﻿


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by Honza (25-10-2020 22:48:53)
Running from C:\Users\Honza\Desktop\frst
Windows 10 Pro Version 1709 16299.1127 (X64) (2020-10-13 21:30:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1476080041-3677474059-4115100907-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1476080041-3677474059-4115100907-503 - Limited - Disabled)
Guest (S-1-5-21-1476080041-3677474059-4115100907-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1476080041-3677474059-4115100907-1002 - Limited - Enabled)
Honza (S-1-5-21-1476080041-3677474059-4115100907-1000 - Administrator - Enabled) => C:\Users\Honza
WDAGUtilityAccount (S-1-5-21-1476080041-3677474059-4115100907-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Disabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.10 (HKLM\...\{A730612F-DC69-4EEC-AB92-0366346D9CCD}) (Version: 4.10.1.3240 - Open Media LLC)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{C31D139A-5A4A-44A7-9B85-7775CEA60121}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 20.8.3147 - AVG Technologies)
CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Elevated Installer (HKLM-x32\...\{BC4FF911-2F33-4A79-9D59-7E21866C8A09}) (Version: 7.0.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{414a0118-9b7e-484e-8079-a01bc6d069f8}) (Version: 7.0.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{630919DC-A490-4AFF-B2C9-C5FA69D3D742}) (Version: 7.0.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
GRAPHISOFT BIMx Desktop Viewer (HKLM-x32\...\103FFFFFFF20FF00FF2801F01F02F000-R1) (Version: 20.0 - GRAPHISOFT)
Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.32.0 (HKLM-x32\...\{2D793E41-F598-1014-9984-F3B169A93F79}) (Version: 1.2.32.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1211 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.18 - Lenovo) Hidden
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0110 - Lenovo)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.1927.1 - McAfee, LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.37 - )
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.13328.20278 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.13328.20278 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1476080041-3677474059-4115100907-1000\...\OneDriveSetup.exe) (Version: 20.189.0920.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Motordiag Komfort Manager Lite 1.20 (HKLM-x32\...\Motordiag Komfort Manager Lite) (Version: 1.20 - Motordiag)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13328.20278 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.7 - Tracker Software Products Ltd)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Saal Designer (HKLM-x32\...\{CDB7C673-311A-AB20-D4A4-8F67E39CDFCD}) (Version: 4.0 - Saal Digital Fotoservice GmbH) Hidden
Saal Designer (HKLM-x32\...\SaalDesigner) (Version: 4.0 - Saal Digital Fotoservice GmbH)
SpinTires Tech Demo (June 060613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.142 - Synaptics Incorporated)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.52a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{0BAA0A93-3AD3-4B19-9105-4C8C3FA92A83}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-23] (Microsoft Studios) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-10-14] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0 [2020-10-14] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1476080041-3677474059-4115100907-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Honza\AppData\Local\Microsoft\OneDrive\17.3.7010.0912\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1476080041-3677474059-4115100907-1000_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Honza\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-10-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-10-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2019-09-09 07:13 - 2019-09-09 07:13 - 001364992 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2020-06-09 10:37 - 2020-06-09 10:37 - 000073216 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2019-07-27 08:57 - 2019-07-27 08:57 - 096071680 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2020-06-09 10:37 - 2020-06-09 10:37 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2016-11-16 20:38 - 2013-07-02 13:10 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2013-02-23 11:47 - 2013-02-23 11:47 - 000166400 _____ (Brice Lambson) [File not signed] C:\Program Files\Image Resizer for Windows\ShellExtensions.dll
2020-06-09 10:41 - 2020-06-09 10:41 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2020-06-09 10:37 - 2020-06-09 10:37 - 002711552 _____ (Garmin International) [File not signed] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2020-06-09 10:37 - 2020-06-09 10:37 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2016-11-16 20:38 - 2013-07-02 13:16 - 000015360 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_COM_InterfaceLib.dll
2016-11-16 20:38 - 2013-07-02 13:10 - 000471040 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\AMT_SW_GUI.dll
2016-11-16 20:38 - 2013-07-02 13:10 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2017-05-16 20:28 - 2017-05-16 20:28 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2017-05-16 20:28 - 2017-05-16 20:28 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2020-06-09 10:39 - 2020-06-09 10:39 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2019-07-27 08:57 - 2019-07-27 08:57 - 000762368 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1476080041-3677474059-4115100907-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid=%7B45087838-C4E1-4390-8B05-37AE16DC6706%7D&mid=9216ec08e23047cfbc6b2b231aaa16b5-ab02af6f989d01b9a1a05449052f1acb59a0c788&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2016-11-16%2019:28:11&v=4.3.7.452&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-1476080041-3677474059-4115100907-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={45087838-C4E1-4390-8B05-37AE16DC6706}&mid=9216ec08e23047cfbc6b2b231aaa16b5-ab02af6f989d01b9a1a05449052f1acb59a0c788&lang=cs&ds=AVG&coid=avgtbavg&cmpid=ipm190214&pr=fr&d=2016-11-16 19:28:11&v=4.3.9.626&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1476080041-3677474059-4115100907-1000 -> {651F198D-B048-4B64-8164-41515EC75FB7} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_28314
SearchScopes: HKU\S-1-5-21-1476080041-3677474059-4115100907-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={45087838-C4E1-4390-8B05-37AE16DC6706}&mid=9216ec08e23047cfbc6b2b231aaa16b5-ab02af6f989d01b9a1a05449052f1acb59a0c788&lang=cs&ds=AVG&coid=avgtbavg&cmpid=ipm190214&pr=fr&d=2016-11-16 19:28:11&v=4.3.9.626&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-14] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2020-08-31 06:47 - 000000869 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1	mssplus.mcafee.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1476080041-3677474059-4115100907-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Honza\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.0.1 - 10.10.10.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

Network Binding:
=============
Wireless Network Connection: AVG Firewall NDIS6 Helper -> avgNetNd6 (enabled) 
Local Area Connection: AVG Firewall NDIS6 Helper -> avgNetNd6 (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{488B53CB-367D-4E04-8968-416E7F840966}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{DECF5836-BD76-4706-A6D2-DF9925175D15}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{4D43FEA9-C72C-4544-8214-917643475656}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE5B65C4-5BE6-473F-8587-FD4C42728E5A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B3B2F8BC-4C5F-4BD7-B0C8-229C579D0351}] => (Allow) LPort=1688
FirewallRules: [{1748B47E-67C7-4BEF-B698-F6129E1317EE}] => (Allow) C:\Users\Honza\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B0D75A1-D2E5-4E83-ABE5-C43847B92959}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{75BF0D7C-A60D-4CF7-8E62-DCAA8704789D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BD1A11AA-1E25-42F7-A43A-8DBA230A6906}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{20144338-68F5-4F5F-A84D-B8DC9052CAAC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{5D908B4B-DD65-4769-B5B1-C194E1B309A3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File
FirewallRules: [{0C8746BA-7452-4BA1-91C1-0E1E7481B3AE}] => (Allow) LPort=1688
FirewallRules: [{CFC4D4B9-EC1A-4866-A6EC-8C4A04BA6942}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7550E299-84F7-4507-9061-46F90FAB99FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CF2AC983-171F-4224-8B1A-6FE069698270}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ED5BDA9A-EB7B-4A6B-9943-CE8D06AEB395}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BADAB340-B028-4A3E-B2D7-E53FA2337583}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F746FDAE-B37C-472A-BD89-8935F2DCE4FD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AE3AFEE8-9E9C-438C-8FB3-8350E4FFE911}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{45FA6A9B-2A17-4A65-B07C-018D8CA3DD3D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{24D2B5E2-1692-4A08-B8FA-C06372DDEA8A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.144.538.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BC80FA03-CEDF-445F-97F5-B29D4EB20333}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.43 GB) (Free:16.55 GB) (14%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/25/2020 10:49:55 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2020-10-25T23:43:55Z. Error Code: 0x80070005.

Error: (10/23/2020 12:43:35 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2020-10-23T13:37:35Z. Error Code: 0x80070005.

Error: (10/23/2020 10:41:27 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2020-10-23T11:35:27Z. Error Code: 0x80070005.

Error: (10/23/2020 08:39:57 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2020-10-23T09:33:57Z. Error Code: 0x80070005.

Error: (10/23/2020 02:23:26 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2020-10-23T03:17:26Z. Error Code: 0x80070005.

Error: (10/22/2020 12:24:46 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2020-10-22T13:18:46Z. Error Code: 0x80070005.

Error: (10/22/2020 10:24:46 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2020-10-22T11:18:46Z. Error Code: 0x80070005.

Error: (10/22/2020 08:24:46 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2020-10-22T09:18:46Z. Error Code: 0x80070005.


System errors:
=============
Error: (10/25/2020 10:35:46 PM) (Source: DCOM) (EventID: 10016) (User: Honza-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Honza-PC\Honza SID (S-1-5-21-1476080041-3677474059-4115100907-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/20/2020 05:44:42 AM) (Source: DCOM) (EventID: 10010) (User: Honza-PC)
Description: The server Microsoft.Windows.Photos_2019.19041.20110.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (10/14/2020 11:42:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.

Error: (10/14/2020 11:42:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.

Error: (10/14/2020 11:42:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.

Error: (10/14/2020 11:42:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.

Error: (10/14/2020 11:42:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.

Error: (10/14/2020 11:42:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.


Windows Defender:
===================================
Date: 2020-10-25 22:42:37.865
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Honza\Desktop\frst\FRST64.exe
Signature Version: AV: 1.325.1372.0, AS: 1.325.1372.0, NIS: 1.325.1372.0
Engine Version: AM: 1.1.17500.4, NIS: 1.1.17500.4

Date: 2020-10-20 08:44:55.829
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Wacatac.B!ml&threatid=2147735503&enterprise=0
Name: Trojan:Script/Wacatac.B!ml
ID: 2147735503
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\Temp\_avg_\unp185330977.tmp
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
Signature Version: AV: 1.325.1034.0, AS: 1.325.1034.0, NIS: 1.325.1034.0
Engine Version: AM: 1.1.17500.4, NIS: 1.1.17500.4

Date: 2020-10-13 23:37:17.543
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Program Files\KMSpico\Service_KMS.exe;process:_pid:2844,ProcessStart:132470979604607464
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
Signature Version: AV: 1.251.42.0, AS: 1.251.42.0, NIS: 116.1.0.0
Engine Version: AM: 1.1.14104.0, NIS: 2.1.13804.0

Date: 2020-10-13 23:36:05.967
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Program Files\KMSpico\Service_KMS.exe;process:_pid:2844,ProcessStart:132470979604607464
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
Signature Version: AV: 1.251.42.0, AS: 1.251.42.0, NIS: 116.1.0.0
Engine Version: AM: 1.1.14104.0, NIS: 2.1.13804.0

Date: 2020-10-13 23:34:29.783
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Medium
Category: Tool
Path: file:_C:\Program Files\KMSpico\Service_KMS.exe;process:_pid:2844,ProcessStart:132470979604607464
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
Signature Version: AV: 1.251.42.0, AS: 1.251.42.0, NIS: 116.1.0.0
Engine Version: AM: 1.1.14104.0, NIS: 2.1.13804.0

Date: 2020-10-14 12:33:31.384
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80070006
Error description: The handle is invalid. 
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

CodeIntegrity:
===================================

Date: 2020-10-25 22:37:26.898
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-25 22:37:25.738
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-25 22:37:22.682
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-25 22:37:15.371
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-25 22:37:13.054
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-25 22:37:13.028
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-25 22:37:13.026
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-25 22:37:13.007
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: LENOVO 83ET82WW (1.52 ) 06/04/2018
Motherboard: LENOVO 4238A76
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 42%
Total physical RAM: 8075.23 MB
Available physical RAM: 4669.12 MB
Total Virtual: 16267.23 MB
Available Virtual: 12682.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.43 GB) (Free:16.55 GB) NTFS ==>[drive with boot components (obtained from BCD)]

\\?\Volume{7f735f06-0000-0000-0000-509b1d000000}\ () (Fixed) (Total:0.81 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 7F735F06)
Partition 1: (Active) - (Size=118.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833 MB) - (Type=27)

==================== End of Addition.txt =======================