VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome

https://forum.viry.cz:443/viewtopic.php?t=159330

Stránka 1 z 1

Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome

Napsal: 24 říj 2023 09:23
od jirka2013
Dobrý den,
při otevření Chrome vyskakují okna se spamamem a odkazem na ru stranky.
Niže uvádím log z FRST

Děkuji za pomoc
J.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2023
Ran by adaby (administrator) on LAPTOP-RA2OT22C (HP HP Laptop 15s-eq1xxx) (24-10-2023 10:15:51)
Running from C:\Users\adaby\Downloads\FRST64.exe
Loaded Profiles: adaby
Platform: Microsoft Windows 11 Home Version 22H2 22621.2428 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(DriverStore\FileRepository\hpanalyticscomp.inf_amd64_43e3600968234e87\x64\TouchpointAnalyticsClientService.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_43e3600968234e87\x64\TouchpointGpuInfo.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\BridgeCommunication.exe <3>
(DriverStore\FileRepository\u0387389.inf_amd64_995be970e30b8c79\B385477\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0387389.inf_amd64_995be970e30b8c79\B385477\atieclxx.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.39.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_dd4cb97d217df0bc\RtkAudUService64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <33>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\adaby\AppData\Local\Microsoft\OneDrive\23.209.1008.0002\Microsoft.SharePoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\adaby\AppData\Local\Microsoft\Teams\current\Teams.exe <8>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0387389.inf_amd64_995be970e30b8c79\B385477\atiesrxx.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_43e3600968234e87\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\SysInfoCap.exe
(services.exe ->) (JBL) [File not signed] C:\Program Files\JBL\QuantumENGINE\QuantumService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0c755fff65745edd\RtkAudUService64.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(sihost.exe ->) (649690DD-9BE8-48E7-8019-88DCA877AF4E -> McAfee, LLC) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
(svchost.exe ->) (649690DD-9BE8-48E7-8019-88DCA877AF4E -> McAfee LLC) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6\HP.JumpStarts.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\adaby\AppData\Local\Microsoft\OneDrive\23.209.1008.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_0c755fff65745edd\RtkAudUService64.exe [1923384 2023-09-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [255896 2023-10-09] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [538160 2023-10-01] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\adaby\AppData\Local\Microsoft\Teams\Update.exe [2589872 2023-10-19] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\Run: [MicrosoftEdgeAutoLaunch_CE2DEBDBE6E6B6A71C4C548BB63EEA28] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4187176 2023-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-497818822-1726466583-137005623-1007\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [538160 2023-10-01] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\118.0.5993.89\Installer\chrmstp.exe [2023-10-20] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {BDBA97A7-BFC3-44A2-AF9B-15834DD8612D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {865FD787-2EF1-4A3D-8B14-8FB03C903046} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5135256 2023-10-09] (Avast Software s.r.o. -> AVAST Software)
Task: {FCE8F0E0-AE2D-4736-8112-1A987E0D24CE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-23] (Avast Software s.r.o. -> Avast Software)
Task: {4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {CA1AACC1-7471-4C0F-8282-A7C8B4F145B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {415F086C-CCD1-4056-BAF7-8E7659BF4C1A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2023-09-15] (HP Inc. -> HP Inc.)
Task: {F78FF70E-17B7-4C9C-863C-BFA125E1014F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-09-15] (HP Inc. -> HP Inc.)
Task: {99A4DF0D-48EB-4DA6-81AF-E427ECB55707} - System32\Tasks\HP\Consent Manager Launcher => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {BF28CF03-286B-45E4-BC53-BD9BFDCEF1B3} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {511FC79E-0A7F-418F-BB69-7C91CB95DBBD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26977976 2023-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {7B8FB049-08DC-4E80-8FBE-7046A74A5C26} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26977976 2023-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {5BC47B5A-F3B5-49EE-B479-56F4BB41F4DC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [160736 2023-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE6A99F5-DF7E-4C35-A90D-1633C8B58654} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [160736 2023-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {CFFD907C-416B-4812-AF9D-0330E6314905} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169136 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {EAF50981-BC0C-47B5-9943-953BC02381EC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [988256 2023-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {21AE26CF-E13B-4D61-AD1C-6A0F631E6DC2} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\WINDOWS\system32\UCPDMgr.exe [58880 2023-09-13] (Microsoft Windows -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {BD67FDCD-7473-4347-A050-21158A335AC1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {779B1E95-A823-452E-9EC2-0AF8EA5EA7BD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {EF1FC437-9079-44F3-A7BD-1886976D8183} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {2F5C0470-4EE7-46DB-9043-46A954B607D7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{19a5b0f0-23f4-437d-8826-ab74a5f5f8f0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d8dd2612-eec9-4760-86e1-2d07ded42d71}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\adaby\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-24]
Edge Extension: (Dokumenty Google offline) - C:\Users\adaby\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-09]
Edge Extension: (Edge relevant text changes) - C:\Users\adaby\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-09]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-10-09] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Default [2023-10-24]
CHR Notifications: Default -> hxxps://bankfs.ru; hxxps://www.eobuv.cz; hxxps://www.facebook.com
CHR Extension: (Dokumenty Google offline) - C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Profile: C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-04-23]
CHR Profile: C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-10-18]
CHR Notifications: Profile 1 -> hxxps://mail.google.com
CHR Extension: (Dokumenty Google offline) - C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-19]
CHR Profile: C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\adaby\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-06]
CHR Profile: C:\Users\adaby\AppData\Local\Google\Chrome\User Data\System Profile [2023-10-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [9090968 2023-10-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [776088 2023-10-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2304920 2023-10-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [796568 2023-10-09] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-20] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12860928 2023-10-07] (Microsoft Corporation -> Microsoft Corporation)
S3 CloudBackupRestoreSvc; C:\WINDOWS\System32\CloudRestoreLauncher.dll [1261568 2023-10-11] (Microsoft Windows -> Microsoft Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\AppHelperCap.exe [888272 2023-08-29] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\DiagsCap.exe [886736 2023-08-29] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\NetworkCap.exe [883152 2023-08-29] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f1a9bf9a59c52b11\x64\SysInfoCap.exe [886840 2023-08-29] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_43e3600968234e87\x64\TouchpointAnalyticsClientService.exe [497744 2023-08-02] (HP Inc. -> HP Inc.)
R2 QuantumService; C:\Program Files\JBL\QuantumENGINE\QuantumService.exe [1281536 2021-03-15] (JBL) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2909208 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [54776 2023-01-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0387389.inf_amd64_995be970e30b8c79\B385477\amdkmdag.sys [94633328 2023-01-11] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [127936 2019-07-02] (Alcorlink Corp. -> )
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31528 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [240176 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [392984 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297992 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [96064 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-10-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39760 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [275168 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [559696 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80416 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [950696 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [708048 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [213192 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [319560 2023-10-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2022-11-28] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-11-28] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218464 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
S3 HarmanAudioService; C:\WINDOWS\System32\drivers\HarmanFilter.sys [42192 2021-03-15] (Harman International Industries, Inc -> Harman International)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
S4 UCPD; C:\WINDOWS\System32\drivers\UCPD.sys [29184 2023-09-13] (Microsoft Windows -> Microsoft Corporation)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2022-05-07] (Microsoft Windows -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [48536 2022-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [438544 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [90384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-24 10:15 - 2023-10-24 10:16 - 000024539 _____ C:\Users\adaby\Downloads\FRST.txt
2023-10-24 10:15 - 2023-10-24 10:16 - 000000000 ____D C:\FRST
2023-10-24 10:15 - 2023-10-24 10:15 - 002383360 _____ (Farbar) C:\Users\adaby\Downloads\FRST64.exe
2023-10-18 19:26 - 2023-10-18 19:26 - 003573760 _____ C:\Users\adaby\Downloads\Obyvatelstvo Evropy.ppt
2023-10-18 19:26 - 2023-10-18 19:26 - 003573760 _____ C:\Users\adaby\Downloads\Obyvatelstvo Evropy (1).ppt
2023-10-13 21:53 - 2023-10-13 21:53 - 004735160 _____ C:\Users\adaby\Downloads\letak_horackova_lamino.pdf
2023-10-13 11:40 - 2023-10-19 16:29 - 000002421 _____ C:\Users\adaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams classic (work or school).lnk
2023-10-12 18:19 - 2023-10-12 18:19 - 000726632 _____ C:\WINDOWS\system32\perfh005.dat
2023-10-12 18:19 - 2023-10-12 18:19 - 000160898 _____ C:\WINDOWS\system32\perfc005.dat
2023-10-12 16:24 - 2023-10-12 16:24 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2023-10-11 18:39 - 2023-10-11 18:39 - 000060462 _____ C:\WINDOWS\SysWOW64\ctac.json
2023-10-11 18:38 - 2023-10-11 18:38 - 000060462 _____ C:\WINDOWS\system32\ctac.json
2023-10-11 18:38 - 2023-10-11 18:38 - 000016239 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2023-10-11 18:31 - 2023-10-11 18:35 - 000000000 ___HD C:\$WinREAgent
2023-10-09 19:38 - 2023-10-09 19:38 - 000313240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-10-04 20:26 - 2023-10-04 20:26 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-09-12 19:37 - 2023-09-12 19:37 - 001015808 _____ C:\Users\adaby\Downloads\2360-ekologie-ekosystem-prirozeny-a-umely.ppt
2023-09-05 17:32 - 2023-09-05 17:32 - 000019781 _____ C:\Users\adaby\Downloads\Seznam 0LA červen23 (1).xlsx
2023-09-03 20:15 - 2023-09-03 20:15 - 000012465 _____ C:\Users\adaby\Downloads\Rozvrh_HN_a_HS_Botevova_A12__šk._rok_2023-24_nástin.xlsx

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-24 10:14 - 2020-09-18 19:39 - 000000000 ____D C:\Users\adaby\AppData\Local\D3DSCache
2023-10-24 10:08 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-10-24 10:08 - 2020-09-18 19:47 - 000000000 ____D C:\Program Files (x86)\Google
2023-10-24 09:30 - 2020-09-18 21:12 - 000000000 ____D C:\Users\adaby\AppData\Roaming\Microsoft\Teams
2023-10-24 09:18 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-24 00:26 - 2022-11-28 23:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-10-23 16:46 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF
2023-10-23 15:42 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-23 15:42 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-10-22 17:28 - 2020-09-20 09:33 - 000000000 ____D C:\Users\adaby\AppData\Roaming\Microsoft\PowerPoint
2023-10-22 15:10 - 2020-09-18 21:05 - 000000000 ____D C:\Users\adaby\AppData\Roaming\Microsoft\Word
2023-10-22 10:47 - 2022-11-29 00:08 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-10-22 10:47 - 2022-11-29 00:08 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-10-22 10:47 - 2022-11-29 00:08 - 000003410 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-10-22 10:47 - 2022-11-29 00:08 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-10-22 10:47 - 2022-11-29 00:08 - 000003186 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-10-22 10:47 - 2022-11-29 00:08 - 000003058 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-497818822-1726466583-137005623-1007
2023-10-22 10:47 - 2022-11-29 00:08 - 000003058 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-497818822-1726466583-137005623-1001
2023-10-22 10:47 - 2022-11-29 00:08 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-497818822-1726466583-137005623-1007
2023-10-22 10:47 - 2022-11-29 00:08 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-497818822-1726466583-137005623-1001
2023-10-22 10:47 - 2022-11-29 00:08 - 000002848 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-497818822-1726466583-137005623-500
2023-10-22 10:47 - 2022-11-29 00:08 - 000002766 _____ C:\WINDOWS\system32\Tasks\HPAudioSwitch
2023-10-22 10:47 - 2022-11-29 00:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-10-22 10:23 - 2020-10-05 18:42 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-21 13:22 - 2020-09-18 19:42 - 000000000 ___RD C:\Users\adaby\OneDrive
2023-10-20 21:15 - 2021-03-31 14:16 - 000002384 _____ C:\Users\adaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-10-20 21:03 - 2022-10-12 19:26 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-10-20 21:03 - 2020-09-18 19:35 - 000000000 ____D C:\Users\adaby\AppData\Local\Packages
2023-10-20 20:57 - 2020-09-18 19:48 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-10-17 17:23 - 2022-11-29 00:08 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-10-14 17:30 - 2020-01-13 15:01 - 000000000 ____D C:\Program Files\Microsoft Office
2023-10-13 21:48 - 2020-09-18 21:05 - 000000000 ____D C:\Users\adaby\AppData\Roaming\Microsoft\Excel
2023-10-13 21:39 - 2021-02-07 12:11 - 000000000 ____D C:\Users\adaby\AppData\Local\CrashDumps
2023-10-12 18:19 - 2022-11-29 00:09 - 001733372 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-10-12 18:17 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-10-12 16:26 - 2020-12-09 22:30 - 000000000 ____D C:\ProgramData\Avast Software
2023-10-12 16:25 - 2022-11-29 00:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-10-12 16:25 - 2022-11-28 23:59 - 000589896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-10-12 16:25 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-10-12 16:25 - 2022-05-07 07:17 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2023-10-12 16:25 - 2021-03-31 14:15 - 000012288 ___SH C:\DumpStack.log.tmp
2023-10-12 16:24 - 2022-11-28 23:44 - 000000000 ____D C:\WINDOWS\HoloShell
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\system32\lxss
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\UUS
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-10-12 16:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-10-11 18:44 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-10-11 18:39 - 2022-11-29 00:00 - 003210752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-10-11 18:23 - 2020-09-18 20:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-10-11 18:17 - 2020-09-18 20:19 - 181553176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-10-10 20:14 - 2020-04-10 21:54 - 000000000 ____D C:\ProgramData\Packages
2023-10-09 19:38 - 2023-02-16 03:47 - 000031528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2023-10-09 19:38 - 2022-05-07 07:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-10-09 19:38 - 2020-12-09 22:32 - 000950696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000708048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000559696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000392984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000319560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000297992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000275168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000240176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000105248 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000096064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000080416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2023-10-09 19:38 - 2020-12-09 22:32 - 000039760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2023-10-09 17:27 - 2020-09-19 10:26 - 000000000 ____D C:\Users\adaby\AppData\Local\HP
2023-10-09 17:26 - 2022-11-29 00:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard

==================== Files in the root of some directories ========

2020-11-03 19:59 - 2021-01-14 19:44 - 000000220 _____ () C:\Users\adaby\AppData\Roaming\debug.log

==================== SigCheckExt =========================

2020-10-06 10:09 - 2020-10-06 10:09 - 001300353 _____ C:\WINDOWS\unins000.exe
2020-10-06 10:11 - 2020-10-06 10:11 - 001447178 _____ (Igor Pavlov) C:\Users\adaby\Downloads\7z1900-x64.exe
2023-10-24 10:15 - 2023-10-24 10:15 - 002383360 _____ (Farbar) C:\Users\adaby\Downloads\FRST64.exe
2020-12-19 19:04 - 2020-12-19 19:04 - 004411156 _____ C:\Users\adaby\Downloads\VlcTorrentStreamerPlugin_3.0.8.exe
2022-08-01 13:12 - 2022-08-01 13:12 - 001575742 _____ (Igor Pavlov) C:\Users\astro\Downloads\7z2201-x64.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{77332e58-7b64-11ea-8172-806e6f6e6963}
{d6b6c758-7bae-11ea-9b5f-00e04c68bc89}
timeout 0

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {e0cf2e87-6f67-11ed-92cd-ac38ac282f85}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Firmware Application (101fffff)
-------------------------------
identifier {77332e58-7b64-11ea-8172-806e6f6e6963}
device partition=\Device\HarddiskVolume1
description Internal Hard Disk
badmemoryaccess Yes

Firmware Application (101fffff)
-------------------------------
identifier {d6b6c758-7bae-11ea-9b5f-00e04c68bc89}
description USB Drive (UEFI)
badmemoryaccess Yes

Windows Boot Loader
-------------------
identifier {165eacb7-9223-11eb-82c7-cca5d75265a5}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{165eacb8-9223-11eb-82c7-cca5d75265a5}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale cs-CZ
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{165eacb8-9223-11eb-82c7-cca5d75265a5}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 11
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {e0cf2e89-6f67-11ed-92cd-ac38ac282f85}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {e0cf2e87-6f67-11ed-92cd-ac38ac282f85}
nx OptOut
bootmenupolicy Standard
hypervisorlaunchtype Auto

Windows Boot Loader
-------------------
identifier {e0cf2e89-6f67-11ed-92cd-ac38ac282f85}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{e0cf2e8a-6f67-11ed-92cd-ac38ac282f85}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale cs-CZ
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{e0cf2e8a-6f67-11ed-92cd-ac38ac282f85}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {e0cf2e87-6f67-11ed-92cd-ac38ac282f85}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
recoverysequence {e0cf2e89-6f67-11ed-92cd-ac38ac282f85}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
custom:21000026 partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Diagnostika paměti systému Windows
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {e0cf2e8a-6f67-11ed-92cd-ac38ac282f85}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi

==================== End of FRST.txt ========================

Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome

Napsal: 24 říj 2023 14:24
od Rudy
zDRAVÍM!
spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome

Napsal: 24 říj 2023 15:02
od jirka2013
Dobrý den, zasílám vypis z logu AdwCleaner

J.
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-24-2023
# Duration: 00:00:10
# OS: Windows 11 (Build 22621.2428)
# Scanned: 32109
# Detected: 21


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF28CF03-286B-45E4-BC53-BD9BFDCEF1B3}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKU\S-1-5-21-497818822-1726466583-137005623-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKU\S-1-5-21-497818822-1726466583-137005623-1007\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\adaby\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome

Napsal: 24 říj 2023 16:14
od Rudy
Toto je Ok. Preinstalled jsou jen utility od HP. Potřebuji ještě vidět log Addition. měl by být v C:\Users\adaby\Downloads .Děkuji

Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome

Napsal: 25 říj 2023 13:03
od jirka2013
Dobrý den, přikládám.
j.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by adaby (24-10-2023 10:18:13)
Running from C:\Users\adaby\Downloads
Microsoft Windows 11 Home Version 22H2 22621.2428 (X64) (2022-11-29 17:35:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

adaby (S-1-5-21-497818822-1726466583-137005623-1001 - Administrator - Enabled) => C:\Users\adaby
Administrator (S-1-5-21-497818822-1726466583-137005623-500 - Administrator - Disabled)
astro (S-1-5-21-497818822-1726466583-137005623-1007 - Administrator - Enabled) => C:\Users\astro
DefaultAccount (S-1-5-21-497818822-1726466583-137005623-503 - Limited - Disabled)
Guest (S-1-5-21-497818822-1726466583-137005623-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-497818822-1726466583-137005623-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 22.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2200-000001000000}) (Version: 22.00.00.0 - Igor Pavlov)
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.006.20360 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 23.9.6082 - Avast Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 118.0.5993.89 - Google LLC)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP USB-C Universal Dock (HKLM-x32\...\{98949D53-EC91-4ED0-A330-6E2BAEDFBD4E}_is1) (Version: 1.16.9 - HP)
JBL QuantumENGINE (HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\{35cdeb83-57d1-4692-8264-7b93565f24aa}) (Version: 1.6.0.1053 - JBL)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.16827.20166 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16827.20166 - Microsoft Corporation)
Microsoft 365 - sk-sk (HKLM\...\O365HomePremRetail - sk-sk) (Version: 16.0.16827.20166 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 118.0.2088.61 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 118.0.2088.61 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\OneDriveSetup.exe) (Version: 23.209.1008.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-497818822-1726466583-137005623-1007\...\OneDriveSetup.exe) (Version: 23.142.0709.0001 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\Teams) (Version: 1.6.00.28557 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.23.27002 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.23.207.2018 - Realtek)
R-Link 2 Toolbox (HKU\S-1-5-21-497818822-1726466583-137005623-1007\...\{R-Link 2 Toolbox}}_is1) (Version: 2.1.0 - Renault)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\ZoomUMX) (Version: 5.8.3 (1581) - Zoom Video Communications, Inc.)

Packages:
=========
5A894077.McAfeeSecurity -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2023-09-22] (McAfee LLC.)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-10-20] ()
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2022-11-26] (Amazon.com)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.40031.0_x64__0a9344xs7nr4m [2022-11-30] (Advanced Micro Devices Inc.) [Startup Task]
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2023-01-03] (Advanced Micro Devices Inc.)
Bakaláři – oficiální aplikace -> C:\Program Files\WindowsApps\40325JJones.Bakali_2.2.16.0_x64__gq7k0ca1wra62 [2023-09-06] (JJones)
Booking.com EMEA: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comEMEABigsavingso_2.0.5.0_x64__mgae2k3ys4ra0 [2023-09-06] (Priceline Partner Network)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-25] (Microsoft Corporation)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-10] (Microsoft Corporation)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.20.0_x64__xbfy0k16fey96 [2023-09-10] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2022-10-16] (HP Inc.)
Fishdom -> C:\Program Files\WindowsApps\PLRWorldwideSales.FishdomPlayrix_7.6.2.0_x64__1feq88045d2v2 [2023-10-18] (Playrix)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.44.301.0_x64__v10z8vjag6ke6 [2023-10-23] (HP Inc.)
HP JumpStarts -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStarts_1.10.1627.0_x64__v10z8vjag6ke6 [2023-09-05] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.4.0.0_x64__v10z8vjag6ke6 [2023-10-21] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2023-09-06] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_149.1.1056.0_x64__v10z8vjag6ke6 [2023-09-10] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.30.18.0_x64__v10z8vjag6ke6 [2023-09-26] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.39.0_x64__v10z8vjag6ke6 [2023-10-09] (HP Inc.)
Matchland - Build your Theme Park -> C:\Program Files\WindowsApps\DTeamStudio.Matchland-BuildyourThemePark_1.10.97.0_x64__d1ksdwd7kq768 [2023-09-06] (Plazma)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2310.10002.0_x64__8wekyb3d8bbwe [2023-10-12] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Corp.)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23272.2707.2453.769_x64__8wekyb3d8bbwe [2023-10-20] (Microsoft) [Startup Task]
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-10-12] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2023-09-06] (Random Salad Games LLC)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10160.0_x64__8wekyb3d8bbwe [2023-10-18] (Microsoft Studios) [MS Ad]
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2023-10-20] (Bytedance Pte. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2023-10-20] (Twitter Inc.)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2341.3.0_x64__cv1g1gvanyjgm [2023-10-22] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-10-12] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\adaby\AppData\Local\Microsoft\TeamsMeetingAddin\1.23.27002\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\adaby\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\adaby\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-10-09] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-03-15 09:28 - 2021-03-15 09:28 - 000529408 _____ () [File not signed] C:\Program Files\JBL\QuantumENGINE\FreespaceDeviceProvider.dll
2021-03-15 09:28 - 2021-03-15 09:28 - 000038912 _____ () [File not signed] C:\Program Files\JBL\QuantumENGINE\quantumcrashhandler.dll
2021-03-15 09:28 - 2021-03-15 09:28 - 000633856 _____ () [File not signed] C:\Program Files\JBL\QuantumENGINE\QuantumDeviceProvider.dll
2023-09-14 19:32 - 2023-09-14 19:32 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\f5836eea869011d9f6291cf9b7052643\Interop.IWshRuntimeLibrary.ni.dll
2023-09-14 19:32 - 2023-09-14 19:32 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\2291c400342bb064ac70d3f43f4350d0\Hardcodet.Wpf.TaskbarNotification.ni.dll
2023-09-14 19:32 - 2023-09-14 19:32 - 001701376 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\812bfcdb6de89f4e84e286670a1fecae\NAudio.ni.dll
2023-10-13 10:15 - 2023-10-13 10:15 - 003062272 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\42169599bfe84f556899f55e1a8cb8a7\Newtonsoft.Json.ni.dll
2023-10-13 10:15 - 2023-10-13 10:15 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\1c57748b3b2fd11cd905689020edb288\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> {7894A00B-61EF-4C60-8032-D98189E69671} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {7894A00B-61EF-4C60-8032-D98189E69671} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-497818822-1726466583-137005623-1001 -> {7894A00B-61EF-4C60-8032-D98189E69671} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-09-15] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-09-15] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-10-04] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-497818822-1726466583-137005623-1001\...\sharepoint.com -> hxxps://vos5kvetna-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2021-03-31 13:26 - 000001058 _____ C:\WINDOWS\system32\drivers\etc\hosts
192.168.0.113 host.docker.internal
192.168.0.113 gateway.docker.internal
127.0.0.1 kubernetes.docker.internal

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-497818822-1726466583-137005623-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-497818822-1726466583-137005623-1007\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{C6E6CCD2-DD75-459A-B1F5-7410A180A6A3}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{2BB395BA-D3D5-4F3F-8F2B-BC901495D25A}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [UDP Query User{77F0CBF1-4B06-45A0-B50F-A850891A7A67}C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7B6F6987-95F0-4284-9711-E9B9A999641C}C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{9D4362AE-2ABB-4D9B-8E8F-0BEB5C8EF341}C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C10ADE7E-7947-4309-9EC0-01DF657B6AE5}C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\adaby\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C2E30EC-66C5-4F36-ACB0-F2603B960DBB}] => (Allow) C:\Users\adaby\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FFB944F5-DF9E-4CC8-BFB0-497CCA380B07}] => (Allow) C:\Users\adaby\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9EB56AB1-C747-4744-B7B1-786736DFFD7D}] => (Allow) C:\Users\adaby\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{96C30111-05A7-469D-9C05-AF28FF478C8D}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8216BE11-1414-4748-B7BD-EC9DA97739AE}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{157FD241-1A84-4661-8A01-C01C2A19FED4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{20A467D0-0F33-4D49-9655-157F4BB0387B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23182.305.2227.4931_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5817AFE-73F3-4D0C-A9AA-C2B328D90049}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23182.305.2227.4931_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{73836157-818D-4821-8C21-FF9731CFAF1F}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23272.2707.2453.769_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{39EE5A1B-BDE7-4D38-8886-CB0C30CF38B6}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23272.2707.2453.769_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C97A79EE-A8C4-4A87-A543-F67CCFA0F00D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0464334C-B560-485C-AF8D-26A180B6D119}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDD5AE07-973A-4EBC-8B2D-7CD7E8CFCF92}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FC6D2244-5819-4D84-8FD3-E9691ACE74E6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1320E78D-F186-449F-AB0C-67A87EE56E49}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CA722CEB-C0F8-4848-8CC3-3B5D79A762F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

17-10-2023 17:24:24 Windows Update
21-10-2023 13:35:41 Windows Update
21-10-2023 13:36:00 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/13/2023 09:39:40 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-RA2OT22C)
Description: Název chybující aplikace: bad_module_info, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007ff6c95c3d4b
ID chybujícího procesu: 0x0x2de8
Čas spuštění chybující aplikace: 0x0x1d9fe0cf926e796
Cesta k chybující aplikaci: bad_module_info
Cesta k chybujícímu modulu: unknown
ID zprávy: f945b71e-4199-44ec-9482-efdd839eb837
Úplný název chybujícího balíčku: MSTeams_23257.2620.2442.7817_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MSTeams.Update

Error: (10/12/2023 04:26:03 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 12 Oct 2023 14:26:06 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: ad12ac44-42e7-4453-a99c-0d4d60f062bb

Metoda: GET(547ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (10/10/2023 01:31:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 10 Oct 2023 11:31:20 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 20b95225-4d87-4791-99a6-c6d4c70c7808

Metoda: GET(953ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/18/2023 03:41:18 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 18 Sep 2023 13:41:20 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: ab6e11b3-27f7-4fbd-9a51-998a71f13840

Metoda: GET(375ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/14/2023 05:09:48 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 14 Sep 2023 15:09:48 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: c07aa25e-0330-43e0-861f-fd3849df1a3b

Metoda: GET(375ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/05/2023 01:50:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 05 Sep 2023 11:50:26 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 9f19d094-e5b9-4649-b6de-f596df62f055

Metoda: GET(532ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (08/26/2023 05:54:44 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LAPTOP-RA2OT22C$ přes https://AMD-KeyId-8a0578cf56146fea399af ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Sat, 26 Aug 2023 15:54:47 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: a6d617df-5a0a-4a55-8830-02998edbc426

Metoda: GET(359ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (08/26/2023 05:53:59 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Název chybující aplikace: svchost.exe_AudioEndpointBuilder, verze: 10.0.22621.1, časové razítko: 0x6dc5c2a5
Název chybujícího modulu: ntdll.dll, verze: 10.0.22621.1848, časové razítko: 0x48d14984
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000002168d
ID chybujícího procesu: 0x0xd50
Čas spuštění chybující aplikace: 0x0x1d9d835864eaa43
Cesta k chybující aplikaci: C:\WINDOWS\System32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 422fb50c-11cc-469e-b729-821c302efebb
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (10/23/2023 04:44:16 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server microsoft.windowscommunicationsapps_16005.14326.21624.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/20/2023 09:00:04 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/18/2023 06:39:32 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server AD2F1837.HPSupportAssistant_9.30.18.0_x64__v10z8vjag6ke6!AD2F1837.HPSupportAssistant.AppXnh1b2twym8n9380b6n50v24as5w5qk0n.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/17/2023 05:24:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (10/14/2023 05:27:25 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/13/2023 09:39:43 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server microsoft.windowscommunicationsapps_16005.14326.21606.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/12/2023 06:20:57 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-RA2OT22C)
Description: Server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/12/2023 04:25:29 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 124) (User: NT AUTHORITY)
Description: 03225747456


CodeIntegrity:
===============
Date: 2023-10-24 09:44:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.52 09/22/2021
Motherboard: HP 8706
Processor: AMD Athlon Silver 3050U with Radeon Graphics
Percentage of memory in use: 87%
Total physical RAM: 6064.1 MB
Available physical RAM: 749.57 MB
Total Virtual: 10416.1 MB
Available Virtual: 1775.56 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:476.04 GB) (Free:374.03 GB) (Model: SAMSUNG MZVLB512HBJQ-000H1) NTFS

\\?\Volume{1ce64d0e-0b30-427d-a88a-b9d232149c29}\ () (Fixed) (Total:0.62 GB) (Free:0.08 GB) NTFS
\\?\Volume{65c2528c-bcb1-4ad5-950d-fb9023a92b2a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 05977A8C)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome

Napsal: 25 říj 2023 13:35
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {CA1AACC1-7471-4C0F-8282-A7C8B4F145B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {BD67FDCD-7473-4347-A050-21158A335AC1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {779B1E95-A823-452E-9EC2-0AF8EA5EA7BD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {EF1FC437-9079-44F3-A7BD-1886976D8183} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {2F5C0470-4EE7-46DB-9043-46A954B607D7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\adaby\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File

EmptyTemp:
End
Uložte do C:\Users\adaby\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome

Napsal: 30 říj 2023 20:34
od jirka2013
Dobrý den,

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by adaby (27-10-2023 16:16:15) Run:1
Running from C:\Users\adaby\OneDrive\Plocha\FRST
Loaded Profiles: adaby & astro
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {CA1AACC1-7471-4C0F-8282-A7C8B4F145B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-18] (Google LLC -> Google LLC)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {BD67FDCD-7473-4347-A050-21158A335AC1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {779B1E95-A823-452E-9EC2-0AF8EA5EA7BD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {EF1FC437-9079-44F3-A7BD-1886976D8183} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {2F5C0470-4EE7-46DB-9043-46A954B607D7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\adaby\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AB674E3-B1EF-4A11-8244-EEB8CFDC5A62}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA1AACC1-7471-4C0F-8282-A7C8B4F145B5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA1AACC1-7471-4C0F-8282-A7C8B4F145B5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD67FDCD-7473-4347-A050-21158A335AC1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD67FDCD-7473-4347-A050-21158A335AC1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{779B1E95-A823-452E-9EC2-0AF8EA5EA7BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{779B1E95-A823-452E-9EC2-0AF8EA5EA7BD}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF1FC437-9079-44F3-A7BD-1886976D8183}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF1FC437-9079-44F3-A7BD-1886976D8183}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F5C0470-4EE7-46DB-9043-46A954B607D7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F5C0470-4EE7-46DB-9043-46A954B607D7}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKU\S-1-5-21-497818822-1726466583-137005623-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removed successfully
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19047570 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 13937744 B
Edge => 0 B
Chrome => 3714197835 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 327268 B
NetworkService => 327268 B
adaby => 142617018 B
defaultuser100000 => 142624186 B
astro => 266665791 B
defaultuser100000.LAPTOP-RA2OT22C => 266665791 B

RecycleBin => 4743483861 B
EmptyTemp: => 8.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:21:42 ====

Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome

Napsal: 30 říj 2023 21:18
od Rudy
Smazáno. Nastala nějaká změna?

Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome

Napsal: 02 lis 2023 19:48
od jirka2013
Dobrý den, okna s reklamou přestala vyskakovat. Díky moc za pomoc

Re: Vyskujici okna s reklamou a odkazem na ru stranky pro otevreni Chrome

Napsal: 02 lis 2023 19:50
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz