match 3 puzzle -> C:\Program Files\WindowsApps\828B5831.CrimeMysteriesMatch-3Cases_1.24.2600.0_x86__ytsefhwckbdv6 [2022-07-14] (G5 Entertainment AB)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220 [2022-07-12] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-28] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-15] (Microsoft Corporation)
Emperor of Mahjong: Match tiles & restore a city -> C:\Program Files\WindowsApps\828B5831.JewelsofMahjongMatchtilesrestorethecity_1.27.2700.0_x64__ytsefhwckbdv6 [2022-07-02] (G5 Entertainment AB)
Excel -> C:\Program Files\WindowsApps\excel.office.com-4362FB92_1.0.0.1_neutral__2vp2pd36ganw2 [2022-05-28] (excel.office.com)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.49.4900.0_x86__ytsefhwckbdv6 [2022-07-23] (G5 Entertainment AB)
Jewels of Rome: Match gems to restore the city -> C:\Program Files\WindowsApps\828B5831.JewelsofRomeMatchgemstorestorethecity_1.37.3700.0_x64__ytsefhwckbdv6 [2022-07-02] (G5 Entertainment AB)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.2.6090.0_x64__8wekyb3d8bbwe [2022-06-24] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-10] (Microsoft Studios) [MS Ad]
Pinterest -> C:\Program Files\WindowsApps\1424566A.147190DF3DE79_1.0.20.0_neutral__5byw4zywtsh80 [2021-05-02] (Pinterest Inc.)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.103.0_x64__pwbj9vvecjh7j [2022-07-20] (Amazon Development Centre (London) Ltd)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.536.453.0_x86__55nm5eh3cm0pr [2022-07-24] (ROBLOX Corporation)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-03] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0 [2022-07-22] (Spotify AB) [Startup Task]
Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.5_neutral__jc2kecmnkxwqc [2022-05-28] (word.office.com)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-07-12] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-07-12] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-07-12] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-12-12] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-12-12] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-07-12] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-12-12] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-12-12] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-07-12] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-12-12] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-12-12] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\SysWOW64\msaud32_divx.acm [186368 2003-02-03] (Microsoft Corporation) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Slávek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Slávek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf

==================== Loaded Modules (Whitelisted) =============

2021-01-06 23:08 - 2009-12-12 16:12 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-135731915-3674959227-2928559306-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=GR160102&iDate=2021-08-02 07:42:17&iid=085e8f3e-9df1-4ed5-a199-071c0c49f451&bName=
SearchScopes: HKU\S-1-5-21-135731915-3674959227-2928559306-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\ssv.dll [2022-05-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\jp2ssv.dll [2022-05-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 81.25.28.250 - 81.25.16.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "RtsFT"
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_EB48762BEBE5EC73BAF6051F4BC9B411"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{B4B351BC-49AB-49DC-B556-742B954B855F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{72B70D9F-3542-4BF5-B4D4-C414F0B6236C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{6729B41D-9403-4538-B1DC-C92897A3D606}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{CD1043AA-7AD7-4DE6-85BC-4DCC8C66409F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{25CA59C9-D0E7-4356-85C6-EEC5D052BDC8}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{1DC6080A-F487-4F1A-AA73-E7D36005DCA0}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{BBCA9EB6-D8A9-4515-8534-27E5E09EE9E4}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{81091E96-C64C-4FFC-BE34-969D82FF43C9}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{293B5A51-1A94-40E0-B858-85CD15B2B237}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{EA912668-5969-4A61-8445-1002C21E43CC}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{FD1D709B-5E92-4EEC-8DE3-0ECB642195EF}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{87212063-16F4-4C9A-A00F-17FAD1132603}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{14F41831-6758-4444-BC7C-2473EE75333E}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{5759E490-0BF3-4B36-A92D-866639B907CD}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{3F58B1BC-B6EC-4B8D-A32C-5D4DD7D42572}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{751728B6-00A7-448B-B86A-890A4467829F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{14CCF434-8B9E-4999-85D7-B0024EC9FE1A}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{85B5C02E-B846-49A7-B59D-482A8BF809FD}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{FC3BB0AB-EF69-4255-9F05-1995063ACCE8}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{7227B828-A72D-4CBB-BD8F-E2FB1ECDC2A9}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F9476F48-D57C-4744-912D-F93B5CF6195D}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2F61CEF2-B9E9-42D8-89A0-C74BCCB50495}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{DFD31397-1E0D-46BC-9FEC-B78681425E44}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{38509A54-407D-436D-823B-39DEDFA3DE9A}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{A640188E-EFF8-4937-AA02-608D950861FE}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{366E313D-EACE-4F65-B9E1-A89715DAF1C5}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{BBF8C7B8-065A-4401-ACCA-828FE340163B}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [{4F288520-1BF1-4485-81D4-E366800488DE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3329763D-CFAC-4275-B3A6-A93986A00BE9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{639BA18B-4458-4B3B-A39A-3AA1AEFD69C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{95BBAB29-0F25-4460-B2A2-86A30186E4F8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5B8F6AED-23C0-4912-B090-E5B4BA9461C4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{125FE7C9-598E-4C6D-881F-64DAA7893888}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE74597D-4C27-4D5A-8EA8-CD7754A8B246}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{71C6435F-7B2A-46A5-B348-A41153045555}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A853513B-7DE7-4AAA-B691-27FF310B6610}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BC6B059E-7AE2-4B23-9EF9-66FC641C4FFC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9A3E44A3-A5AA-4C37-8BE1-6471E550AE63}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8C2FEF9B-CB73-4733-B590-E13B7A609C8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C84B8D8E-5C48-4F59-91DC-138B4141F94A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{185B1408-9A6B-4AC5-B5F8-A5A3CCE2FC42}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0B35BDCB-1F96-4D6E-9FCE-DF2D309DE198}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4110ABA3-7A4D-490D-9AB3-8E122FC5922C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{464A8D48-3C62-43B4-8A01-2933E52D3059}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

15-07-2022 21:49:03 Naplánovaný kontrolní bod
25-07-2022 09:26:26 Naplánovaný kontrolní bod
25-07-2022 17:29:41 Installed Intel(R) Wireless Bluetooth(R)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/26/2022 05:39:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.1806 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2790

Čas spuštění: 01d8a047e6d73eff

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

ID hlášení: 93e0a984-faee-4c0c-b668-7aaf1ee036d8

Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.6.19041_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: ShellFeedsUI

Typ zablokování: Quiesce

Error: (07/26/2022 02:21:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program HiddenCityUWP.exe verze 0.0.0.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: ef8

Čas spuštění: 01d8a0ea006d866f

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.49.4900.0_x86__ytsefhwckbdv6\HiddenCityUWP.exe

ID hlášení: a2e11568-ac58-4f28-95c8-91179bb979da

Úplný název balíčku s chybou: 828B5831.HiddenCityMysteryofShadows_1.49.4900.0_x86__ytsefhwckbdv6

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Cross-thread

Error: (07/26/2022 02:18:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GameBar.exe, verze: 5.822.6271.0, časové razítko: 0x62b9e0ef
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1826, časové razítko: 0x299341e8
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000010fb62
ID chybujícího procesu: 0x1664
Čas spuštění chybující aplikace: 0x01d8a0e9b7b7176b
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBar.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: 5da822e7-d4ba-409b-9b52-34123f375f42
Úplný název chybujícího balíčku: Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: App

Error: (07/25/2022 06:04:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program WWAHost.exe verze 10.0.19041.789 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2030

Čas spuštění: 01d8a03fc605055f

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\System32\WWAHost.exe

ID hlášení: 90fbf380-bec0-4ce7-bf70-28a45ec0daee

Úplný název balíčku s chybou: Microsoft.Windows.CloudExperienceHost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (07/24/2022 09:17:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.1806 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 334c

Čas spuštění: 01d89dcd861adcef

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

ID hlášení: 39d1052e-0fd8-4017-9479-8eddd9bd2a21

Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.6.19041_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: ShellFeedsUI

Typ zablokování: Quiesce

Error: (07/23/2022 01:09:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GameBar.exe, verze: 5.822.6271.0, časové razítko: 0x62b9e0ef
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1826, časové razítko: 0x299341e8
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000010fb62
ID chybujícího procesu: 0x1a68
Čas spuštění chybující aplikace: 0x01d89e84a365661b
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBar.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: bb122b6b-f5a1-44a6-93d6-5ebb23c4cc51
Úplný název chybujícího balíčku: Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: App

Error: (07/23/2022 01:08:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Solitaire.exe verze 0.0.0.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3214

Čas spuštění: 01d89da36e46314a

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe\Solitaire.exe

ID hlášení: 40db5ad1-370e-45d2-a9d5-50b773fa1fc9

Úplný název balíčku s chybou: Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (07/22/2022 09:07:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Seagate Backup Plus Drive (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (07/25/2022 06:52:32 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {B91D5831-B1BD-4608-8198-D72E155020F7} se v daném časovém limitu neregistroval u služby DCOM.

Error: (07/25/2022 06:51:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Aktualizovat službu Orchestrator přestala během spouštění reagovat.

Error: (07/25/2022 06:49:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime přestala během spouštění reagovat.

Error: (07/25/2022 06:47:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

Error: (07/25/2022 06:44:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Optimalizace doručení přestala během spouštění reagovat.

Error: (07/25/2022 06:40:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WCAssistantService neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (07/25/2022 06:40:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby WCAssistantService bylo dosaženo časového limitu (45000 ms).

Error: (07/25/2022 05:51:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime přestala během spouštění reagovat.


Windows Defender:
================
Date: 2021-08-01 19:00:57
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BF802CFF-3DC1-47DD-9832-C66CD50444EE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-07-30 19:41:05
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5F859083-50C7-43E7-A80B-A87B59D04B93}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-07-29 19:40:48
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F664EA66-4628-4B62-9C3C-12648E109614}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-07-28 23:17:55
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5A862A88-5B48-4DBF-9724-A8C30F363D48}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-07-27 19:40:47
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3356D95A-7BB1-4E30-A6F2-6108C48DF795}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2022-07-26 14:57:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2022-07-26 12:38:27
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO B0CN72WW 01/27/2015
Motherboard: LENOVO Lenovo G50-80
Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 90%
Total physical RAM: 4016.45 MB
Available physical RAM: 367.23 MB
Total Virtual: 10160.45 MB
Available Virtual: 4876.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.03 GB) (Free:350.34 GB) (Model: HGST HTS541075A9E680) NTFS
Drive d: (Seagate Backup Plus Drive) (Fixed) (Total:9313.87 GB) (Free:2107.75 GB) (Model: Seagate Backup+ Hub BK SCSI Disk Device) NTFS
Drive f: (Elements) (Fixed) (Total:2794.49 GB) (Free:1340.54 GB) (Model: WD Elements 25A2 USB Device) NTFS

\\?\Volume{2ee95c4e-a3f8-49ed-8b2f-6604bdb01ed3}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{fa9f589d-4880-4d85-b6cb-bbcc39917bc5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00A32510)

Partition: GPT.

==========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==========================================================
Disk: 2 (Size: 9314 GB) (Disk ID: 232B46A9)

Partition: GPT.

==================== End of Addition.txt =======================




==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(C:\Program Files\Elantech\ETDService.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe
(explorer.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(explorer.exe ->) (Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(explorer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\CCleanerBrowserCrashHandler.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\CCleanerBrowserCrashHandler64.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(services.exe ->) (Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(services.exe ->) (Conexant Systems, Inc.) [File not signed] C:\Windows\SysWOW64\UIUSrv.exe
(services.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Studios) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe\Solitaire.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5166872 2016-08-04] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [213760 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [37054552 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-08-02] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\Run: [CCleanerBrowserAutoLaunch_EB48762BEBE5EC73BAF6051F4BC9B411] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2813280 2022-07-05] (Piriform Software Ltd -> Piriform Software)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\Run: [MicrosoftEdgeAutoLaunch_F3281F16D0281E948AF7375C79C3D58C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601832 2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Slávek\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Slávek\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\RunOnce: [Uninstall 22.131.0619.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Slávek\AppData\Local\Microsoft\OneDrive\22.131.0619.0001" (No File)
HKLM\...\Windows x64\Print Processors\BJ Print Processor3: C:\Windows\System32\spool\prtprocs\x64\CNBPP3.DLL [83968 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor3_2: C:\Windows\system32\CNBLM3_2.DLL [211456 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\103.0.17593.116\Installer\chrmstp.exe [2022-07-13] (Piriform Software Ltd -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-22] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E6A892E-35C4-4AF8-9EE2-948687B19325} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-01-06] (Google Inc -> Google Inc.)
Task: {0F58B38F-3FE9-4CA6-9F5D-9944B783797B} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-06-23] (Piriform Software Ltd -> Piriform Software)
Task: {3B1432E1-FCFE-4B07-973F-EFF3982A0548} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2813280 2022-07-05] (Piriform Software Ltd -> Piriform Software)
Task: {71D4E029-ACF3-42B8-B249-5B455C031F1E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {88D9057F-E34E-4C4D-9737-ECD6E29ADEED} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4938496 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
Task: {A56CE2B6-C253-4F07-A94E-9B5DE0C700A6} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-06-23] (Piriform Software Ltd -> Piriform Software)
Task: {A727AA52-291E-42E5-9E8B-6D6357FF84E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-01-06] (Google Inc -> Google Inc.)
Task: {C6660898-B91C-4A87-98A1-DD49379DE281} - System32\Tasks\CCleanerSkipUAC - Slávek => C:\Program Files\CCleaner\CCleaner.exe [31101528 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D0CEEE21-C3A1-431F-A3EE-58411CA168CC} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2813280 2022-07-05] (Piriform Software Ltd -> Piriform Software)
Task: {FE7C3E25-73BD-48B8-A4CD-70DEF8D83598} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-07-18] (Piriform Software Ltd -> Piriform)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 81.25.28.250 81.25.16.250
Tcpip\..\Interfaces\{52d6a99c-e91b-45b8-b01d-2805788e3765}: [DhcpNameServer] 81.25.28.250 81.25.16.250

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Slávek\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-26]
Edge Extension: (Outlook) - C:\Users\Slávek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-06]
Edge Extension: (Word) - C:\Users\Slávek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-06]
Edge Extension: (Excel) - C:\Users\Slávek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-06]
Edge Extension: (PowerPoint) - C:\Users\Slávek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-06]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.333.2 -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\dtplugin\npDeployJava1.dll [2022-05-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.333.2 -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\plugin2\npjp2.dll [2022-05-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\npCCleanerBrowserUpdate3.dll [2022-06-23] (Piriform Software Ltd -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\npCCleanerBrowserUpdate3.dll [2022-06-23] (Piriform Software Ltd -> Piriform Software)

Chrome:
=======
CHR Profile: C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default [2022-07-08]
CHR DefaultSearchURL: Default -> hxxps://poshukach.com/search?q={searchTerms}&fr=ps&gp=496723&altserp=1
CHR DefaultSearchKeyword: Default -> poshukach engin search
CHR DefaultSuggestURL: Default -> hxxps://suggest.finditnowonline.com/suggestionfeed/suggestion?format=json&gd=496721&q={searchTerms}
CHR Extension: (Prezentace) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-06]
CHR Extension: (Dokumenty) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-06]
CHR Extension: (Disk Google) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-06]
CHR Extension: (YouTube) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-06]
CHR Extension: (Tabulky) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-06]
CHR Profile: C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\System Profile [2022-07-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8486968 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [590080 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [589056 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-08-02] (Avast Software s.r.o. -> AVAST Software)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-06-23] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\103.0.17593.116\elevation_service.exe [1991960 2022-07-05] (Piriform Software Ltd -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-06-23] (Piriform Software Ltd -> Piriform Software)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16184216 2022-06-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 UIUService; C:\Windows\SysWOW64\UIUSrv.exe [105984 2021-01-06] (Conexant Systems, Inc.) [File not signed]
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-08-02] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [41832 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [235584 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [385560 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [258072 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [104976 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [25048 2022-06-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [47976 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [274536 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [553928 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [113984 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [89056 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [860416 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [668208 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [221528 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [324864 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [425192 2021-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-26 17:50 - 2022-07-26 17:53 - 000021104 _____ C:\Users\Slávek\Desktop\FRST.txt
2022-07-26 17:49 - 2022-07-26 17:52 - 000000000 ____D C:\FRST
2022-07-26 17:48 - 2022-07-26 17:48 - 002369536 _____ (Farbar) C:\Users\Slávek\Desktop\FRST64(1).exe
2022-07-26 17:10 - 2022-07-26 17:20 - 2667853498 _____ C:\Users\Slávek\Downloads\Laska.na.spickach.2021.1080p.x264 CZ.mkv
2022-07-26 16:42 - 2022-07-26 16:42 - 000002151 _____ C:\Users\Slávek\Desktop\Goodgame Empire.lnk
2022-07-26 00:06 - 2022-07-26 18:04 - 1889533952 _____ C:\Users\Slávek\Downloads\Láska našpičkách-2021-CZ-VLHY.mkv.crdownload
2022-07-25 18:22 - 2022-07-25 18:22 - 000000000 ____D C:\Windows\LastGood
2022-07-25 17:32 - 2022-07-25 17:32 - 000000000 ____D C:\Windows\LastGood.Tmp
2022-07-25 17:31 - 2022-07-25 17:31 - 000000000 ____D C:\Program Files (x86)\Intel
2022-07-25 17:07 - 2022-07-25 17:16 - 000000000 ____D C:\Users\Slávek\AppData\Local\TeamViewer
2022-07-25 17:06 - 2022-07-26 17:27 - 000000000 ____D C:\Program Files\TeamViewer
2022-07-25 17:06 - 2022-07-25 17:06 - 000000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2022-07-25 17:06 - 2022-07-25 17:06 - 000000877 _____ C:\Users\Public\Desktop\TeamViewer.lnk
2022-07-25 17:06 - 2022-07-25 17:06 - 000000000 ____D C:\Users\Slávek\AppData\Roaming\TeamViewer
2022-07-16 17:22 - 2022-07-16 17:22 - 002794373 _____ C:\Users\Slávek\Documents\Občan Havel.pdf
2022-07-14 06:58 - 2022-07-14 06:58 - 000470528 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-07-14 06:58 - 2022-07-14 06:58 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mode.com
2022-07-14 06:58 - 2022-07-14 06:58 - 000018944 _____ C:\Windows\SysWOW64\WsdProviderUtil.dll
2022-07-14 06:58 - 2022-07-14 06:58 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tree.com
2022-07-14 06:58 - 2022-07-14 06:58 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chcp.com
2022-07-14 06:57 - 2022-07-14 06:57 - 000693248 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2022-07-14 06:57 - 2022-07-14 06:57 - 000530944 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-07-14 06:57 - 2022-07-14 06:57 - 000270848 _____ C:\Windows\system32\EsclScan.dll
2022-07-14 06:57 - 2022-07-14 06:57 - 000152064 _____ C:\Windows\system32\EsclProtocol.dll
2022-07-14 06:57 - 2022-07-14 06:57 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\mode.com
2022-07-14 06:57 - 2022-07-14 06:57 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\tree.com
2022-07-14 06:57 - 2022-07-14 06:57 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\chcp.com
2022-07-14 06:56 - 2022-07-14 06:56 - 000011811 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-07-14 06:55 - 2022-07-14 06:55 - 000061952 _____ C:\Windows\system32\printticketvalidation.dll
2022-07-14 06:55 - 2022-07-14 06:55 - 000057344 _____ C:\Windows\system32\APMonUI.dll
2022-07-14 06:53 - 2022-07-14 06:53 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-07-14 06:53 - 2022-07-14 06:53 - 000024576 _____ C:\Windows\system32\WsdProviderUtil.dll
2022-07-14 06:52 - 2022-07-14 06:52 - 000640512 _____ C:\Windows\system32\SettingSyncDownloadHelper.dll
2022-07-14 06:52 - 2022-07-14 06:52 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-07-14 05:33 - 2022-07-14 05:33 - 000000000 ___HD C:\$WinREAgent
2022-07-12 20:30 - 2022-07-12 20:29 - 000270592 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2022-07-12 20:30 - 2022-07-12 20:29 - 000221528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2022-07-04 10:27 - 2022-07-04 11:34 - 000000000 ____D C:\Users\Slávek\Documents\povidky
2022-07-02 09:43 - 2022-07-02 09:43 - 000075180 _____ C:\Users\Slávek\Downloads\vf135422022.isdocx
2022-06-27 18:00 - 2022-06-27 18:00 - 000025048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-26 17:17 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-26 17:03 - 2021-01-06 21:16 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-07-26 17:02 - 2021-01-06 23:09 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-26 16:43 - 2022-05-21 23:13 - 000000000 ____D C:\Users\Slávek\Downloads\ULOŽÍT do nových seriálů
2022-07-26 16:42 - 2021-08-02 09:40 - 000000000 _____ C:\end
2022-07-26 16:41 - 2021-08-02 09:39 - 000003672 _____ C:\nsispromotion_log.txt
2022-07-26 16:04 - 2021-07-02 15:49 - 000004212 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{79C6F87A-BF76-4C3E-A581-0777AD1171AA}
2022-07-26 16:01 - 2021-07-02 15:53 - 000000000 ____D C:\Program Files\CCleaner
2022-07-26 14:20 - 2022-06-23 17:01 - 000003104 _____ C:\Windows\system32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2022-07-26 14:20 - 2022-06-23 17:01 - 000002622 _____ C:\Windows\system32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2022-07-26 14:20 - 2022-06-23 17:00 - 000003456 _____ C:\Windows\system32\Tasks\CCleanerUpdateTaskMachineUA
2022-07-26 14:20 - 2022-06-23 17:00 - 000003232 _____ C:\Windows\system32\Tasks\CCleanerUpdateTaskMachineCore
2022-07-26 14:20 - 2021-12-11 12:34 - 000003062 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-135731915-3674959227-2928559306-1001
2022-07-26 14:20 - 2021-08-19 10:12 - 000002254 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - Slávek
2022-07-26 14:20 - 2021-08-02 22:46 - 000000000 ____D C:\Users\Slávek\AppData\Local\CrashDumps
2022-07-26 14:20 - 2021-08-02 09:49 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2022-07-26 14:20 - 2021-07-30 15:48 - 000000000 ____D C:\Users\Slávek\AppData\Local\ClassicShell
2022-07-26 14:20 - 2021-07-02 15:53 - 000002988 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-07-26 14:20 - 2021-01-06 23:09 - 000003402 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2022-07-26 14:20 - 2021-01-06 23:09 - 000003178 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2022-07-26 14:20 - 2021-01-06 22:56 - 000003568 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-26 14:20 - 2021-01-06 22:56 - 000003344 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-26 14:20 - 2021-01-06 21:52 - 000002858 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-135731915-3674959227-2928559306-1001
2022-07-26 14:01 - 2022-02-12 23:41 - 000000000 ____D C:\Users\Slávek\Downloads\Prozatím
2022-07-26 11:57 - 2021-01-06 21:28 - 000002380 _____ C:\Users\Slávek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-26 11:50 - 2021-01-06 21:29 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2022-07-26 11:50 - 2019-12-07 16:41 - 000683426 _____ C:\Windows\system32\perfh005.dat
2022-07-26 11:50 - 2019-12-07 16:41 - 000137206 _____ C:\Windows\system32\perfc005.dat
2022-07-26 11:50 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2022-07-26 00:31 - 2021-08-02 09:48 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2022-07-25 19:13 - 2021-01-06 21:41 - 000000000 ____D C:\Intel
2022-07-25 18:42 - 2021-08-02 09:41 - 000000000 ____D C:\ProgramData\Avast Software
2022-07-25 18:38 - 2021-01-06 21:46 - 000000000 __SHD C:\Users\Slávek\IntelGraphicsProfiles
2022-07-25 18:38 - 2021-01-06 21:41 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-07-25 18:37 - 2021-01-06 21:17 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-07-25 18:37 - 2021-01-06 21:16 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-25 18:37 - 2019-12-07 11:03 - 001048576 _____ C:\Windows\system32\config\BBI
2022-07-25 17:53 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2022-07-25 17:51 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-25 17:44 - 2021-01-06 21:16 - 000446160 _____ C:\Windows\system32\FNTCACHE.DAT
2022-07-24 22:32 - 2021-01-06 22:57 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-24 22:32 - 2021-01-06 22:57 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-24 17:49 - 2021-01-06 23:13 - 000000000 ____D C:\Users\Slávek\AppData\Roaming\vlc
2022-07-24 15:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2022-07-24 15:38 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF
2022-07-22 04:05 - 2021-01-06 23:10 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-22 04:05 - 2021-01-06 23:10 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-20 22:11 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2022-07-15 01:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-07-15 01:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2022-07-15 01:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-07-15 01:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2022-07-15 01:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2022-07-14 06:51 - 2021-01-06 21:19 - 003010560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-07-14 05:28 - 2021-01-06 21:41 - 000000000 ____D C:\Windows\system32\MRT
2022-07-14 05:21 - 2021-01-06 21:40 - 146546848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-07-13 21:09 - 2022-06-23 17:01 - 000002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2022-07-13 21:09 - 2022-06-23 17:01 - 000002352 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2022-07-13 21:09 - 2022-06-23 16:59 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2022-07-12 20:30 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-07-12 20:29 - 2021-08-02 09:48 - 000860416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000668208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000553928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000385560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000324864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000274536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000258072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000235584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000113984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000104976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000089056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000047976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000041832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2022-07-06 00:23 - 2021-05-17 11:05 - 000092920 _____ C:\Users\Slávek\AppData\Local\GDIPFONTCACHEV1.DAT
2022-07-01 10:08 - 2022-05-22 11:55 - 000000000 ____D C:\Users\Slávek\Documents\GOMPlayer
2022-07-01 00:57 - 2022-06-21 11:26 - 000000000 ____D C:\Users\Slávek\Downloads\Nové seriály
2022-06-27 18:21 - 2021-01-06 21:29 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories ========

2022-07-26 16:42 - 2022-07-26 16:42 - 000370070 _____ () C:\Users\Slávek\AppData\Roaming\logo_empire_desktop.ico

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-26-2022
# Duration: 00:00:25
# OS: Windows 10 Home
# Scanned: 32053
# Detected: 19


***** [ Services ] *****

PUP.Optional.Legacy WCAssistantService

***** [ Folders ] *****

PUP.Optional.WebCompanion C:\Program Files (x86)\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Application Data\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
PUP.Optional.WebCompanion C:\Users\Slávek\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_MRPQ523XMEO0CM2M0N5VJ25Z3NZKGEP4
PUP.Optional.WebCompanion C:\Users\Slávek\AppData\Roaming\Lavasoft\Web Companion

***** [ Files ] *****

PUP.Optional.Legacy C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f11aa0f2-815b-4aa8-9f6e-ca75d28e0428}|DisplayIcon
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f11aa0f2-815b-4aa8-9f6e-ca75d28e0428}|DisplayName
PUP.Adware.Heuristic HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f11aa0f2-815b-4aa8-9f6e-ca75d28e0428}|UninstallString
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########



# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-26-2022
# Duration: 00:00:16
# OS: Windows 10 Home
# Cleaned: 19
# Failed: 0


***** [ Services ] *****

Deleted WCAssistantService

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\Slávek\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_MRPQ523XMEO0CM2M0N5VJ25Z3NZKGEP4
Deleted C:\Users\Slávek\AppData\Roaming\Lavasoft\Web Companion

***** [ Files ] *****

Deleted C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f11aa0f2-815b-4aa8-9f6e-ca75d28e0428}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f11aa0f2-815b-4aa8-9f6e-ca75d28e0428}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f11aa0f2-815b-4aa8-9f6e-ca75d28e0428}|UninstallString
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3307 octets] - [26/07/2022 21:02:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

OK. Dejte nové logy FRST+Addition.

Díky

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-07-2022
Ran by Slávek (administrator) on DESKTOP-CPRA0SF (LENOVO 80L0) (26-07-2022 22:08:52)
Running from C:\Users\Slávek\Desktop
Loaded Profiles: Slávek
Platform: Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\CCleanerBrowserCrashHandler.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\CCleanerBrowserCrashHandler64.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5166872 2016-08-04] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [213760 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [37054552 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\Run: [CCleanerBrowserAutoLaunch_EB48762BEBE5EC73BAF6051F4BC9B411] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2813280 2022-07-05] (Piriform Software Ltd -> Piriform Software)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\Run: [MicrosoftEdgeAutoLaunch_F3281F16D0281E948AF7375C79C3D58C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601832 2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Slávek\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Slávek\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\RunOnce: [Uninstall 22.131.0619.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Slávek\AppData\Local\Microsoft\OneDrive\22.131.0619.0001" (No File)
HKLM\...\Windows x64\Print Processors\BJ Print Processor3: C:\Windows\System32\spool\prtprocs\x64\CNBPP3.DLL [83968 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor3_2: C:\Windows\system32\CNBLM3_2.DLL [211456 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\103.0.17593.116\Installer\chrmstp.exe [2022-07-13] (Piriform Software Ltd -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-22] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E6A892E-35C4-4AF8-9EE2-948687B19325} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-01-06] (Google Inc -> Google Inc.)
Task: {0F58B38F-3FE9-4CA6-9F5D-9944B783797B} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-06-23] (Piriform Software Ltd -> Piriform Software)
Task: {3B1432E1-FCFE-4B07-973F-EFF3982A0548} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2813280 2022-07-05] (Piriform Software Ltd -> Piriform Software)
Task: {71D4E029-ACF3-42B8-B249-5B455C031F1E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {88D9057F-E34E-4C4D-9737-ECD6E29ADEED} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4938496 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
Task: {A56CE2B6-C253-4F07-A94E-9B5DE0C700A6} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-06-23] (Piriform Software Ltd -> Piriform Software)
Task: {A727AA52-291E-42E5-9E8B-6D6357FF84E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-01-06] (Google Inc -> Google Inc.)
Task: {C6660898-B91C-4A87-98A1-DD49379DE281} - System32\Tasks\CCleanerSkipUAC - Slávek => C:\Program Files\CCleaner\CCleaner.exe [31101528 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D0CEEE21-C3A1-431F-A3EE-58411CA168CC} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2813280 2022-07-05] (Piriform Software Ltd -> Piriform Software)
Task: {FE7C3E25-73BD-48B8-A4CD-70DEF8D83598} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-07-18] (Piriform Software Ltd -> Piriform)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 81.25.28.250 81.25.16.250
Tcpip\..\Interfaces\{52d6a99c-e91b-45b8-b01d-2805788e3765}: [DhcpNameServer] 81.25.28.250 81.25.16.250

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Slávek\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-26]
Edge Extension: (Outlook) - C:\Users\Slávek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-06]
Edge Extension: (Word) - C:\Users\Slávek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-06]
Edge Extension: (Excel) - C:\Users\Slávek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-06]
Edge Extension: (PowerPoint) - C:\Users\Slávek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-06]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.333.2 -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\dtplugin\npDeployJava1.dll [2022-05-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.333.2 -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\plugin2\npjp2.dll [2022-05-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\npCCleanerBrowserUpdate3.dll [2022-06-23] (Piriform Software Ltd -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\npCCleanerBrowserUpdate3.dll [2022-06-23] (Piriform Software Ltd -> Piriform Software)

Chrome:
=======
CHR Profile: C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default [2022-07-08]
CHR DefaultSearchURL: Default -> hxxps://poshukach.com/search?q={searchTerms}&fr=ps&gp=496723&altserp=1
CHR DefaultSearchKeyword: Default -> poshukach engin search
CHR DefaultSuggestURL: Default -> hxxps://suggest.finditnowonline.com/suggestionfeed/suggestion?format=json&gd=496721&q={searchTerms}
CHR Extension: (Prezentace) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-06]
CHR Extension: (Dokumenty) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-06]
CHR Extension: (Disk Google) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-06]
CHR Extension: (YouTube) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-06]
CHR Extension: (Tabulky) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-06]
CHR Profile: C:\Users\Slávek\AppData\Local\Google\Chrome\User Data\System Profile [2022-07-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8486968 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [590080 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [589056 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-08-02] (Avast Software s.r.o. -> AVAST Software)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-06-23] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\103.0.17593.116\elevation_service.exe [1991960 2022-07-05] (Piriform Software Ltd -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-06-23] (Piriform Software Ltd -> Piriform Software)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16241056 2022-07-13] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S2 UIUService; C:\Windows\SysWOW64\UIUSrv.exe [105984 2021-01-06] (Conexant Systems, Inc.) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [41832 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [235584 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [385560 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [258072 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [104976 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [25048 2022-06-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [47976 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [274536 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [553928 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [113984 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [89056 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [860416 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [668208 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [221528 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [324864 2022-07-12] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [425192 2021-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-26 21:01 - 2022-07-26 21:04 - 000000000 ____D C:\AdwCleaner
2022-07-26 20:36 - 2022-07-26 20:47 - 1256375627 _____ C:\Users\Slávek\Downloads\ZOO 47.DÍL Konec jedné éry(SERIÁL CZ)2022.MP4.mp4
2022-07-26 18:54 - 2022-07-26 18:54 - 008551608 _____ (Malwarebytes) C:\Users\Slávek\Desktop\adwcleaner.exe
2022-07-26 18:04 - 2022-07-26 18:15 - 000038611 _____ C:\Users\Slávek\Desktop\Addition.txt
2022-07-26 17:50 - 2022-07-26 22:11 - 000018368 _____ C:\Users\Slávek\Desktop\FRST.txt
2022-07-26 17:49 - 2022-07-26 22:10 - 000000000 ____D C:\FRST
2022-07-26 17:48 - 2022-07-26 17:48 - 002369536 _____ (Farbar) C:\Users\Slávek\Desktop\FRST64(1).exe
2022-07-25 18:22 - 2022-07-25 18:22 - 000000000 ____D C:\Windows\LastGood
2022-07-25 17:32 - 2022-07-25 17:32 - 000000000 ____D C:\Windows\LastGood.Tmp
2022-07-25 17:31 - 2022-07-25 17:31 - 000000000 ____D C:\Program Files (x86)\Intel
2022-07-25 17:07 - 2022-07-25 17:16 - 000000000 ____D C:\Users\Slávek\AppData\Local\TeamViewer
2022-07-25 17:06 - 2022-07-26 18:51 - 000000000 ____D C:\Program Files\TeamViewer
2022-07-25 17:06 - 2022-07-25 17:06 - 000000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2022-07-25 17:06 - 2022-07-25 17:06 - 000000877 _____ C:\Users\Public\Desktop\TeamViewer.lnk
2022-07-25 17:06 - 2022-07-25 17:06 - 000000000 ____D C:\Users\Slávek\AppData\Roaming\TeamViewer
2022-07-16 17:22 - 2022-07-16 17:22 - 002794373 _____ C:\Users\Slávek\Documents\Občan Havel.pdf
2022-07-14 06:58 - 2022-07-14 06:58 - 000470528 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-07-14 06:58 - 2022-07-14 06:58 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mode.com
2022-07-14 06:58 - 2022-07-14 06:58 - 000018944 _____ C:\Windows\SysWOW64\WsdProviderUtil.dll
2022-07-14 06:58 - 2022-07-14 06:58 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tree.com
2022-07-14 06:58 - 2022-07-14 06:58 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chcp.com
2022-07-14 06:57 - 2022-07-14 06:57 - 000693248 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2022-07-14 06:57 - 2022-07-14 06:57 - 000530944 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-07-14 06:57 - 2022-07-14 06:57 - 000270848 _____ C:\Windows\system32\EsclScan.dll
2022-07-14 06:57 - 2022-07-14 06:57 - 000152064 _____ C:\Windows\system32\EsclProtocol.dll
2022-07-14 06:57 - 2022-07-14 06:57 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\mode.com
2022-07-14 06:57 - 2022-07-14 06:57 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\tree.com
2022-07-14 06:57 - 2022-07-14 06:57 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\chcp.com
2022-07-14 06:56 - 2022-07-14 06:56 - 000011811 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-07-14 06:55 - 2022-07-14 06:55 - 000061952 _____ C:\Windows\system32\printticketvalidation.dll
2022-07-14 06:55 - 2022-07-14 06:55 - 000057344 _____ C:\Windows\system32\APMonUI.dll
2022-07-14 06:53 - 2022-07-14 06:53 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-07-14 06:53 - 2022-07-14 06:53 - 000024576 _____ C:\Windows\system32\WsdProviderUtil.dll
2022-07-14 06:52 - 2022-07-14 06:52 - 000640512 _____ C:\Windows\system32\SettingSyncDownloadHelper.dll
2022-07-14 06:52 - 2022-07-14 06:52 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-07-14 05:33 - 2022-07-14 05:33 - 000000000 ___HD C:\$WinREAgent
2022-07-12 20:30 - 2022-07-12 20:29 - 000270592 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2022-07-12 20:30 - 2022-07-12 20:29 - 000221528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2022-07-04 10:27 - 2022-07-04 11:34 - 000000000 ____D C:\Users\Slávek\Documents\povidky
2022-07-02 09:43 - 2022-07-02 09:43 - 000075180 _____ C:\Users\Slávek\Downloads\vf135422022.isdocx
2022-06-27 18:00 - 2022-06-27 18:00 - 000025048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-26 22:02 - 2021-01-06 23:09 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-26 21:53 - 2021-01-06 21:16 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-07-26 21:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2022-07-26 21:37 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-26 21:04 - 2021-08-02 09:42 - 000000000 ____D C:\Users\Slávek\AppData\Roaming\Lavasoft
2022-07-26 21:04 - 2021-08-02 09:42 - 000000000 ____D C:\Users\Slávek\AppData\Local\Lavasoft
2022-07-26 21:04 - 2021-08-02 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2022-07-26 21:04 - 2021-08-02 09:41 - 000000000 ____D C:\ProgramData\Lavasoft
2022-07-26 21:04 - 2021-08-02 09:41 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2022-07-26 20:34 - 2022-02-12 23:41 - 000000000 ____D C:\Users\Slávek\Downloads\Prozatím
2022-07-26 16:43 - 2022-05-21 23:13 - 000000000 ____D C:\Users\Slávek\Downloads\ULOŽÍT do nových seriálů
2022-07-26 16:41 - 2021-08-02 09:39 - 000003672 _____ C:\nsispromotion_log.txt
2022-07-26 16:04 - 2021-07-02 15:49 - 000004212 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{79C6F87A-BF76-4C3E-A581-0777AD1171AA}
2022-07-26 16:01 - 2021-07-02 15:53 - 000000000 ____D C:\Program Files\CCleaner
2022-07-26 14:20 - 2022-06-23 17:01 - 000003104 _____ C:\Windows\system32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2022-07-26 14:20 - 2022-06-23 17:01 - 000002622 _____ C:\Windows\system32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2022-07-26 14:20 - 2022-06-23 17:00 - 000003456 _____ C:\Windows\system32\Tasks\CCleanerUpdateTaskMachineUA
2022-07-26 14:20 - 2022-06-23 17:00 - 000003232 _____ C:\Windows\system32\Tasks\CCleanerUpdateTaskMachineCore
2022-07-26 14:20 - 2021-12-11 12:34 - 000003062 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-135731915-3674959227-2928559306-1001
2022-07-26 14:20 - 2021-08-19 10:12 - 000002254 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - Slávek
2022-07-26 14:20 - 2021-08-02 22:46 - 000000000 ____D C:\Users\Slávek\AppData\Local\CrashDumps
2022-07-26 14:20 - 2021-08-02 09:49 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2022-07-26 14:20 - 2021-07-30 15:48 - 000000000 ____D C:\Users\Slávek\AppData\Local\ClassicShell
2022-07-26 14:20 - 2021-07-02 15:53 - 000002988 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-07-26 14:20 - 2021-01-06 23:09 - 000003402 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2022-07-26 14:20 - 2021-01-06 23:09 - 000003178 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2022-07-26 14:20 - 2021-01-06 22:56 - 000003568 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-26 14:20 - 2021-01-06 22:56 - 000003344 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-26 14:20 - 2021-01-06 21:52 - 000002858 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-135731915-3674959227-2928559306-1001
2022-07-26 11:57 - 2021-01-06 21:28 - 000002380 _____ C:\Users\Slávek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-26 11:50 - 2021-01-06 21:29 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2022-07-26 11:50 - 2019-12-07 16:41 - 000683426 _____ C:\Windows\system32\perfh005.dat
2022-07-26 11:50 - 2019-12-07 16:41 - 000137206 _____ C:\Windows\system32\perfc005.dat
2022-07-26 11:50 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2022-07-26 00:31 - 2021-08-02 09:48 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2022-07-25 19:13 - 2021-01-06 21:41 - 000000000 ____D C:\Intel
2022-07-25 18:42 - 2021-08-02 09:41 - 000000000 ____D C:\ProgramData\Avast Software
2022-07-25 18:38 - 2021-01-06 21:46 - 000000000 __SHD C:\Users\Slávek\IntelGraphicsProfiles
2022-07-25 18:38 - 2021-01-06 21:41 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-07-25 18:37 - 2021-01-06 21:17 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-07-25 18:37 - 2021-01-06 21:16 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-25 18:37 - 2019-12-07 11:03 - 001048576 _____ C:\Windows\system32\config\BBI
2022-07-25 17:51 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-25 17:44 - 2021-01-06 21:16 - 000446160 _____ C:\Windows\system32\FNTCACHE.DAT
2022-07-24 22:32 - 2021-01-06 22:57 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-24 22:32 - 2021-01-06 22:57 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-24 17:49 - 2021-01-06 23:13 - 000000000 ____D C:\Users\Slávek\AppData\Roaming\vlc
2022-07-24 15:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2022-07-24 15:38 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF
2022-07-22 04:05 - 2021-01-06 23:10 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-22 04:05 - 2021-01-06 23:10 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-20 22:11 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2022-07-15 01:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-07-15 01:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2022-07-15 01:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-07-15 01:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2022-07-15 01:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2022-07-15 01:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2022-07-14 06:51 - 2021-01-06 21:19 - 003010560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-07-14 05:28 - 2021-01-06 21:41 - 000000000 ____D C:\Windows\system32\MRT
2022-07-14 05:21 - 2021-01-06 21:40 - 146546848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-07-13 21:09 - 2022-06-23 17:01 - 000002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2022-07-13 21:09 - 2022-06-23 17:01 - 000002352 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2022-07-13 21:09 - 2022-06-23 16:59 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2022-07-12 20:30 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-07-12 20:29 - 2021-08-02 09:48 - 000860416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000668208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000553928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000385560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000324864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000274536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000258072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000235584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000113984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000104976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000089056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000047976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2022-07-12 20:29 - 2021-08-02 09:48 - 000041832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2022-07-06 00:23 - 2021-05-17 11:05 - 000092920 _____ C:\Users\Slávek\AppData\Local\GDIPFONTCACHEV1.DAT
2022-07-01 10:08 - 2022-05-22 11:55 - 000000000 ____D C:\Users\Slávek\Documents\GOMPlayer
2022-07-01 00:57 - 2022-06-21 11:26 - 000000000 ____D C:\Users\Slávek\Downloads\Nové seriály
2022-06-27 18:21 - 2021-01-06 21:29 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories ========

2022-07-26 16:42 - 2022-07-26 16:42 - 000370070 _____ () C:\Users\Slávek\AppData\Roaming\logo_empire_desktop.ico

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by Slávek (26-07-2022 22:14:20)
Running from C:\Users\Slávek\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) (2021-01-06 19:25:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-135731915-3674959227-2928559306-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-135731915-3674959227-2928559306-503 - Limited - Disabled)
Guest (S-1-5-21-135731915-3674959227-2928559306-501 - Limited - Disabled)
Slávek (S-1-5-21-135731915-3674959227-2928559306-1001 - Administrator - Enabled) => C:\Users\Slávek
WDAGUtilityAccount (S-1-5-21-135731915-3674959227-2928559306-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.6.6022 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 6.02 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 103.0.17593.116 - Autoři prohlížeče CCleaner Browser)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1208.2 - Piriform Software) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.27.55 - Conexant)
Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.259.0 - Conexant Systems)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.77.5342 - GOM & Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001010-0210-1029-84C8-B8D95FA3C8C3}) (Version: 21.10.1.1 - Intel Corporation)
Java 8 Update 333 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180333F0}) (Version: 8.0.3330.2 - Oracle Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.71 - Microsoft Corporation)
Microsoft Office Access MUI (Czech) 2007 (HKLM-x32\...\{90120000-0015-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel MUI (Czech) 2007 (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Czech) 2007 (HKLM-x32\...\{90120000-00BA-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2007 (HKLM-x32\...\{90120000-0044-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Czech) 2007 (HKLM-x32\...\{90120000-00A1-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (HKLM-x32\...\{90120000-002C-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (HKLM-x32\...\{90120000-0019-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2007 (HKLM\...\{90120000-002A-0405-1000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\OneDriveSetup.exe) (Version: 22.141.0703.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Outlook (HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.32.3 - TeamViewer)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.00 - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )

Packages:
=========
Adobe Photoshop Express: Editor obrazů, úpravy, filtry, efekty, okraje -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.6.385.0_x64__ynb6jyjzte8ga [2022-03-17] (Adobe Inc.)
Cradle of Empires -> C:\Program Files\WindowsApps\AWEMGAMESLTD.CradleofEmpires_7.50.670.0_x86__bk6jmky90x9y4 [2022-07-02] (AWEM GAMES LTD)
Crime Mysteries™: Find hidden objects & match 3 puzzle -> C:\Program Files\WindowsApps\828B5831.CrimeMysteriesMatch-3Cases_1.24.2600.0_x86__ytsefhwckbdv6 [2022-07-14] (G5 Entertainment AB)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220 [2022-07-12] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-28] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-15] (Microsoft Corporation)
Emperor of Mahjong: Match tiles & restore a city -> C:\Program Files\WindowsApps\828B5831.JewelsofMahjongMatchtilesrestorethecity_1.27.2700.0_x64__ytsefhwckbdv6 [2022-07-02] (G5 Entertainment AB)
Excel -> C:\Program Files\WindowsApps\excel.office.com-4362FB92_1.0.0.1_neutral__2vp2pd36ganw2 [2022-05-28] (excel.office.com)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.49.4900.0_x86__ytsefhwckbdv6 [2022-07-23] (G5 Entertainment AB)
Jewels of Rome: Match gems to restore the city -> C:\Program Files\WindowsApps\828B5831.JewelsofRomeMatchgemstorestorethecity_1.37.3700.0_x64__ytsefhwckbdv6 [2022-07-02] (G5 Entertainment AB)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.2.6090.0_x64__8wekyb3d8bbwe [2022-06-24] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-10] (Microsoft Studios) [MS Ad]
Pinterest -> C:\Program Files\WindowsApps\1424566A.147190DF3DE79_1.0.20.0_neutral__5byw4zywtsh80 [2021-05-02] (Pinterest Inc.)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.103.0_x64__pwbj9vvecjh7j [2022-07-20] (Amazon Development Centre (London) Ltd)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.536.453.0_x86__55nm5eh3cm0pr [2022-07-24] (ROBLOX Corporation)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-03] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0 [2022-07-22] (Spotify AB) [Startup Task]
Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.5_neutral__jc2kecmnkxwqc [2022-05-28] (word.office.com)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-07-12] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-07-12] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-07-12] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-12-12] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-12-12] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-07-12] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-12-12] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-12-12] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-07-12] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-12-12] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-12-12] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\SysWOW64\msaud32_divx.acm [186368 2003-02-03] (Microsoft Corporation) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Slávek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Slávek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf

==================== Loaded Modules (Whitelisted) =============

2021-01-06 23:08 - 2009-12-12 16:12 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-135731915-3674959227-2928559306-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=GR160102&iDate=2021-08-02 07:42:17&iid=085e8f3e-9df1-4ed5-a199-071c0c49f451&bName=
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\ssv.dll [2022-05-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\jp2ssv.dll [2022-05-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 81.25.28.250 - 81.25.16.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "RtsFT"
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_EB48762BEBE5EC73BAF6051F4BC9B411"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{B4B351BC-49AB-49DC-B556-742B954B855F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{72B70D9F-3542-4BF5-B4D4-C414F0B6236C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{6729B41D-9403-4538-B1DC-C92897A3D606}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{CD1043AA-7AD7-4DE6-85BC-4DCC8C66409F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{25CA59C9-D0E7-4356-85C6-EEC5D052BDC8}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{1DC6080A-F487-4F1A-AA73-E7D36005DCA0}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{BBCA9EB6-D8A9-4515-8534-27E5E09EE9E4}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{81091E96-C64C-4FFC-BE34-969D82FF43C9}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{293B5A51-1A94-40E0-B858-85CD15B2B237}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{EA912668-5969-4A61-8445-1002C21E43CC}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{FD1D709B-5E92-4EEC-8DE3-0ECB642195EF}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{87212063-16F4-4C9A-A00F-17FAD1132603}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{14F41831-6758-4444-BC7C-2473EE75333E}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{5759E490-0BF3-4B36-A92D-866639B907CD}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{3F58B1BC-B6EC-4B8D-A32C-5D4DD7D42572}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{751728B6-00A7-448B-B86A-890A4467829F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{14CCF434-8B9E-4999-85D7-B0024EC9FE1A}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{85B5C02E-B846-49A7-B59D-482A8BF809FD}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{FC3BB0AB-EF69-4255-9F05-1995063ACCE8}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{7227B828-A72D-4CBB-BD8F-E2FB1ECDC2A9}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F9476F48-D57C-4744-912D-F93B5CF6195D}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2F61CEF2-B9E9-42D8-89A0-C74BCCB50495}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{DFD31397-1E0D-46BC-9FEC-B78681425E44}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{38509A54-407D-436D-823B-39DEDFA3DE9A}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{A640188E-EFF8-4937-AA02-608D950861FE}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{366E313D-EACE-4F65-B9E1-A89715DAF1C5}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{BBF8C7B8-065A-4401-ACCA-828FE340163B}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [{4F288520-1BF1-4485-81D4-E366800488DE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3329763D-CFAC-4275-B3A6-A93986A00BE9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{639BA18B-4458-4B3B-A39A-3AA1AEFD69C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{95BBAB29-0F25-4460-B2A2-86A30186E4F8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5B8F6AED-23C0-4912-B090-E5B4BA9461C4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{125FE7C9-598E-4C6D-881F-64DAA7893888}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE74597D-4C27-4D5A-8EA8-CD7754A8B246}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{71C6435F-7B2A-46A5-B348-A41153045555}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A853513B-7DE7-4AAA-B691-27FF310B6610}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BC6B059E-7AE2-4B23-9EF9-66FC641C4FFC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9A3E44A3-A5AA-4C37-8BE1-6471E550AE63}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8C2FEF9B-CB73-4733-B590-E13B7A609C8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C84B8D8E-5C48-4F59-91DC-138B4141F94A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{185B1408-9A6B-4AC5-B5F8-A5A3CCE2FC42}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0B35BDCB-1F96-4D6E-9FCE-DF2D309DE198}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4110ABA3-7A4D-490D-9AB3-8E122FC5922C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{464A8D48-3C62-43B4-8A01-2933E52D3059}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DB2E723D-E2A2-44F4-9A62-C0901324653A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{FEAB22A1-2FE8-448F-B4D2-B74BDCB1DE7E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{22D655E9-6515-4FD7-9FA6-231B2960D9C9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BE67BC51-5B57-437B-B231-BA8C252DD6C5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

15-07-2022 21:49:03 Naplánovaný kontrolní bod
25-07-2022 09:26:26 Naplánovaný kontrolní bod
25-07-2022 17:29:41 Installed Intel(R) Wireless Bluetooth(R)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/26/2022 05:39:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.1806 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2790

Čas spuštění: 01d8a047e6d73eff

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

ID hlášení: 93e0a984-faee-4c0c-b668-7aaf1ee036d8

Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.6.19041_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: ShellFeedsUI

Typ zablokování: Quiesce

Error: (07/26/2022 02:21:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program HiddenCityUWP.exe verze 0.0.0.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: ef8

Čas spuštění: 01d8a0ea006d866f

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.49.4900.0_x86__ytsefhwckbdv6\HiddenCityUWP.exe

ID hlášení: a2e11568-ac58-4f28-95c8-91179bb979da

Úplný název balíčku s chybou: 828B5831.HiddenCityMysteryofShadows_1.49.4900.0_x86__ytsefhwckbdv6

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Cross-thread

Error: (07/26/2022 02:18:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GameBar.exe, verze: 5.822.6271.0, časové razítko: 0x62b9e0ef
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1826, časové razítko: 0x299341e8
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000010fb62
ID chybujícího procesu: 0x1664
Čas spuštění chybující aplikace: 0x01d8a0e9b7b7176b
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBar.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: 5da822e7-d4ba-409b-9b52-34123f375f42
Úplný název chybujícího balíčku: Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: App

Error: (07/25/2022 06:04:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program WWAHost.exe verze 10.0.19041.789 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2030

Čas spuštění: 01d8a03fc605055f

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\System32\WWAHost.exe

ID hlášení: 90fbf380-bec0-4ce7-bf70-28a45ec0daee

Úplný název balíčku s chybou: Microsoft.Windows.CloudExperienceHost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (07/24/2022 09:17:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.1806 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 334c

Čas spuštění: 01d89dcd861adcef

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

ID hlášení: 39d1052e-0fd8-4017-9479-8eddd9bd2a21

Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.6.19041_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: ShellFeedsUI

Typ zablokování: Quiesce

Error: (07/23/2022 01:09:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GameBar.exe, verze: 5.822.6271.0, časové razítko: 0x62b9e0ef
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1826, časové razítko: 0x299341e8
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000010fb62
ID chybujícího procesu: 0x1a68
Čas spuštění chybující aplikace: 0x01d89e84a365661b
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBar.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: bb122b6b-f5a1-44a6-93d6-5ebb23c4cc51
Úplný název chybujícího balíčku: Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: App

Error: (07/23/2022 01:08:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Solitaire.exe verze 0.0.0.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3214

Čas spuštění: 01d89da36e46314a

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe\Solitaire.exe

ID hlášení: 40db5ad1-370e-45d2-a9d5-50b773fa1fc9

Úplný název balíčku s chybou: Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (07/22/2022 09:07:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Seagate Backup Plus Drive (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (07/26/2022 09:04:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Conexant SmartAudio service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/26/2022 09:04:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Elan Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/26/2022 09:04:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Conexant UIU Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/26/2022 09:04:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/26/2022 09:04:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel Bluetooth Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/26/2022 09:04:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Conexant Audio Message Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/26/2022 09:04:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) HD Graphics Control Panel Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/25/2022 06:52:32 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {B91D5831-B1BD-4608-8198-D72E155020F7} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2021-08-01 19:00:57
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BF802CFF-3DC1-47DD-9832-C66CD50444EE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-07-30 19:41:05
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5F859083-50C7-43E7-A80B-A87B59D04B93}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-07-29 19:40:48
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F664EA66-4628-4B62-9C3C-12648E109614}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-07-28 23:17:55
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5A862A88-5B48-4DBF-9724-A8C30F363D48}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-07-27 19:40:47
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3356D95A-7BB1-4E30-A6F2-6108C48DF795}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2022-07-26 18:59:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2022-07-26 12:38:27
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO B0CN72WW 01/27/2015
Motherboard: LENOVO Lenovo G50-80
Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 77%
Total physical RAM: 4016.45 MB
Available physical RAM: 920.7 MB
Total Virtual: 10160.45 MB
Available Virtual: 5250.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.03 GB) (Free:347.08 GB) (Model: HGST HTS541075A9E680) NTFS
Drive d: (Seagate Backup Plus Drive) (Fixed) (Total:9313.87 GB) (Free:2107.75 GB) (Model: Seagate Backup+ Hub BK SCSI Disk Device) NTFS
Drive f: (Elements) (Fixed) (Total:2794.49 GB) (Free:1340.54 GB) (Model: WD Elements 25A2 USB Device) NTFS

\\?\Volume{2ee95c4e-a3f8-49ed-8b2f-6604bdb01ed3}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{fa9f589d-4880-4d85-b6cb-bbcc39917bc5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00A32510)

Partition: GPT.

==========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==========================================================
Disk: 2 (Size: 9314 GB) (Disk ID: 232B46A9)

Partition: GPT.

==================== End of Addition.txt =======================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Slávek\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Slávek\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\RunOnce: [Uninstall 22.131.0619.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Slávek\AppData\Local\Microsoft\OneDrive\22.131.0619.0001" (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0E6A892E-35C4-4AF8-9EE2-948687B19325} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-01-06] (Google Inc -> Google Inc.)
Task: {A727AA52-291E-42E5-9E8B-6D6357FF84E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-01-06] (Google Inc -> Google Inc.)
C:\Windows\LastGood.Tmp
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Zasílám log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by Slávek (27-07-2022 16:17:30) Run:1
Running from C:\Users\Slávek\Desktop
Loaded Profiles: Slávek
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Slávek\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Slávek\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-135731915-3674959227-2928559306-1001\...\RunOnce: [Uninstall 22.131.0619.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Slávek\AppData\Local\Microsoft\OneDrive\22.131.0619.0001" (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0E6A892E-35C4-4AF8-9EE2-948687B19325} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-01-06] (Google Inc -> Google Inc.)
Task: {A727AA52-291E-42E5-9E8B-6D6357FF84E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-01-06] (Google Inc -> Google Inc.)
C:\Windows\LastGood.Tmp
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-135731915-3674959227-2928559306-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully
"HKU\S-1-5-21-135731915-3674959227-2928559306-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
"HKU\S-1-5-21-135731915-3674959227-2928559306-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 22.131.0619.0001" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E6A892E-35C4-4AF8-9EE2-948687B19325}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E6A892E-35C4-4AF8-9EE2-948687B19325}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A727AA52-291E-42E5-9E8B-6D6357FF84E9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A727AA52-291E-42E5-9E8B-6D6357FF84E9}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\Windows\LastGood.Tmp => moved successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 261313834 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 2741749 B
Edge => 12288 B
Chrome => 299008 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 15546 B
NetworkService => 15546 B
Slávek => 225600160 B

RecycleBin => 1486716227 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:19:45 ====

Smazáno. Nastala nějaká změna?