Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.02.2019 01
Ran by David (16-02-2019 23:44:24)
Running from C:\Users\David\Desktop
Windows 10 Home Version 1809 17763.316 (X64) (2019-01-19 22:31:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1976776874-1411867160-1571642719-500 - Administrator - Disabled)
David (S-1-5-21-1976776874-1411867160-1571642719-1001 - Administrator - Enabled) => C:\Users\David
DefaultAccount (S-1-5-21-1976776874-1411867160-1571642719-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1976776874-1411867160-1571642719-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1976776874-1411867160-1571642719-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1976776874-1411867160-1571642719-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Disabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall (Disabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.2.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
C:\Program Files\Adobe\Adobe Lightroom\LRcestina_uninstall.exe (HKLM-x32\...\CZ Lokalizace pro Lightroom CC 2015.1 a 6.0_is1) (Version: 1.1 - )
Catalyst Control Center Next Localization BR (HKLM\...\{5E4D0526-2745-32CC-C649-9B7F3681CC7B}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{CA152517-64E2-0AB2-E829-C89A59A0C5C9}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2EDF8CB4-7FF7-4EAF-6004-42ECA3FF1368}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{6BF3004E-1299-4850-2784-13F5B9632AAE}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA08A003-57AD-5067-37D8-B9CE60881DEC}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{49A0F369-BB97-0B81-72C3-64A8BA139477}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{B72938BC-7486-ABB3-655B-68129568DC73}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{69D88D62-28E0-74F3-7DA9-A2E387A09B78}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{4E8C5D26-1F36-9634-10CF-6FA600BDBEFC}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{638A5E9F-BB4F-9A35-11BD-F005597FC583}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7A1FC252-AAF1-32BE-B569-81783A9E69F5}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{1FAC9966-E21C-9BF9-1BC9-FE75A193852F}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{5F52CB5E-308F-B3B9-3D48-C814A267B332}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{9428B488-B898-D45A-C5D8-399664826E6D}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{C616157E-E72B-03DB-69C8-8F72C361C8C1}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{007F8F0E-E5F4-FFF1-D6D9-2E836EBCC78D}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{04444C35-2016-7E07-668A-935A94FF435B}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{DB84316E-AC9D-39C1-840A-656C3448F116}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{43404E0D-F0FC-2D39-361B-D90A6108ACD1}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A6339283-7BAD-5C32-34B9-2B3F84511CB1}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{70D770AD-C1B0-CA36-7451-53F63D34F692}) (Version: 2016.0727.311.3889 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
COMODO Internet Security Premium (HKLM\...\{67DA4459-33A8-4E69-9C7B-FB5CBADA60AB}) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.)
COMODO Secure Shopping (HKLM-x32\...\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA443498}) (Version: 1.3.142.0 - COMODO) Hidden
COMODO Secure Shopping (HKLM-x32\...\Comodo Secure_Shopping_list_uninstall) (Version: 1.3.443498.142 - Comodo)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6912 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.1.3030 - CyberLink Corp.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Audio Switch (HKLM\...\HPAudioSwitch) (Version: 1.0.111.0 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.27 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10608.329 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.8.1052 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{A5D7BA33-DE92-4283-B885-14AE73400444}) (Version: 19.01.1627.3533 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{d9719db8-d532-496c-9f2b-eeb1f69f7d89}) (Version: 10.1.1.34 - Intel(R) Corporation) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.5.463447.175 - Comodo)
Microsoft Excel 2013 - cs-cz (HKLM\...\ExcelRetail - cs-cz) (Version: 15.0.5093.1001 - Microsoft Corporation)
Microsoft Excel 2013 - en-us (HKLM\...\ExcelRetail - en-us) (Version: 15.0.5093.1001 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1976776874-1411867160-1571642719-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft PowerPoint 2013 - cs-cz (HKLM\...\PowerPointRetail - cs-cz) (Version: 15.0.5093.1001 - Microsoft Corporation)
Microsoft PowerPoint 2013 - en-us (HKLM\...\PowerPointRetail - en-us) (Version: 15.0.5093.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Word 2013 - cs-cz (HKLM\...\WordRetail - cs-cz) (Version: 15.0.5093.1001 - Microsoft Corporation)
Microsoft Word 2013 - en-us (HKLM\...\WordRetail - en-us) (Version: 15.0.5093.1001 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.5093.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.5093.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0405-1000-0000000FF1CE}) (Version: 15.0.5093.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-1000-0000000FF1CE}) (Version: 15.0.5093.1001 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
PX Profile Update (HKLM-x32\...\{840C254A-A6CE-30AF-9AAF-6C02C108A3AA}) (Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7898 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1976776874-1411867160-1571642719-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {062F9B30-CB3A-40E8-B411-A86BEB8EFE16} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
Task: {0D9580D5-EE67-464F-9D31-C2F4A5B7F0F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {21E33ABA-BE4B-4DF8-9C83-7A0E4E78EED9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {233E8A11-4D8C-44C9-88F9-FD2BFA3558FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {278555C3-0514-4D85-8D27-10A2B264C4C9} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {293A74E0-DD2F-4511-87AC-8231EA4B6FB8} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {318BAFE4-F7F5-4290-AD4B-361761BB61A0} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {367D45EF-69EE-45A3-819C-3E73776FF792} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
Task: {3E558469-EB3C-4802-8EA5-E694508C34DB} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe (Dropbox, Inc -> )
Task: {44EFC61F-51AE-45ED-8CC5-358D0C38F05E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {494CD5D6-00E4-4D2E-B03E-A5F3217828FA} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {51FBD747-2845-416D-9AC6-69A9BE2F176F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {6937F3F1-2818-41DB-A446-A5BCD09B773F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {6AF40FD1-296B-4971-A4EA-B38F582E75EF} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {6EBF8E90-9697-4A8C-8119-065992E1F715} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {6EDFE4F0-46EA-4B9C-B93A-1F1C24BB07F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {6F9EE298-156A-40D1-BFCD-6CBD0BE0AF77} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7BCF3E4D-4514-4B2D-BDFB-6F1BBD2A846B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8A6BE3A9-77CA-46B4-9D16-901680F23FE2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {8B77A0CC-D6D4-46EB-A9B2-29235991E493} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {94DC7318-F861-4A0D-8CBF-707FDE3BA3A2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A019E807-E0D8-4A07-AFE9-651D0F90227D} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {A1ECBF44-E41F-4814-BF0F-20D1CCBE6D8F} - System32\Tasks\PPI Update => C:\WINDOWS\explorer.exe "hxxp://windowsdefender.club/warning/download.php?mn=5623" <==== ATTENTION
Task: {AC78CC3A-837E-4C44-A116-4298A408C057} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {B4D0579B-4BB7-4F94-9884-BC773F3E90AC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {B74DC397-7C4C-48FA-8685-3B5F9EAD1BB5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {BB4DAC4E-C5F8-4C35-8AF2-4545E58F09CC} - System32\Tasks\OInstall => C:\WINDOWS\OInstall.exe
Task: {CE6000B9-6912-4261-9DFF-FBFDD62402C4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CF91BAB0-CE55-47EE-9AE4-1151ADAE61EC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D8E0A879-DE38-4510-B477-8371CF1519C2} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {DE73D825-214B-4645-A43B-E567609D57CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E9C29DF7-CA29-4DF4-B01F-85B59C6579EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {ED015AD3-4C08-4D10-B492-2CA13E4ADCA0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {EF6A90DB-8E6E-4CA7-8098-0BF905B152CC} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {F140B213-D59F-4DF4-9C87-7F6652FECAEF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {F406D056-58ED-43D9-8AB9-C9DB5B11CA70} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {F4EFD016-F7B2-4DFB-90FC-5A0E349AEEFB} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-12-27 23:17 - 2018-12-17 11:59 - 000159424 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2016-12-27 23:16 - 2018-12-17 11:57 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2016-12-27 23:16 - 2018-12-17 11:58 - 000246464 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2016-03-16 09:25 - 2017-09-07 09:39 - 000073920 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2018-09-15 08:28 - 2018-09-15 08:28 - 000834088 _____ () C:\Windows\System32\InputHost.dll
2018-04-04 17:03 - 2018-04-04 17:03 - 000173760 _____ () C:\WINDOWS\system32\IntelWifiIhv04.dll
2017-10-28 10:17 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-09-15 08:28 - 2018-09-15 08:28 - 000474624 _____ () C:\Windows\ShellExperiences\TileControl.dll
2019-02-16 08:18 - 2019-02-16 08:18 - 002801152 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-16 08:18 - 2019-02-16 08:18 - 001740800 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-02-16 08:15 - 2019-02-16 08:15 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-24 20:43 - 2018-10-24 20:43 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-16 08:15 - 2019-02-16 08:15 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-16 08:14 - 2019-02-16 08:14 - 006940160 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20388.0_x64__8wekyb3d8bbwe\YourPhone.exe
2019-02-16 08:14 - 2019-02-16 08:14 - 002456576 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20388.0_x64__8wekyb3d8bbwe\YourPhone.AppCore.dll
2019-02-16 08:14 - 2019-02-16 08:14 - 000254976 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20388.0_x64__8wekyb3d8bbwe\AppConfig.dll
2018-10-31 18:03 - 2018-10-31 18:03 - 001004032 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20388.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2019-02-16 08:14 - 2019-02-16 08:14 - 003318784 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.20388.0_x64__8wekyb3d8bbwe\PhoneCommunicationAppService.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-26 21:37 - 2019-01-26 21:38 - 000088888 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\zlib1.dll
2019-01-26 21:37 - 2019-01-26 21:38 - 001356088 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\libxml2.dll
2019-02-16 08:12 - 2019-02-13 06:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll
2019-02-16 08:12 - 2019-02-13 06:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll
2016-07-27 03:10 - 2016-07-27 03:10 - 000138752 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2019-01-30 20:55 - 2019-01-30 20:56 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-06 20:09 - 2018-11-06 20:09 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-30 20:55 - 2019-01-30 20:55 - 001757696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2019-02-01 18:01 - 2019-02-01 18:02 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-02-01 18:01 - 2019-02-01 18:02 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 20:20 - 2017-10-05 20:27 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-02-01 18:01 - 2019-02-01 18:01 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-18 21:13 - 2019-01-18 21:14 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-02-01 18:01 - 2019-02-01 18:02 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-02-01 18:01 - 2019-02-01 18:01 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-31 12:25 - 2018-08-31 12:25 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-27 19:13 - 2018-07-27 19:13 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-10 11:01 - 2019-01-10 11:01 - 000093648 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1976776874-1411867160-1571642719-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1976776874-1411867160-1571642719-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7F7C4321-0F45-4D7A-9535-1F5C811174B5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{01B93BFB-1DB7-408C-812F-9839B397F667}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{74D2D4DD-408E-47D9-9ABE-B62E1029410F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{1F0A04D7-A8A3-4041-ACF8-649A8814E942}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{59BD5CBC-DA30-475A-9AA2-4665C14B4F24}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{DFAC887D-DE1F-40B0-9328-F5CFF2C24A82}C:\users\david\desktop\totalcommanderportable\app\totalcommander\totalcmd.exe] => (Allow) C:\users\david\desktop\totalcommanderportable\app\totalcommander\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{603C6849-3012-4B2E-A95D-A96687929CD0}C:\users\david\desktop\totalcommanderportable\app\totalcommander\totalcmd.exe] => (Allow) C:\users\david\desktop\totalcommanderportable\app\totalcommander\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{60068779-9CF1-4D74-AC5F-088B75629A0C}] => (Block) C:\users\david\desktop\totalcommanderportable\app\totalcommander\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{4FC64AB5-D44B-4160-9E10-6FB4C84D0B1C}] => (Block) C:\users\david\desktop\totalcommanderportable\app\totalcommander\totalcmd.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{0976CEC8-AD20-4DD8-90CE-4A896F6050E6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7EA60146-14F4-4799-8C06-0AE5F2707BA9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C8991C1C-EF07-4D1D-B842-1A85D809429E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5DBB230D-EBCB-4549-9021-40DD05E99B03}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F84381AA-E02E-482A-984F-D69528D3934D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{67C963C5-A3D7-4024-AB9E-2A0C1654B197}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{40C15905-22D0-477C-9866-839E1F52EC54}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{88D92442-613D-47CC-A29D-44180189A760}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12093.3.37141.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8DB62B6E-8176-4F3E-B91B-993FE7F3A492}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{173F2E96-2718-41BB-919C-8D2E3709E746}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{F0B5A1AC-B280-4D1B-9C03-2606E6A8D3D3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

==================== Restore Points =========================

12-02-2019 11:26:11 Naplánovaný kontrolní bod
16-02-2019 08:11:51 Windows Update
16-02-2019 23:14:13 COMODO Internet Security Binary update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2019 11:14:52 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (02/16/2019 11:46:05 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (02/16/2019 11:33:49 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (02/16/2019 11:09:15 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (02/16/2019 11:07:32 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (02/16/2019 11:03:25 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (02/16/2019 10:59:19 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (02/16/2019 10:51:33 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.


System errors:
=============
Error: (02/16/2019 11:43:03 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku H: bylo zjištěno poškození.

Přesná povaha poškození není známa. Je potřeba zkontrolovat a opravit struktury systému souborů v online režimu.

Error: (02/16/2019 11:35:12 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku H: bylo zjištěno poškození.

Přesná povaha poškození není známa. Je potřeba zkontrolovat a opravit struktury systému souborů v online režimu.

Error: (02/16/2019 11:33:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID 
Windows.SecurityCenter.WscDataProtection
 a APPID 
Není k dispozici
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/16/2019 11:33:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID 
Windows.SecurityCenter.WscDataProtection
 a APPID 
Není k dispozici
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/16/2019 11:33:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID 
Windows.SecurityCenter.WscBrokerManager
 a APPID 
Není k dispozici
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/16/2019 11:33:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID 
Windows.SecurityCenter.SecurityAppBroker
 a APPID 
Není k dispozici
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/16/2019 11:32:15 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-FURA4EBM)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 a APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 uživateli LAPTOP-FURA4EBM\David (SID: S-1-5-21-1976776874-1411867160-1571642719-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/16/2019 11:28:13 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR6.


Windows Defender:
===================================
Date: 2019-02-16 10:58:00.484
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:VBS/AutoKMS&threatid=2147727612&enterprise=0
Název: HackTool:VBS/AutoKMS
ID: 2147727612
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\David\Desktop\2013-2016 C2R Install v5.9.3\files\ospp.vbs
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-FURA4EBM\David
Název procesu: C:\Windows\System32\cmd.exe
Verze podpisu: AV: 1.287.93.0, AS: 1.287.93.0, NIS: 1.287.93.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-16 10:50:54.990
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Wirzemro.B&threatid=2147729241&enterprise=0
Název: Trojan:MSIL/Wirzemro.B
ID: 2147729241
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\David\AppData\Local\Temp\1601170750\ic-0.d30fd30e93f5f.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-FURA4EBM\David
Název procesu: C:\Program Files (x86)\Microsoft Toolkit Final\Setup activation.exe
Verze podpisu: AV: 1.287.93.0, AS: 1.287.93.0, NIS: 1.287.93.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-16 10:50:44.500
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Unwaders.C!ml&threatid=242874&enterprise=0
Název: Program:Win32/Unwaders.C!ml
ID: 242874
Závažnost: Vážné
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\David\AppData\Local\Temp\1601170750\ic-0.fbb3b48efd88d.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-FURA4EBM\David
Název procesu: C:\Program Files (x86)\Microsoft Toolkit Final\Setup activation.exe
Verze podpisu: AV: 1.287.93.0, AS: 1.287.93.0, NIS: 1.287.93.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-16 10:44:16.859
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289&enterprise=0
Název: SoftwareBundler:Win32/Prepscram
ID: 226289
Závažnost: Vysoké
Kategorie: Software instalující další produkty
Cesta: file:_C:\Program Files (x86)\Microsoft Toolkit Final\Setup activation.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-FURA4EBM\David
Název procesu: C:\Users\David\Desktop\MT\Microsoft Toolkit Final.exe
Verze podpisu: AV: 1.287.93.0, AS: 1.287.93.0, NIS: 1.287.93.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

Date: 2019-02-16 10:43:52.300
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289&enterprise=0
Název: SoftwareBundler:Win32/Prepscram
ID: 226289
Závažnost: Vysoké
Kategorie: Software instalující další produkty
Cesta: file:_C:\Program Files (x86)\Microsoft Toolkit Final\Setup activation.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-FURA4EBM\David
Název procesu: C:\Users\David\Desktop\MT\Microsoft Toolkit Final.exe
Verze podpisu: AV: 1.287.93.0, AS: 1.287.93.0, NIS: 1.287.93.0
Verze modulu: AM: 1.1.15700.8, NIS: 1.1.15700.8

CodeIntegrity:
===================================

Date: 2019-02-16 23:40:00.686
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2019-02-16 23:40:00.674
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-16 23:36:18.349
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 23:36:18.334
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-16 23:35:06.626
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeSH.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Store signing level requirements.

Date: 2019-02-16 23:35:06.608
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-16 23:34:12.194
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 23:34:12.179
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 52%
Total physical RAM: 8104.07 MB
Available physical RAM: 3847.1 MB
Total Virtual: 9384.07 MB
Available Virtual: 4464.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:222.33 GB) (Free:57.95 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:14.17 GB) (Free:1.7 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{0915be77-77a5-433e-9e1d-e0e96e3d2585}\ () (Fixed) (Total:1.7 GB) (Free:1.18 GB) NTFS
\\?\Volume{25bfd9ef-fb3a-4297-a23b-e551775707a9}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 243DDDE8)

Partition: GPT.

==================== End of Addition.txt ============================