Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by josef (25-11-2018 08:57:45)
Running from C:\Users\josef\Desktop
Windows 10 Pro Version 1803 17134.407 (X64) (2018-11-03 18:23:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2950931986-994548441-678899500-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2950931986-994548441-678899500-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2950931986-994548441-678899500-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2950931986-994548441-678899500-501 - Limited - Disabled)
josef (S-1-5-21-2950931986-994548441-678899500-1001 - Administrator - Enabled) => C:\Users\josef
WDAGUtilityAccount (S-1-5-21-2950931986-994548441-678899500-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1.25534 - emc, uTorrent.CZ)
Adobe Reader XI - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{18787388-9263-47A6-B954-41BDE0B90959}) (Version: 1.2.121.24663 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{2884d9b5-2fed-48df-b0e0-fe229e7eb781}) (Version: 1.2.121.24663 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.43.24 - Avira Operations GmbH & Co. KG)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 23.0.8.115 - Bitdefender)
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 3.2.1.401 - Foxit Software Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.11001.20108 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2950931986-994548441-678899500-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Project Professional 2016 - cs-cz (HKLM\...\ProjectProRetail - cs-cz) (Version: 16.0.11001.20108 - Microsoft Corporation)
Microsoft Visio Professional 2016 - cs-cz (HKLM\...\VisioProRetail - cs-cz) (Version: 16.0.11001.20108 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Opera Stable 56.0.3051.104 (HKU\S-1-5-21-2950931986-994548441-678899500-1001\...\Opera 56.0.3051.104) (Version: 56.0.3051.104 - Opera Software)
Paragon Partition Manager™ 15 Professional -nSane- (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.2.1.1780 - Samsung Electronics)
The Bat! v7.4.16 (64-bit) (HKLM\...\{BD704984-2F13-4EF3-90BD-38C949CE1D22}) (Version: 7.4.16 - Ritlabs, SRL)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Win10 PrivacyFix (HKLM-x32\...\{EFF218A1-EBF1-4EE2-8BAE-86D0E04B4F0F}_is1) (Version: 2.2 - Abelssoft)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.4.2012.5 - URSoft, Inc.)
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_CZ_is1) (Version: 15.0.1.3 - ZONER software)
Zoner Photo Studio X (HKLM\...\ZonerPhotoStudioX_CZ_is1) (Version: 19.1707.2.30 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2950931986-994548441-678899500-1001_Classes\CLSID\{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}\InprocServer32 -> C:\Program Files\Zoner\Photo Studio 19\Program64\SHELLEXT.DLL (ZONER software)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-11-05] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-11-05] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2950931986-994548441-678899500-1001: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files\Zoner\Photo Studio 19\Program64\SHELLEXT.DLL [2017-07-17] (ZONER software)
ContextMenuHandlers2_S-1-5-21-2950931986-994548441-678899500-1001: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files\Zoner\Photo Studio 19\Program64\SHELLEXT.DLL [2017-07-17] (ZONER software)
ContextMenuHandlers4_S-1-5-21-2950931986-994548441-678899500-1001: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files\Zoner\Photo Studio 19\Program64\SHELLEXT.DLL [2017-07-17] (ZONER software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {046C8B51-CF48-4C33-9BBB-9B72C1C4C128} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {10328532-CAD6-491F-ACB2-DE0BDF10A761} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-22] (Advanced Micro Devices, Inc.)
Task: {15052473-7301-46B9-AD08-AAD0F4F8555F} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-07-31] (Bitdefender)
Task: {1645F588-C002-4527-B89D-E9502839AC8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-02] (Google Inc.)
Task: {3525AE2E-67F5-45EE-B738-366A46590579} - System32\Tasks\Opera scheduled Autoupdate 1543061941 => C:\Users\josef\AppData\Local\Programs\Opera\launcher.exe [2018-11-14] (Opera Software)
Task: {4CB32345-81B9-48CE-B467-4AD38841B13C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {5D0775F1-ED4A-404A-8541-5DE4851660BA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2018-05-28] (Samsung Electronics Co. Ltd.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {706EC157-91D5-450D-89DA-67FE78FE2CE2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-11-16] (Microsoft Corporation)
Task: {91706A5D-E5C8-48DD-B015-EBBD13B9E983} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-16] (Microsoft Corporation)
Task: {979A1918-4A36-433A-B296-E6740EAA8A2E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-11-16] (Microsoft Corporation)
Task: {A1E5937E-FC41-49CF-979B-6C3DF25BE0EE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-16] (Microsoft Corporation)
Task: {A7971B56-8A17-484F-B770-7D8CF45CF3A6} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {B661C54A-AFF4-428F-9861-D48D4511C8CD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {EDF71860-B355-41FF-994A-4B9A6EFD06AE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-11-16] (Microsoft Corporation)
Task: {F4C85ABC-C177-4577-ACA8-A6B8B2BABACA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-02] (Google Inc.)
Task: {FD308538-DA35-4B15-ACA5-B148B99C4577} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-11-05] (Avira Operations GmbH & Co. KG)
Task: {FF614D75-5B32-4996-8D61-E31B65BB289E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-11-16] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Vysor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gidgenkbbabolejbgbpnhbimgjbffefm
ShortcutWithArgument: C:\Users\josef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk -> C:\Users\josef\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com

==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-11-15 19:36 - 2018-11-16 05:41 - 008953104 _____ () C:\Program Files\Microsoft Office\root\Office16\1029\GrooveIntlResource.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-13 20:03 - 2018-11-01 07:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-11-24 13:18 - 2018-11-05 10:23 - 001205792 _____ () C:\Program Files (x86)\Avira\Antivirus\crypto-42.dll
2018-11-24 13:18 - 2018-11-05 10:23 - 000244672 _____ () C:\Program Files (x86)\Avira\Antivirus\ssl-44.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [354]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2018-11-15 18:32 - 000004760 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    localhost
127.0.0.1           corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1           fe2.update.microsoft.com.akadns.net
127.0.0.1           feedback.microsoft-hohm.com
127.0.0.1           preview.msn.com
127.0.0.1           rad.msn.com
127.0.0.1           sls.update.microsoft.com.akadns.net
127.0.0.1           statsfe1.ws.microsoft.com
127.0.0.1           statsfe2.update.microsoft.com.akadns.net
127.0.0.1           statsfe2.ws.microsoft.com
127.0.0.1           survey.watson.microsoft.com
127.0.0.1           watson.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2950931986-994548441-678899500-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: on)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "CL-23-DF6DCCDD-730C-4BDA-A6B7-A176D2591BF8"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Services"
HKU\S-1-5-21-2950931986-994548441-678899500-1001\...\StartupApproved\StartupFolder: => "c4f75a7a2ccfeeb3256659b7363891a8.exe"
HKU\S-1-5-21-2950931986-994548441-678899500-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2950931986-994548441-678899500-1001\...\StartupApproved\Run: => "51c6838b2d9461bfc8e7228fb3036aa0"
HKU\S-1-5-21-2950931986-994548441-678899500-1001\...\StartupApproved\Run: => "c4f75a7a2ccfeeb3256659b7363891a8"
HKU\S-1-5-21-2950931986-994548441-678899500-1001\...\StartupApproved\Run: => "System"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5917C670-492B-4D87-B0A6-4464257D39F9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2FB6DCB6-4B87-4737-AEA7-D05D57116F22}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1E7B8EFA-3D85-48D3-9C9F-7BBABBE7D921}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{E88E26AC-7425-4A61-99D3-3BEE08DC1B88}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{03769F3C-C6C5-411A-B706-B260CCCA206C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C7875EF0-24D0-452F-AD23-E0D41AC64090}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{E84079BC-2EB2-45B9-9163-40A9D78B31DC}C:\users\josef\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\josef\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{683AB478-D2E3-47F5-9CFE-03C8CF47F720}C:\users\josef\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\josef\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{9694CCE6-173F-4426-8773-58B989817CDB}] => (Allow) C:\Windows\SvcFiles\msde.exe
FirewallRules: [{BF223FEA-3FFE-4746-9C3E-E7F5007ACF95}] => (Allow) C:\Windows\SvcFiles\msde.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2018 11:59:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x16b0
Čas spuštění chybující aplikace: 0x01d47f3db97ae480
Cesta k chybující aplikaci: C:\Users\josef\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: bca91e5b-d754-482b-bdd7-1743eb560b53
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (11/18/2018 01:49:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0xa28
Čas spuštění chybující aplikace: 0x01d47e9e5b00bdb2
Cesta k chybující aplikaci: C:\Users\josef\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 1cd1ad94-964e-4062-98ad-f53043f00ae6
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (11/15/2018 07:15:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0xcb0
Čas spuštění chybující aplikace: 0x01d47d0bc5f51f0f
Cesta k chybující aplikaci: C:\Users\josef\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 237ce37f-fd8e-4b2e-8acf-29cb7d682ad5
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (11/15/2018 07:11:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.17134.165 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 18f4

Čas spuštění: 01d473a900fb173b

Čas ukončení: 0

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: cef90b20-d1a8-4983-ae5e-ef5a6abbf4d7

Úplný název balíčku s chybou: 

ID aplikace související s balíčkem s chybou:

Error: (11/11/2018 12:02:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.285, časové razítko: 0x40f0d4bd
Kód výjimky: 0xc000041d
Posun chyby: 0x000063d7
ID chybujícího procesu: 0x2978
Čas spuštění chybující aplikace: 0x01d479904a40627c
Cesta k chybující aplikaci: C:\Users\josef\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 9cb2658b-08d2-4711-9332-2e8a10a441bc
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (11/10/2018 09:15:33 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Chyba služby Stínová kopie svazků: Svazek nebo disk není připojen nebo nebyl nalezen. 
Kontext chyby: CreateFileW(\\?\Volume{ce2eaaf5-0000-0000-0000-7e0000000000},0x00000000,0x00000003,...).


Kontext:
   Název svazku: \\?\Volume{ce2eaaf5-0000-0000-0000-7e0000000000}\

Error: (11/10/2018 09:15:33 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Chyba služby Stínová kopie svazků: Svazek nebo disk není připojen nebo nebyl nalezen. 
Kontext chyby: CreateFileW(\\?\Volume{ce2eaaf5-0000-0000-0000-7e0000000000},0xc0000000,0x00000003,...).

Error: (11/10/2018 08:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: vsserv.exe, verze: 23.0.14.53, časové razítko: 0x5bce054c
Název chybujícího modulu: RansomwareRecoverAL.dll, verze: 23.0.14.53, časové razítko: 0x5bce06ad
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000004fe3
ID chybujícího procesu: 0x6c4
Čas spuštění chybující aplikace: 0x01d473a207c2554d
Cesta k chybující aplikaci: C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
Cesta k chybujícímu modulu: C:\Program Files\Bitdefender\Bitdefender Security\RansomwareRecoverAL.dll
ID zprávy: f8663cb4-287c-40db-84b5-3c6e39b579c1
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (11/25/2018 08:56:12 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-A9OPUV2)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli DESKTOP-A9OPUV2\josef (SID: S-1-5-21-2950931986-994548441-678899500-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/24/2018 09:21:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-A9OPUV2)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli DESKTOP-A9OPUV2\josef (SID: S-1-5-21-2950931986-994548441-678899500-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/24/2018 09:21:14 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-A9OPUV2)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli DESKTOP-A9OPUV2\josef (SID: S-1-5-21-2950931986-994548441-678899500-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/24/2018 08:53:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID 
Windows.SecurityCenter.WscBrokerManager
 a APPID 
Není k dispozici
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/24/2018 08:51:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-A9OPUV2)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 a APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 uživateli DESKTOP-A9OPUV2\josef (SID: S-1-5-21-2950931986-994548441-678899500-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/24/2018 08:51:10 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (11/24/2018 05:22:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby: 
Načtení tohoto ovladače je blokováno.

Error: (11/24/2018 05:22:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\josef\AppData\Local\Temp\ehdrv.sys


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16342.89 MB
Available physical RAM: 13919.82 MB
Total Virtual: 16342.89 MB
Available Virtual: 13801.96 MB

==================== Drives ================================

Drive c: (WIN 10) (Fixed) (Total:110.78 GB) (Free:50.25 GB) NTFS
Drive d: (BOX 1) (Fixed) (Total:465.75 GB) (Free:95.33 GB) NTFS
Drive e: (BOX 2) (Fixed) (Total:465.75 GB) (Free:100.71 GB) NTFS
Drive f: (VAGON 1) (Fixed) (Total:292.97 GB) (Free:109.11 GB) NTFS
Drive g: (VAGON 2) (Fixed) (Total:308.01 GB) (Free:74.61 GB) NTFS
Drive h: (VAGON 3) (Fixed) (Total:97.65 GB) (Free:6.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive n: (CHIPDVD_0918) (CDROM) (Total:7.15 GB) (Free:0 GB) CDFS

\\?\Volume{9773eaac-7d20-4083-a83f-423880856a05}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{e807f1de-d68c-4ee0-a745-138728098246}\ () (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
\\?\Volume{eeedd989-1369-4460-bb1f-b5821d800169}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3461AB0B)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 0F92F149)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: F462F462)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=601 GB) - (Type=05)

==================== End of Addition.txt ============================