VIRY.CZ

Dobrý den Defender mi píše: Nalezené hrozby "PUADlManager:Win32/Seznam". Prosím o kontrolu logu. Děkuji.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2022
Ran by vlast (25-11-2022 19:01:37)
Running from C:\Users\vlast\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2311 (X64) (2021-07-05 06:31:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4132436051-199185681-1240583427-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4132436051-199185681-1240583427-503 - Limited - Disabled)
Guest (S-1-5-21-4132436051-199185681-1240583427-501 - Limited - Disabled) => C:\Users\Guest
vlast (S-1-5-21-4132436051-199185681-1240583427-1001 - Administrator - Enabled) => C:\Users\vlast
WDAGUtilityAccount (S-1-5-21-4132436051-199185681-1240583427-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.003.20282 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
Bandicam (HKLM-x32\...\Bandicam) (Version: 5.1.1.1837 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
EncSpot Pro 2.1 beta 1 (HKLM-x32\...\EncSpot Professional_is1) (Version: - GuerillaSoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.108 - Google LLC)
HP Deskjet 3540 series Nápověda (HKLM-x32\...\{13EFEB9B-FB50-40C6-9F18-C3F38AAE81D1}) (Version: 30.0.0 - Hewlett Packard)
Intel(R) Computing Improvement Program (HKLM\...\{D17293BC-1678-4281-B94E-DBCF66AE7611}) (Version: 2.4.08919 - Intel Corporation)
Intel(R) SUR QC Software Asset Manager (HKLM\...\{B3804557-9824-4918-AA88-0DFAC94CD3B5}) (Version: 3.5.5033 - Intel Corporation) Hidden
MediaInfo 21.09 (HKLM\...\MediaInfo) (Version: 21.09 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.56 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.56 - Microsoft Corporation)
Microsoft Office Professional 2019 - cs-cz (HKLM\...\Professional2019Retail - cs-cz) (Version: 16.0.15726.20202 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\OneDriveSetup.exe) (Version: 22.227.1030.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mp3tag v3.18 (HKLM\...\Mp3tag) (Version: 3.18 - Florian Heidenreich)
MSVCRT Redists (HKLM\...\{E83D6FA1-B27C-11E9-B0DB-A5146957F833}) (Version: 1.0 - MAGIX Computer Products Intl. Co.) Hidden
NVIDIA Ovladač 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
TotalCMD by Marek410 (HKLM-x32\...\TotalCMD by Marek410) (Version: - )
VEGAS Pro 17.0 (HKLM\...\{E649B5F0-B27C-11E9-B856-A5146957F833}) (Version: 17.0.284 - VEGAS)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Základní software zařízení HP Deskjet 3540 series (HKLM\...\{4CCA7410-4D72-4720-87C2-DBB75486E991}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Zoner Photo Studio X CS (HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\ZPS X) (Version: 19.2209.2.409 - ZONER a.s.)
ZPS 19 CZ (HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\{E83AA227-7862-F115-2E87-46DCA9E3D879}) (Version: v.19.2004.2.262 - 18.08.2020 - libbi)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-09] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-04-11] (Microsoft Corporation)
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.83.53132.0_x64__8wekyb3d8bbwe [2022-11-18] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.11010.438.0_x64__8wekyb3d8bbwe [2022-10-15] (Microsoft Corporation)
Picsart - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PICSART-PHOTOSTUDIO_10.3.1.0_x64__crhqpqs3x1ygc [2022-11-18] (PicsArt Inc.)
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2022-11-21] (Bytedance Pte. Ltd.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\vlast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\54e4c98ff3d2e220\Bitwarden – Bezplatný správce hesel.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=nngceckbapebfimnlniiiahkandclblb
ShortcutWithArgument: C:\Users\vlast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"

==================== Loaded Modules (Whitelisted) =============

2021-07-05 09:03 - 2021-07-05 09:03 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2021-07-05 09:03 - 2021-07-05 09:03 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2021-09-09 20:19 - 2018-03-24 00:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2021-09-09 20:19 - 2018-03-24 00:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2022-05-05 16:44 - 2022-05-05 16:44 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2022-08-14 08:56 - 000000857 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4132436051-199185681-1240583427-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vlast\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
HKU\S-1-5-21-4132436051-199185681-1240583427-501\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_F993743CA8AD919610DC032EB5C17547"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AAF00C42-05DF-4E93-8F5B-D88BC09AC0F0}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{13E3E7C3-5A53-4205-80EB-6572D8BE3A33}] => (Allow) LPort=5357
FirewallRules: [{6C862557-ACE6-4245-8886-E23A04A90789}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F39A30DB-9133-4D50-8140-07300CCEEC46}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{51BB713F-40A7-4C90-84FE-8B1644CFA4FF}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{C8A7308C-A92F-4495-A709-87883757C288}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{FE9000FC-C50B-4953-8F68-F35411A8FF36}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{4D62946D-2931-4FD6-B616-86C17C5C75B1}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{B195AEFB-9868-4DEE-9DD3-F9592FB37DD0}] => (Allow) C:\Users\vlast\AppData\Local\Temp\7zS62EB\HP.EasyStart.exe => No File
FirewallRules: [TCP Query User{C7DC3151-3BE8-4EE9-80BA-EB4D2BACA34C}C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe] => (Allow) C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [UDP Query User{4FB08075-5759-47D0-9381-386064107736}C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe] => (Allow) C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{A1A73A92-2EA7-4CF0-A695-B9918312E9E4}] => (Block) C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{3877FC35-0F3D-4245-A24C-944E0C4109A9}] => (Block) C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [TCP Query User{936F4FD6-CF56-4200-9804-8660B3762FC4}C:\users\vlast\appdata\local\temp\7zs7cf6\enterprisedu.exe] => (Allow) C:\users\vlast\appdata\local\temp\7zs7cf6\enterprisedu.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [UDP Query User{436BBB6F-2A4E-4DA0-AAC9-373D7EA460BF}C:\users\vlast\appdata\local\temp\7zs7cf6\enterprisedu.exe] => (Allow) C:\users\vlast\appdata\local\temp\7zs7cf6\enterprisedu.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{FC0DC141-E686-4EB8-AFD0-B988A1A6415E}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{42A281F3-E661-4D77-9AAF-DA78E683C843}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{D2C236B5-52E5-40E1-80F5-017CA5EC004F}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{45A2A6C8-DB5A-429D-BEDF-BB71F98BBACE}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{17A0ED35-D6BF-4645-83E8-699D35AB0F92}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3BC880B1-4F5F-49D0-9809-7B3BE8AC7A3C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E5B12A6-80D1-4B0A-AFFB-20F2FAD2ACCA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C417A53C-C351-4D3D-B1F2-11C66CCD1EC8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D791F00E-33B9-4450-878A-0B7D448058A0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.56\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21133BEE-6304-4EEF-9403-9CE183D06A6E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-11-2022 13:57:30 Instalační služba modulů systému Windows
24-11-2022 15:27:25 Removed Kontrola stavu osobního počítače s Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/25/2022 03:24:23 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: MOJEPC)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (11/24/2022 12:25:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Data (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (11/24/2022 12:25:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na \\?\Volume{2bf59d76-0000-0000-0000-100000000000}\, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (11/23/2022 02:39:56 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na \\?\Volume{2bf59d76-0000-0000-0000-100000000000}\, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (11/21/2022 12:54:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Zps.exe, verze: 19.2004.2.262, časové razítko: 0x5f3bc9ca
Název chybujícího modulu: mfc140u.dll, verze: 14.25.28508.3, časové razítko: 0x5e155774
Kód výjimky: 0xc000041d
Posun chyby: 0x00000000002935e4
ID chybujícího procesu: 0x1a28
Čas spuštění chybující aplikace: 0x01d8fd904d788f44
Cesta k chybující aplikaci: C:\Program Files\ZPS 19 CZ\Program64\Zps.exe
Cesta k chybujícímu modulu: C:\Program Files\ZPS 19 CZ\Program64\mfc140u.dll
ID zprávy: 21962bc3-8297-417a-beea-fc08fd9008c2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/21/2022 12:54:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Zps.exe, verze: 19.2004.2.262, časové razítko: 0x5f3bc9ca
Název chybujícího modulu: mfc140u.dll, verze: 14.25.28508.3, časové razítko: 0x5e155774
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000002935e4
ID chybujícího procesu: 0x1a28
Čas spuštění chybující aplikace: 0x01d8fd904d788f44
Cesta k chybující aplikaci: C:\Program Files\ZPS 19 CZ\Program64\Zps.exe
Cesta k chybujícímu modulu: C:\Program Files\ZPS 19 CZ\Program64\mfc140u.dll
ID zprávy: 103f4e10-0312-4a7a-93d4-d49857bcc1da
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/18/2022 02:42:39 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: MOJEPC)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (11/16/2022 01:27:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Data (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (11/25/2022 03:17:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba User Energy Server Service queencreek byla ukončena s následující chybou:
{Nahrazení identifikátoru GUID}
Během převodu globálního identifikátoru (GUID) na ID zabezpečení Windows (SID) nebyla nalezena žádná správcem definovaná předpona GUID.
Byla použita náhradní předpona, která nepoškodí zabezpečení systému. Může tím ale dojít k většímu omezení přístupu, než bylo zamýšleno.

Error: (11/25/2022 01:26:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (11/24/2022 12:36:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (11/22/2022 12:47:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 2krát.

Error: (11/21/2022 09:54:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/18/2022 02:34:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba User Energy Server Service queencreek byla ukončena s následující chybou:
{Nahrazení identifikátoru GUID}
Během převodu globálního identifikátoru (GUID) na ID zabezpečení Windows (SID) nebyla nalezena žádná správcem definovaná předpona GUID.
Byla použita náhradní předpona, která nepoškodí zabezpečení systému. Může tím ale dojít k většímu omezení přístupu, než bylo zamýšleno.

Error: (11/11/2022 03:21:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba User Energy Server Service queencreek byla ukončena s následující chybou:
{Nahrazení identifikátoru GUID}
Během převodu globálního identifikátoru (GUID) na ID zabezpečení Windows (SID) nebyla nalezena žádná správcem definovaná předpona GUID.
Byla použita náhradní předpona, která nepoškodí zabezpečení systému. Může tím ale dojít k většímu omezení přístupu, než bylo zamýšleno.

Error: (11/11/2022 03:21:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 2krát.


Windows Defender:
================
Date: 2022-11-24 14:39:56
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {EC02EAB9-138D-466E-B23A-EACCB846F254}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-23 14:39:44
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {672E9F40-A112-44E4-BE46-39D81AF8E01C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-21 13:21:22
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D4E795A8-2F2C-4085-BC0A-17A8FDE37078}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-21 11:59:56
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {08215218-6C35-4EED-920C-AEE05A5D0102}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-18 10:35:53
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {AE71CF18-3453-4BEB-9AA7-CA18A908796C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2022-11-21 11:56:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-11-06 09:54:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-11-03 19:14:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-10-22 11:58:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-10-11 11:45:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-10-09 07:57:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Award Software International, Inc. FD 02/21/2012
Motherboard: Gigabyte Technology Co., Ltd. P67A-D3-B3
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 45%
Total physical RAM: 8175.11 MB
Available physical RAM: 4489.53 MB
Total Virtual: 9455.11 MB
Available Virtual: 5248.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:145.44 GB) (Free:95.95 GB) (Model: ST1000DM003-9YN162 ATA Device) NTFS
Drive d: (Data) (Fixed) (Total:785.03 GB) (Free:588.9 GB) (Model: ST1000DM003-9YN162 ATA Device) NTFS

\\?\Volume{2bf59d76-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.54 GB) (Free:0.1 GB) NTFS
\\?\Volume{2bf59d76-0000-0000-0000-a07e24000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2BF59D76)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=145.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=518 MB) - (Type=27)
Partition 4: (Not Active) - (Size=785 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2022
Ran by vlast (administrator) on MOJEPC (Gigabyte Technology Co., Ltd. P67A-D3-B3) (25-11-2022 18:58:52)
Running from C:\Users\vlast\Desktop
Loaded Profiles: vlast
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2311 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCopyAccelerator.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.43112.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.214.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.22031.10091.0_x64__8wekyb3d8bbwe\Music.UI.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\Run: [MicrosoftEdgeAutoLaunch_F993743CA8AD919610DC032EB5C17547] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3892168 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4132436051-199185681-1240583427-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP C711 Status Monitor: C:\Windows\system32\hpinkstsC711LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3540 series): C:\Windows\system32\HPDiscoPMC711.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.108\Installer\chrmstp.exe [2022-11-24] (Google LLC -> Google LLC)
Startup: C:\Users\vlast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3540 series.lnk [2021-08-17]
ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 3540 series.lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3540 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN57V3311605X5;CONNECTION=USB;MONITOR=1;
Startup: C:\Users\vlast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 3540 series.lnk [2022-11-25]
ShortcutAndArgument: Sledovat výstrahy inkoustu - HP Deskjet 3540 series.lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3540 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN57V3311605X5;CONNECTION=USB;MONITOR=1;

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B112892-D5DA-41F7-B9D8-8CA91E58AAA1} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {1E1E6BBF-2522-4F5E-A0E0-6C102AE3104A} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3231104 2022-05-02] (Intel Corporation -> Intel Corporation)
Task: {37D9DEDC-DF4D-4D3F-9589-BA0EB1C0E570} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {4451607F-4614-4FE7-A9F5-DDB055EB709E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {528001AE-6270-495E-9642-2059DAF7C502} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {7C40AC33-65B8-4695-99EB-AD7BD10CB2A7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154376 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {89CEAD06-F6A1-4DCE-AFF9-09A12DE91E92} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {93D2D01C-7C07-4C09-97B1-07A6503B9324} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114600 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {941FB3F9-8CC2-4F96-A09A-C54F7FF427EF} - System32\Tasks\Zoner.Updater.S-1-5-21-4132436051-199185681-1240583427-1001 => C:\ProgramData\Zoner\Zoner.Installer.Core\Updater.exe [1609008 2022-11-22] (ZONER software, a.s. -> ZONER a.s.)
Task: {9C8099D7-473E-4CE6-ACD1-6D0E475D1C4C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154376 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {A1D57D89-D5CE-421D-A5ED-0F947D65A5FC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {AFC6E67F-29C3-488C-BE7E-DB19872DE057} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E124F345-BF68-41D1-A6BB-E2BFB257D743} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114600 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {F333160E-E16A-46E0-88A4-0E4FC7AECAC2} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3231104 2022-05-02] (Intel Corporation -> Intel Corporation)
Task: {F415667D-8EE3-400B-9D33-D892F32F6EB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F5FF8D59-6425-4C73-8C26-FFAA4EBF188F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{955e1025-6fd1-4f01-9a2a-971fe32b1de0}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\vlast\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-25]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-11-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]

Chrome:
=======
CHR DefaultProfile: Profile 4
CHR Profile: C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-11-02]
CHR Profile: C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4 [2022-11-25]
CHR Notifications: Profile 4 -> hxxps://calendar.google.com; hxxps://www.pcworld.cz
CHR StartupUrls: Profile 4 -> "hxxp://www.google.com/"
CHR Extension: (Překladač Google) - C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-09-29]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-11-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-22]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-11-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-11]
CHR Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nngceckbapebfimnlniiiahkandclblb [2022-10-20]
CHR Profile: C:\Users\vlast\AppData\Local\Google\Chrome\User Data\System Profile [2022-10-27]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12515768 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49616 2022-11-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [469288 2022-11-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-11] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-25 18:58 - 2022-11-25 19:00 - 000014516 _____ C:\Users\vlast\Desktop\FRST.txt
2022-11-25 18:57 - 2022-11-25 18:59 - 000000000 ____D C:\FRST
2022-11-25 18:55 - 2022-11-25 18:55 - 002375680 _____ (Farbar) C:\Users\vlast\Desktop\FRST64.exe
2022-11-25 15:27 - 2022-11-25 15:27 - 000000000 ____D C:\AdwCleaner
2022-11-25 15:26 - 2022-11-25 15:26 - 008791352 _____ (Malwarebytes) C:\Users\vlast\Desktop\adwcleaner.exe
2022-11-25 15:17 - 2022-11-25 15:17 - 000001425 _____ C:\Windows\system32\default_error_stack-000030-000000.txt
2022-11-24 14:23 - 2022-11-24 14:23 - 000002378 _____ C:\Users\vlast\Downloads\IMG_20190808_145344.jpg.data-zps
2022-11-23 13:27 - 2022-11-24 21:39 - 000000000 ____D C:\Users\vlast\Downloads\Nová složka
2022-11-22 14:23 - 2022-11-22 14:23 - 000003778 _____ C:\Windows\system32\Tasks\Zoner.Updater.S-1-5-21-4132436051-199185681-1240583427-1001
2022-11-22 14:23 - 2022-11-22 14:23 - 000001595 _____ C:\Users\vlast\AppData\Roaming\Microsoft\Windows\Start Menu\Zoner Photo Studio X.lnk
2022-11-22 14:23 - 2022-11-22 14:23 - 000001593 _____ C:\Users\vlast\Desktop\Zoner Photo Studio X.lnk
2022-11-18 14:34 - 2022-11-18 14:34 - 000001425 _____ C:\Windows\system32\default_error_stack-000029-000000.txt
2022-11-18 14:23 - 2022-11-18 14:23 - 000012261 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-11-18 14:22 - 2022-11-18 14:22 - 000297472 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-11-18 13:58 - 2022-11-18 13:58 - 000000000 ___HD C:\$WinREAgent
2022-11-17 15:45 - 2022-11-18 14:03 - 000000000 ____D C:\Users\vlast\Desktop\šedý
2022-11-13 11:30 - 2022-11-13 11:30 - 000001208 _____ C:\Users\vlast\Desktop\6-DOPISŮ-interpunkčním-znaménkům.pdf – zástupce.lnk
2022-11-13 11:30 - 2022-11-13 11:30 - 000001066 _____ C:\Users\vlast\Desktop\Poznámky.docx – zástupce.lnk
2022-11-11 15:21 - 2022-11-11 15:21 - 000001425 _____ C:\Windows\system32\default_error_stack-000028-000000.txt
2022-11-07 12:41 - 2022-11-07 12:41 - 000000000 ____D C:\Users\vlast\Desktop\mapy
2022-11-02 21:20 - 2022-11-02 21:20 - 000001425 _____ C:\Windows\system32\default_error_stack-000027-000000.txt
2022-11-02 20:36 - 2022-11-02 20:36 - 000688128 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2022-11-02 20:36 - 2022-11-02 20:36 - 000073216 _____ C:\Windows\system32\nettraceex.dll
2022-10-29 19:44 - 2022-10-29 19:44 - 000001434 _____ C:\Windows\system32\default_error_stack-000026-000000.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-25 19:00 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-25 18:46 - 2021-07-05 08:15 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-25 18:46 - 2021-07-05 07:54 - 000000000 ___RD C:\Users\vlast\OneDrive
2022-11-25 15:35 - 2021-07-05 07:37 - 000000000 ____D C:\ProgramData\NVIDIA
2022-11-25 15:24 - 2021-07-05 07:36 - 001605666 _____ C:\Windows\system32\PerfStringBackup.INI
2022-11-25 15:24 - 2019-12-07 15:43 - 000682184 _____ C:\Windows\system32\perfh005.dat
2022-11-25 15:24 - 2019-12-07 15:43 - 000137000 _____ C:\Windows\system32\perfc005.dat
2022-11-25 15:24 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2022-11-25 15:19 - 2021-07-05 07:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-11-25 15:19 - 2021-07-05 07:23 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-25 15:18 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2022-11-25 13:43 - 2021-07-05 08:25 - 000000000 ____D C:\Users\vlast\AppData\Local\D3DSCache
2022-11-25 12:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2022-11-24 19:23 - 2021-07-05 08:16 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-24 19:22 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-24 15:28 - 2021-07-05 07:52 - 000000000 ____D C:\Users\vlast\AppData\Local\Packages
2022-11-24 12:36 - 2021-07-05 07:23 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-11-23 13:26 - 2021-07-05 07:25 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-22 14:22 - 2021-07-05 11:16 - 000000000 ____D C:\ProgramData\Zoner
2022-11-21 22:00 - 2021-07-05 07:37 - 000000000 ____D C:\Users\vlast
2022-11-21 14:41 - 2022-08-14 08:59 - 000000000 ____D C:\Users\vlast\AppData\Roaming\Zoner
2022-11-21 14:41 - 2022-08-14 08:59 - 000000000 ____D C:\Users\vlast\AppData\Local\Zoner
2022-11-21 12:54 - 2021-07-05 17:50 - 000000000 ____D C:\Users\vlast\AppData\Local\CrashDumps
2022-11-21 11:56 - 2021-07-05 07:54 - 000000000 ____D C:\Users\vlast\AppData\Local\PlaceholderTileLogoFolder
2022-11-21 11:33 - 2022-09-11 13:37 - 000000000 ____D C:\Users\vlast\Desktop\foto 22 menší rozlišení
2022-11-18 20:45 - 2022-09-10 20:41 - 000000000 ____D C:\Users\vlast\AppData\Roaming\com.adobe.dunamis
2022-11-18 14:55 - 2022-10-14 09:52 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-11-18 14:55 - 2021-07-05 21:09 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2022-11-18 14:36 - 2021-07-05 07:23 - 000438944 _____ C:\Windows\system32\FNTCACHE.DAT
2022-11-18 14:33 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemApps
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2022-11-18 14:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2022-11-18 14:30 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2022-11-18 14:22 - 2021-07-05 07:26 - 003014656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-11-17 20:51 - 2021-08-10 19:16 - 000000000 ____D C:\Users\vlast\AppData\Roaming\vlc
2022-11-17 20:43 - 2021-12-12 19:07 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4132436051-199185681-1240583427-1001
2022-11-17 20:43 - 2021-07-05 07:54 - 000003360 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4132436051-199185681-1240583427-1001
2022-11-17 20:43 - 2021-07-05 07:37 - 000002413 _____ C:\Users\vlast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-11-16 11:51 - 2021-07-05 09:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-11-11 13:06 - 2021-07-05 07:24 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-11-11 11:17 - 2021-07-05 11:49 - 000000000 ____D C:\Windows\system32\MRT
2022-11-11 11:12 - 2021-07-05 11:49 - 146960040 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-11-09 13:39 - 2021-07-07 11:04 - 000000000 ____D C:\Users\vlast\OneDrive\Dokumenty\Vlastní šablony Office
2022-11-07 20:36 - 2021-07-05 07:24 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-07 20:36 - 2021-07-05 07:24 - 000003516 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-11-06 09:55 - 2021-09-08 10:13 - 000000000 ____D C:\Users\vlast\AppData\Local\ElevatedDiagnostics
2022-11-06 08:55 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-11-06 08:55 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-11-06 08:55 - 2019-12-07 15:43 - 000000000 ____D C:\Windows\SysWOW64\winrm
2022-11-06 08:55 - 2019-12-07 15:43 - 000000000 ____D C:\Windows\SysWOW64\WCN
2022-11-06 08:55 - 2019-12-07 15:43 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2022-11-06 08:55 - 2019-12-07 15:43 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2022-11-06 08:55 - 2019-12-07 15:43 - 000000000 ____D C:\Windows\system32\winrm
2022-11-06 08:55 - 2019-12-07 15:43 - 000000000 ____D C:\Windows\system32\WCN
2022-11-06 08:55 - 2019-12-07 15:43 - 000000000 ____D C:\Windows\system32\slmgr
2022-11-06 08:55 - 2019-12-07 15:43 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2022-11-06 08:55 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2022-11-06 08:55 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2022-11-06 08:55 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2022-11-06 08:55 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2022-11-06 08:55 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-11-06 08:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-11-06 08:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2022-11-06 08:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2022-11-06 08:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-11-06 08:55 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-11-06 08:55 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-11-06 08:55 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2022-11-06 08:46 - 2019-12-07 15:45 - 000000000 ____D C:\Windows\OCR
2022-11-02 21:19 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2022-11-02 19:41 - 2022-01-04 13:15 - 000000438 _____ C:\Users\vlast\Desktop\Sledování TV.url
2022-11-01 13:40 - 2022-02-07 21:05 - 000000000 ____D C:\Users\vlast\Desktop\PříNaBydlení
2022-10-31 10:30 - 2022-04-13 20:07 - 000000000 ____D C:\Users\vlast\Desktop\NN International
2022-10-30 11:38 - 2021-07-05 11:52 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-10-30 10:35 - 2021-11-28 15:08 - 000000000 ____D C:\Users\vlast\AppData\Roaming\audacity
2022-10-29 20:43 - 2022-10-21 19:41 - 000001124 _____ C:\Users\vlast\Desktop\mp3DirectCut.lnk
2022-10-27 21:57 - 2022-10-04 10:14 - 000000000 ____D C:\Users\vlast\AppData\Roaming\Mp3tag
2022-10-27 08:09 - 2022-10-21 12:40 - 000000000 ____D C:\Windows\system32\Tasks\NCH Software

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Zdravím!
Dal jste pouze log FRST. Patří k němu i log Addition. Nejprve spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2022
Ran by vlast (25-11-2022 19:01:37)
Running from C:\Users\vlast\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2311 (X64) (2021-07-05 06:31:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4132436051-199185681-1240583427-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4132436051-199185681-1240583427-503 - Limited - Disabled)
Guest (S-1-5-21-4132436051-199185681-1240583427-501 - Limited - Disabled) => C:\Users\Guest
vlast (S-1-5-21-4132436051-199185681-1240583427-1001 - Administrator - Enabled) => C:\Users\vlast
WDAGUtilityAccount (S-1-5-21-4132436051-199185681-1240583427-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.003.20282 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
Bandicam (HKLM-x32\...\Bandicam) (Version: 5.1.1.1837 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
EncSpot Pro 2.1 beta 1 (HKLM-x32\...\EncSpot Professional_is1) (Version: - GuerillaSoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.108 - Google LLC)
HP Deskjet 3540 series Nápověda (HKLM-x32\...\{13EFEB9B-FB50-40C6-9F18-C3F38AAE81D1}) (Version: 30.0.0 - Hewlett Packard)
Intel(R) Computing Improvement Program (HKLM\...\{D17293BC-1678-4281-B94E-DBCF66AE7611}) (Version: 2.4.08919 - Intel Corporation)
Intel(R) SUR QC Software Asset Manager (HKLM\...\{B3804557-9824-4918-AA88-0DFAC94CD3B5}) (Version: 3.5.5033 - Intel Corporation) Hidden
MediaInfo 21.09 (HKLM\...\MediaInfo) (Version: 21.09 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.56 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.56 - Microsoft Corporation)
Microsoft Office Professional 2019 - cs-cz (HKLM\...\Professional2019Retail - cs-cz) (Version: 16.0.15726.20202 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\OneDriveSetup.exe) (Version: 22.227.1030.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mp3tag v3.18 (HKLM\...\Mp3tag) (Version: 3.18 - Florian Heidenreich)
MSVCRT Redists (HKLM\...\{E83D6FA1-B27C-11E9-B0DB-A5146957F833}) (Version: 1.0 - MAGIX Computer Products Intl. Co.) Hidden
NVIDIA Ovladač 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
TotalCMD by Marek410 (HKLM-x32\...\TotalCMD by Marek410) (Version: - )
VEGAS Pro 17.0 (HKLM\...\{E649B5F0-B27C-11E9-B856-A5146957F833}) (Version: 17.0.284 - VEGAS)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Základní software zařízení HP Deskjet 3540 series (HKLM\...\{4CCA7410-4D72-4720-87C2-DBB75486E991}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Zoner Photo Studio X CS (HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\ZPS X) (Version: 19.2209.2.409 - ZONER a.s.)
ZPS 19 CZ (HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\{E83AA227-7862-F115-2E87-46DCA9E3D879}) (Version: v.19.2004.2.262 - 18.08.2020 - libbi)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-09] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-04-11] (Microsoft Corporation)
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.83.53132.0_x64__8wekyb3d8bbwe [2022-11-18] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.11010.438.0_x64__8wekyb3d8bbwe [2022-10-15] (Microsoft Corporation)
Picsart - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PICSART-PHOTOSTUDIO_10.3.1.0_x64__crhqpqs3x1ygc [2022-11-18] (PicsArt Inc.)
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2022-11-21] (Bytedance Pte. Ltd.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\vlast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\54e4c98ff3d2e220\Bitwarden – Bezplatný správce hesel.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=nngceckbapebfimnlniiiahkandclblb
ShortcutWithArgument: C:\Users\vlast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"

==================== Loaded Modules (Whitelisted) =============

2021-07-05 09:03 - 2021-07-05 09:03 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2021-07-05 09:03 - 2021-07-05 09:03 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2021-09-09 20:19 - 2018-03-24 00:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2021-09-09 20:19 - 2018-03-24 00:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2022-05-05 16:44 - 2022-05-05 16:44 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2022-08-14 08:56 - 000000857 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4132436051-199185681-1240583427-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vlast\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
HKU\S-1-5-21-4132436051-199185681-1240583427-501\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_F993743CA8AD919610DC032EB5C17547"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AAF00C42-05DF-4E93-8F5B-D88BC09AC0F0}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{13E3E7C3-5A53-4205-80EB-6572D8BE3A33}] => (Allow) LPort=5357
FirewallRules: [{6C862557-ACE6-4245-8886-E23A04A90789}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F39A30DB-9133-4D50-8140-07300CCEEC46}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{51BB713F-40A7-4C90-84FE-8B1644CFA4FF}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{C8A7308C-A92F-4495-A709-87883757C288}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{FE9000FC-C50B-4953-8F68-F35411A8FF36}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{4D62946D-2931-4FD6-B616-86C17C5C75B1}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{B195AEFB-9868-4DEE-9DD3-F9592FB37DD0}] => (Allow) C:\Users\vlast\AppData\Local\Temp\7zS62EB\HP.EasyStart.exe => No File
FirewallRules: [TCP Query User{C7DC3151-3BE8-4EE9-80BA-EB4D2BACA34C}C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe] => (Allow) C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [UDP Query User{4FB08075-5759-47D0-9381-386064107736}C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe] => (Allow) C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{A1A73A92-2EA7-4CF0-A695-B9918312E9E4}] => (Block) C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{3877FC35-0F3D-4245-A24C-944E0C4109A9}] => (Block) C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [TCP Query User{936F4FD6-CF56-4200-9804-8660B3762FC4}C:\users\vlast\appdata\local\temp\7zs7cf6\enterprisedu.exe] => (Allow) C:\users\vlast\appdata\local\temp\7zs7cf6\enterprisedu.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [UDP Query User{436BBB6F-2A4E-4DA0-AAC9-373D7EA460BF}C:\users\vlast\appdata\local\temp\7zs7cf6\enterprisedu.exe] => (Allow) C:\users\vlast\appdata\local\temp\7zs7cf6\enterprisedu.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{FC0DC141-E686-4EB8-AFD0-B988A1A6415E}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{42A281F3-E661-4D77-9AAF-DA78E683C843}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{D2C236B5-52E5-40E1-80F5-017CA5EC004F}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{45A2A6C8-DB5A-429D-BEDF-BB71F98BBACE}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{17A0ED35-D6BF-4645-83E8-699D35AB0F92}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3BC880B1-4F5F-49D0-9809-7B3BE8AC7A3C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E5B12A6-80D1-4B0A-AFFB-20F2FAD2ACCA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C417A53C-C351-4D3D-B1F2-11C66CCD1EC8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D791F00E-33B9-4450-878A-0B7D448058A0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.56\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21133BEE-6304-4EEF-9403-9CE183D06A6E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-11-2022 13:57:30 Instalační služba modulů systému Windows
24-11-2022 15:27:25 Removed Kontrola stavu osobního počítače s Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/25/2022 03:24:23 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: MOJEPC)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (11/24/2022 12:25:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Data (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (11/24/2022 12:25:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na \\?\Volume{2bf59d76-0000-0000-0000-100000000000}\, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (11/23/2022 02:39:56 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na \\?\Volume{2bf59d76-0000-0000-0000-100000000000}\, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (11/21/2022 12:54:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Zps.exe, verze: 19.2004.2.262, časové razítko: 0x5f3bc9ca
Název chybujícího modulu: mfc140u.dll, verze: 14.25.28508.3, časové razítko: 0x5e155774
Kód výjimky: 0xc000041d
Posun chyby: 0x00000000002935e4
ID chybujícího procesu: 0x1a28
Čas spuštění chybující aplikace: 0x01d8fd904d788f44
Cesta k chybující aplikaci: C:\Program Files\ZPS 19 CZ\Program64\Zps.exe
Cesta k chybujícímu modulu: C:\Program Files\ZPS 19 CZ\Program64\mfc140u.dll
ID zprávy: 21962bc3-8297-417a-beea-fc08fd9008c2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/21/2022 12:54:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Zps.exe, verze: 19.2004.2.262, časové razítko: 0x5f3bc9ca
Název chybujícího modulu: mfc140u.dll, verze: 14.25.28508.3, časové razítko: 0x5e155774
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000002935e4
ID chybujícího procesu: 0x1a28
Čas spuštění chybující aplikace: 0x01d8fd904d788f44
Cesta k chybující aplikaci: C:\Program Files\ZPS 19 CZ\Program64\Zps.exe
Cesta k chybujícímu modulu: C:\Program Files\ZPS 19 CZ\Program64\mfc140u.dll
ID zprávy: 103f4e10-0312-4a7a-93d4-d49857bcc1da
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/18/2022 02:42:39 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: MOJEPC)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (11/16/2022 01:27:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Data (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (11/25/2022 03:17:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba User Energy Server Service queencreek byla ukončena s následující chybou:
{Nahrazení identifikátoru GUID}
Během převodu globálního identifikátoru (GUID) na ID zabezpečení Windows (SID) nebyla nalezena žádná správcem definovaná předpona GUID.
Byla použita náhradní předpona, která nepoškodí zabezpečení systému. Může tím ale dojít k většímu omezení přístupu, než bylo zamýšleno.

Error: (11/25/2022 01:26:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (11/24/2022 12:36:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (11/22/2022 12:47:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 2krát.

Error: (11/21/2022 09:54:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/18/2022 02:34:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba User Energy Server Service queencreek byla ukončena s následující chybou:
{Nahrazení identifikátoru GUID}
Během převodu globálního identifikátoru (GUID) na ID zabezpečení Windows (SID) nebyla nalezena žádná správcem definovaná předpona GUID.
Byla použita náhradní předpona, která nepoškodí zabezpečení systému. Může tím ale dojít k většímu omezení přístupu, než bylo zamýšleno.

Error: (11/11/2022 03:21:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba User Energy Server Service queencreek byla ukončena s následující chybou:
{Nahrazení identifikátoru GUID}
Během převodu globálního identifikátoru (GUID) na ID zabezpečení Windows (SID) nebyla nalezena žádná správcem definovaná předpona GUID.
Byla použita náhradní předpona, která nepoškodí zabezpečení systému. Může tím ale dojít k většímu omezení přístupu, než bylo zamýšleno.

Error: (11/11/2022 03:21:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 2krát.


Windows Defender:
================
Date: 2022-11-24 14:39:56
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {EC02EAB9-138D-466E-B23A-EACCB846F254}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-23 14:39:44
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {672E9F40-A112-44E4-BE46-39D81AF8E01C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-21 13:21:22
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D4E795A8-2F2C-4085-BC0A-17A8FDE37078}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-21 11:59:56
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {08215218-6C35-4EED-920C-AEE05A5D0102}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-18 10:35:53
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {AE71CF18-3453-4BEB-9AA7-CA18A908796C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2022-11-21 11:56:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-11-06 09:54:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-11-03 19:14:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-10-22 11:58:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-10-11 11:45:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-10-09 07:57:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Award Software International, Inc. FD 02/21/2012
Motherboard: Gigabyte Technology Co., Ltd. P67A-D3-B3
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 45%
Total physical RAM: 8175.11 MB
Available physical RAM: 4489.53 MB
Total Virtual: 9455.11 MB
Available Virtual: 5248.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:145.44 GB) (Free:95.95 GB) (Model: ST1000DM003-9YN162 ATA Device) NTFS
Drive d: (Data) (Fixed) (Total:785.03 GB) (Free:588.9 GB) (Model: ST1000DM003-9YN162 ATA Device) NTFS

\\?\Volume{2bf59d76-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.54 GB) (Free:0.1 GB) NTFS
\\?\Volume{2bf59d76-0000-0000-0000-a07e24000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2BF59D76)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=145.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=518 MB) - (Type=27)
Partition 4: (Not Active) - (Size=785 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-25-2022
# Duration: 00:00:08
# OS: Windows 10 (Build 19045.2311)
# Scanned: 32088
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
FirewallRules: [{B195AEFB-9868-4DEE-9DD3-F9592FB37DD0}] => (Allow) C:\Users\vlast\AppData\Local\Temp\7zS62EB\HP.EasyStart.exe => No File
Task: {A1D57D89-D5CE-421D-A5ED-0F947D65A5FC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {F5FF8D59-6425-4C73-8C26-FFAA4EBF188F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {528001AE-6270-495E-9642-2059DAF7C502} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
C:\DumpStack.log.tmp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-11-2022
Ran by vlast (26-11-2022 11:54:34) Run:1
Running from C:\Users\vlast\Desktop
Loaded Profiles: vlast & Guest
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
FirewallRules: [{B195AEFB-9868-4DEE-9DD3-F9592FB37DD0}] => (Allow) C:\Users\vlast\AppData\Local\Temp\7zS62EB\HP.EasyStart.exe => No File
Task: {A1D57D89-D5CE-421D-A5ED-0F947D65A5FC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {F5FF8D59-6425-4C73-8C26-FFAA4EBF188F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {528001AE-6270-495E-9642-2059DAF7C502} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
C:\DumpStack.log.tmp

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B195AEFB-9868-4DEE-9DD3-F9592FB37DD0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1D57D89-D5CE-421D-A5ED-0F947D65A5FC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1D57D89-D5CE-421D-A5ED-0F947D65A5FC}" => removed successfully
C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5FF8D59-6425-4C73-8C26-FFAA4EBF188F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5FF8D59-6425-4C73-8C26-FFAA4EBF188F}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{528001AE-6270-495E-9642-2059DAF7C502}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{528001AE-6270-495E-9642-2059DAF7C502}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49888407 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 17895354 B
Edge => 0 B
Chrome => 746910534 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 38856 B
NetworkService => 5499826 B
vlast => 166174707 B
Guest => 166371494 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-11-2022 12:00:57)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 12:00:57 ====

Smazáno. Nastala nějaká změna?

Upozornění je tam stále. Buď to dám do karantény nebo odebrat. Děkuji za snahu.

OK. Co se stame, když zatrhnete a potvrdíte Odebrat, nebo karanténa?