win32:malware-gen

Zpráva

flood · #1 Příspěvek od **flood** » 14 lis 2018 08:36

Ahoj,

prosim o kontrolu logu, vcera mi Avast hlasil win32:malware-gen. Bohuzel jsem si neudelal printscreen, dalsi hlaseni uz neprobehlo.

Log z FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by Ondra (administrator) on ONDRA-HP (14-11-2018 08:25:04)
Running from C:\Users\Ondra\Desktop
Loaded Profiles: Ondra & winpostgr (Available Profiles: Ondra & winpostgr)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\BitX\bitxsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
() C:\Program Files (x86)\Windscribe\WindscribeService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\postgres.exe
(Microsoft Corporation) C:\Windows\System32\net.exe
(Microsoft Corporation) C:\Windows\System32\net1.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
() C:\xampp\xampp-control.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\xampp\mysql\bin\mysqld.exe
(Toolheap) C:\Program Files (x86)\Toolheap\Test Mail Server Tool\TestMailServerTool.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Ondra\Disk Google\Prace\Projekty\Freshlabels\Altus\AVIS_sada_priloh_pro_vyvojare\AVIS eBrana test\AVIS_ebrana.exe
(Microsoft Corporation) C:\Program Files (x86)\WcfTestClient\WcfTestClient.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Synology\Assistant\DSAssistant.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Ondra\Disk Google\Prace\Projekty\Freshlabels\Altus\AVIS_sada_priloh_pro_vyvojare\AVIS eBrana test\AVIS_ebrana.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(NuSphere Corp.) C:\Program Files\NuSphere\PhpED\phped.exe
(AI Internet Solutions LLC) C:\Program Files (x86)\NuSphere\PhpED\CSE Validator Lite 14\cmdlineprocessor.exe
(NuSphere Corp.) C:\Program Files\NuSphere\PhpED\DbgListener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_28_0_0_161_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Ondra\AppData\Local\Kingsoft\WPS Office\10.2.0.7549\office6\wpscloudsvr.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Ondra\AppData\Local\Kingsoft\WPS Office\10.2.0.7549\office6\wpscenter.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [153816 2016-10-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-08-30] (AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2016-01-27] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [191200 2015-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\Run: [WinSweep] => C:\Program Files (x86)\WinSweeper\WinSweeper.exe
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46459080 2018-10-04] ()
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\Run: [Google Update] => C:\Users\Ondra\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-17] (Google Inc.)
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe [4265784 2018-05-16] (pCloud AG)
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\MountPoints2: {77b27b87-8844-11e4-82e9-ecb1d7985ea1} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Ondra\AppData\Roaming\Copy\CopyAgent.exe"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] DPPassFilter scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
SSODL: EldosMountNotificator-cbfs6 - {8016A1F4-8798-44D4-BDEF-3F771BC6F5BD} - C:\Windows\system32\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {8016A1F4-8798-44D4-BDEF-3F771BC6F5BD} - C:\Windows\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-11-13]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-06-30]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * aswBoot.exe /M:88a8dd70906 /wow /dir:"C:\Program Files\AVAST Software\Avast"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{38A2953D-E789-45D6-8629-4236ACEE5287}: [DhcpNameServer] 31.31.224.2 192.168.1.1
Tcpip\..\Interfaces\{72BC198D-7E48-43B8-85F1-53B6DD8D90DC}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... 0811__yaie
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-3001894681-2676971518-1704727488-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-3001894681-2676971518-1704727488-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
SearchScopes: HKU\S-1-5-21-3001894681-2676971518-1704727488-1002 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bi ... earchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-08-07] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2018-03-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - NuSphere Debugger ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar64.dll [2016-08-14] ()
Toolbar: HKLM-x32 - NuSphere Debugger ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll [2016-08-14] ()
DPF: HKLM-x32 {F680B28A-3AEE-4C88-93ED-45AE9215C128} hxxps://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab

FireFox:
========
FF DefaultProfile: 4hu0wz3w.default
FF ProfilePath: C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\4hu0wz3w.default [2018-10-26]
FF Homepage: Mozilla\Firefox\Profiles\4hu0wz3w.default -> hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... 0811__yaff
FF NewTab: Mozilla\Firefox\Profiles\4hu0wz3w.default -> hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... 0811__yaff
FF Extension: (Amazon Assistant for Firefox) - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\4hu0wz3w.default\Extensions\abb@amazon.com.xpi [2018-06-28]
FF Extension: (Avast SafePrice) - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\4hu0wz3w.default\Extensions\sp@avast.com.xpi [2018-06-28]
FF Extension: (Avast Online Security) - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\4hu0wz3w.default\Extensions\wrc@avast.com.xpi [2018-06-28]
FF Extension: (Edit Cookies) - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\4hu0wz3w.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2016-10-24] [Legacy]
FF SearchPlugin: C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\4hu0wz3w.default\searchplugins\yahoo-lavasoft.xml [2016-08-11]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (DPChrome) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-06-30] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-09-13] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-3001894681-2676971518-1704727488-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Ondra\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3001894681-2676971518-1704727488-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Ondra\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3001894681-2676971518-1704727488-1002: SkypeForBusinessPlugin-16.2 -> C:\Users\Ondra\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.282\npGatewayNpapi.dll [2018-10-19] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3001894681-2676971518-1704727488-1002: SkypeForBusinessPlugin64-16.2 -> C:\Users\Ondra\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.282\npGatewayNpapi-x64.dll [2018-10-19] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default [2018-11-14]
CHR Extension: (Prezentace) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-28]
CHR Extension: (Dokumenty) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Disk Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (JSON Formatter) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjindcccaagfpapjjmafapmmgkkhgoa [2018-04-04]
CHR Extension: (YouTube) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Vyhledávání Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (RTF Viewer) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\djalaeippddcgflofefafkgijpefkjef [2018-06-10]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-05-18]
CHR Extension: (Xdebug helper) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc [2018-06-19]
CHR Extension: (MozBar) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2018-10-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-09]
CHR Extension: (Boomerang - SOAP & REST Client) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eipdnjedkpcnlmmdfdkgfpljanehloah [2018-08-16]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-10-12]
CHR Extension: (Facebook Pixel Helper) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2018-10-26]
CHR Extension: (Full Page Screen Capture) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-10-21]
CHR Extension: (Tabulky) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Page Analytics (by Google)) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2016-06-30]
CHR Extension: (Quick Javascript Switcher) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2016-05-25]
CHR Extension: (Ripple Emulator (Beta)) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc [2014-12-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Avast Online Security) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-12]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2014-12-16]
CHR Extension: (DBG debugger helper) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmakegkfgkoaeoligncjmnklkdmdjin [2014-12-16]
CHR Extension: (Advanced REST client) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2017-12-17]
CHR Extension: (feedly) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2016-08-22]
CHR Extension: (VratnePenize.cz Připomínáček) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiekfaemafmplemocgimeccahephhdgf [2018-04-17]
CHR Extension: (Google Analytics Debugger) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkmfdileelhofjcijamephohjechhna [2018-09-06]
CHR Extension: (DBG debugger toolbar) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjdjkohmopcgecijakgemceodpjpdp [2018-06-19]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-08-08]
CHR Extension: (AP - Data Layer Inspector+) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmcbdogdandhihllalknlcjfpdjcleom [2018-07-06]
CHR Extension: (Google Sheets) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcahnhkcfaikkapifpaenbabamhfnecc [2016-05-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-03]
CHR Extension: (Rozšíření DigitalPersona) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-01-27]
CHR Extension: (Save to Pocket) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2018-07-06]
CHR Extension: (MetaMask) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2018-11-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (ColorPick Eyedropper) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2018-09-06]
CHR Extension: (Pretty Beautiful Javascript) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\piekbefgpgdecckjcpffhnacjflfoddg [2016-09-05]
CHR Extension: (Gmail) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-17]
CHR HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2013-09-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7994520 2018-08-30] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-30] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-17] (AVAST Software)
R2 BitXService; C:\Program Files (x86)\BitX\bitxsvc.exe [1886208 2016-08-10] () [File not signed]
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9121248 2018-10-24] (AVAST Software)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-18] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-09-13] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [567608 2013-09-06] (Hewlett-Packard Company)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-10-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 Service1; C:\Program Files (x86)\WinStrom\winstromservice.exe [586752 2015-04-30] (FlexiBee Systems s.r.o.) [File not signed]
S3 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247536 2018-07-18] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248856 2017-08-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-29] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [53352 2016-12-08] ()
R2 WinStrom-PostgreSQL; C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\pg_ctl.exe [76800 2014-03-18] (PostgreSQL Global Development Group) [File not signed]
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-06-30] (Broadcom Corporation) [File not signed]
S3 wpscloudsvr; C:\Users\Ondra\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe [242344 2018-11-02] (Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201408 2018-10-22] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230512 2018-10-22] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201928 2018-10-22] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346760 2018-10-22] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59664 2018-10-22] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185240 2018-10-22] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47064 2018-10-22] (AVAST Software)
S1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42456 2018-10-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163376 2018-10-22] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111968 2018-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88112 2018-10-22] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028840 2018-10-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467904 2018-10-22] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208640 2018-10-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381144 2018-10-22] (AVAST Software)
R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-09-09] (/n software, Inc.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-06-13] (Hewlett-Packard Company)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [502256 2016-01-22] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2013-08-22] (WinMagic Inc.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [476888 2016-01-27] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8876248 2016-10-06] (Realtek Semiconductor Corp.)
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2013-08-22] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2013-08-22] (WinMagic Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-04] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [41824 2018-07-18] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [200832 2018-01-15] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [211704 2018-01-15] (Oracle Corporation)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2016-09-09] (/n software, Inc.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-14 08:25 - 2018-11-14 08:25 - 000042417 _____ C:\Users\Ondra\Desktop\FRST.txt
2018-11-14 08:24 - 2018-11-14 08:25 - 000000000 ____D C:\FRST
2018-11-14 08:23 - 2018-11-14 08:23 - 002415616 _____ (Farbar) C:\Users\Ondra\Desktop\FRST64.exe
2018-11-14 08:13 - 2018-11-14 08:14 - 000001078 _____ C:\Windows\system32dbgraw.bmp
2018-11-13 10:35 - 2018-11-13 10:35 - 000003936 _____ C:\Windows\System32\Tasks\Avast Cleanup Update
2018-11-13 10:35 - 2018-11-13 10:35 - 000001226 _____ C:\Users\Public\Desktop\Avast Cleanup Premium.lnk
2018-11-03 08:58 - 2018-11-03 08:58 - 000000522 _____ C:\Users\Ondra\Downloads\ce23ffdf-39a1-4cb5-a593-04f39243044b.tmp
2018-11-02 16:32 - 2018-11-11 13:44 - 000004182 _____ C:\Windows\System32\Tasks\WpsExternal_Ondra_20181102163233
2018-11-02 16:32 - 2018-11-02 16:32 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2018-11-02 14:25 - 2018-10-30 11:18 - 000014781 _____ C:\Users\Ondra\Documents\fix_orders.csv_0.ods
2018-10-30 09:22 - 2018-10-30 09:22 - 007693048 _____ (Tim Kosse) C:\Users\Ondra\Downloads\FileZilla_3.38.1_win64-setup.exe
2018-10-25 13:16 - 2018-10-25 13:16 - 000001489 _____ C:\Users\Ondra\Desktop\ImageMagick Display.lnk
2018-10-25 13:16 - 2018-10-25 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 7.0.8 Q16 (32-bit)
2018-10-25 13:16 - 2018-10-25 13:16 - 000000000 ____D C:\imagemagick
2018-10-23 18:34 - 2018-10-23 18:34 - 000000113 _____ C:\Users\Ondra\Downloads\konfig (2).txt
2018-10-22 07:37 - 2018-10-22 07:37 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-10-22 07:37 - 2018-10-22 07:37 - 000042456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-10-18 08:21 - 2018-10-18 08:22 - 007799552 _____ (Tim Kosse) C:\Users\Ondra\Downloads\FileZilla_3.37.4_win64-setup.exe
2018-10-17 12:46 - 2018-10-17 12:45 - 000110968 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-14 08:22 - 2009-07-14 05:45 - 000026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-14 08:22 - 2009-07-14 05:45 - 000026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-13 17:01 - 2017-03-27 09:07 - 000000000 ____D C:\Users\Ondra\AppData\LocalLow\Mozilla
2018-11-13 14:48 - 2015-01-08 14:03 - 000000000 ____D C:\Users\Ondra\Desktop\Mail Sent to Local Server
2018-11-13 10:35 - 2018-04-17 07:17 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-11-13 10:35 - 2014-12-16 17:56 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\AVAST Software
2018-11-13 10:35 - 2014-12-16 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-11-13 10:35 - 2014-12-16 17:51 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-13 09:59 - 2014-12-20 11:45 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\Skype
2018-11-13 09:58 - 2014-12-16 17:46 - 000000000 ____D C:\Users\Ondra\Downloads\Instal
2018-11-13 09:56 - 2015-03-13 11:24 - 000000000 ____D C:\Users\Ondra\AppData\Local\Spotify
2018-11-13 09:22 - 2014-12-26 22:24 - 000000000 ____D C:\Users\Ondra\Downloads\Vuze Leap
2018-11-13 09:13 - 2018-06-01 13:17 - 000000000 ____D C:\Users\Ondra\AppData\Local\pCloud
2018-11-13 09:13 - 2017-08-03 15:07 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\Azureus
2018-11-12 19:39 - 2015-03-13 11:24 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\Spotify
2018-11-12 14:43 - 2014-12-31 10:51 - 000007595 _____ C:\Users\Ondra\AppData\Local\Resmon.ResmonCfg
2018-11-12 11:56 - 2016-08-10 13:58 - 000000000 ____D C:\tmp
2018-11-11 15:00 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2018-11-11 14:46 - 2018-08-15 06:45 - 000003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForOndra
2018-11-11 14:46 - 2018-08-15 06:45 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForOndra.job
2018-11-11 13:44 - 2017-11-23 09:06 - 000003218 _____ C:\Windows\System32\Tasks\{CCFF13F8-536E-4288-9304-1CD003F5BEE5}
2018-11-11 13:44 - 2016-10-05 09:04 - 000003564 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002UA
2018-11-11 13:44 - 2016-10-05 09:04 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002Core
2018-11-11 13:44 - 2015-12-06 15:28 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-11-11 13:44 - 2015-07-17 08:28 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-11 13:44 - 2015-01-29 08:33 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422516814
2018-11-11 13:44 - 2014-12-16 17:39 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-11 13:44 - 2014-12-16 17:39 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-10 12:40 - 2017-03-12 13:37 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-11-09 15:27 - 2015-04-23 09:11 - 000000000 ____D C:\Users\Ondra\AppData\Local\CrashDumps
2018-11-08 14:06 - 2015-01-29 08:33 - 000000000 ____D C:\Program Files (x86)\Opera
2018-11-07 12:05 - 2018-08-26 08:03 - 000001317 _____ C:\Users\Public\Desktop\Skype.lnk
2018-11-07 12:05 - 2018-08-26 08:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-11-07 12:02 - 2018-04-17 07:17 - 000000000 ____D C:\Users\Ondra\AppData\Local\AVAST Software
2018-11-07 12:02 - 2016-02-02 14:19 - 000000000 ___RD C:\Users\Ondra\Disk Google
2018-11-07 12:01 - 2016-10-07 07:51 - 000000000 __SHD C:\Users\Ondra\IntelGraphicsProfiles
2018-11-07 12:00 - 2014-12-25 08:12 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\FileZilla
2018-11-06 10:50 - 2015-01-19 09:13 - 000000000 ____D C:\Users\Ondra\Documents\Temp
2018-11-06 08:27 - 2016-08-12 11:02 - 000000000 ____D C:\Users\Ondra\Documents\Visual Studio 2015
2018-11-03 17:50 - 2017-09-17 19:02 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\vlc
2018-11-03 07:25 - 2018-03-05 09:23 - 000000600 _____ C:\Users\Ondra\AppData\Roaming\winscp.rnd
2018-11-02 18:45 - 2017-09-17 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-11-02 18:45 - 2016-02-02 14:17 - 000002007 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-11-02 18:45 - 2016-02-02 14:17 - 000001995 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-10-31 08:11 - 2015-01-08 13:39 - 000002094 ____H C:\Users\Ondra\Documents\Default.rdp
2018-10-30 19:29 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-10-28 08:24 - 2014-06-30 08:27 - 000669830 _____ C:\Windows\system32\perfh005.dat
2018-10-28 08:24 - 2014-06-30 08:27 - 000141956 _____ C:\Windows\system32\perfc005.dat
2018-10-28 08:24 - 2009-07-14 06:13 - 001586648 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-28 08:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-10-26 17:22 - 2018-04-17 07:17 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-10-26 17:22 - 2018-04-17 07:17 - 000002393 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-10-25 14:30 - 2014-12-16 17:32 - 000000000 ____D C:\Users\Ondra\AppData\Local\VirtualStore
2018-10-25 11:32 - 2016-02-11 07:52 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-25 07:13 - 2014-12-16 17:40 - 000002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-22 07:37 - 2017-11-16 11:40 - 000201408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-10-22 07:37 - 2017-09-16 17:28 - 000185240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-10-22 07:37 - 2017-03-12 13:37 - 000346760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-10-22 07:37 - 2017-03-12 13:37 - 000230512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-10-22 07:37 - 2017-03-12 13:37 - 000201928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-10-22 07:37 - 2017-03-12 13:37 - 000059664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 001028840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000467904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000381144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000208640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000163376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000111968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000088112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000047064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-10-21 10:30 - 2015-01-05 19:35 - 000000000 ____D C:\Users\Ondra\Downloads\Source
2018-10-18 11:34 - 2017-04-18 11:30 - 000000000 ____D C:\Users\Ondra\AppData\Local\FileZilla
2018-10-17 16:44 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-10-17 16:19 - 2016-07-13 07:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-10-17 16:19 - 2015-01-05 09:49 - 000000000 ____D C:\Users\Ondra\AppData\Local\winstrom-data
2018-10-17 16:19 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-17 16:19 - 2009-07-14 05:45 - 000342696 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-17 12:47 - 2017-05-30 14:16 - 000002406 _____ C:\Users\Ondra\Desktop\GP webpay Keystore Manager.lnk
2018-10-17 12:47 - 2016-01-28 08:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-17 12:47 - 2015-01-05 09:49 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-17 12:46 - 2016-01-28 08:11 - 000000000 ____D C:\Program Files\Java
2018-10-17 12:45 - 2016-01-28 08:11 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-10-17 12:44 - 2016-04-19 16:30 - 000098680 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== Files in the root of some directories =======

2017-09-18 07:47 - 2017-09-18 07:47 - 000000046 _____ () C:\Users\Ondra\AppData\Roaming\Camdata.ini
2017-09-18 07:47 - 2017-09-18 07:47 - 000000408 _____ () C:\Users\Ondra\AppData\Roaming\CamLayout.ini
2017-09-18 07:47 - 2017-09-18 07:47 - 000000408 _____ () C:\Users\Ondra\AppData\Roaming\CamShapes.ini
2017-09-18 07:47 - 2017-09-18 07:47 - 000004536 _____ () C:\Users\Ondra\AppData\Roaming\CamStudio.cfg
2018-03-02 11:33 - 2018-03-02 11:34 - 000000721 _____ () C:\Users\Ondra\AppData\Roaming\GPU Monitor_GPU0_Settings.ini
2017-09-17 18:57 - 2017-09-17 18:57 - 000000096 _____ () C:\Users\Ondra\AppData\Roaming\version2.xml
2018-03-05 09:23 - 2018-11-03 07:25 - 000000600 _____ () C:\Users\Ondra\AppData\Roaming\winscp.rnd
2016-03-13 09:09 - 2018-06-18 21:10 - 000000600 _____ () C:\Users\Ondra\AppData\Local\PUTTY.RND
2014-12-31 10:51 - 2018-11-12 14:43 - 000007595 _____ () C:\Users\Ondra\AppData\Local\Resmon.ResmonCfg
2018-08-08 07:15 - 2018-08-08 07:15 - 000000000 _____ () C:\Users\Ondra\AppData\Local\{955851AF-13F3-406F-9F09-081DF1B29957}

Some files in TEMP:
====================
2018-08-20 11:53 - 2018-08-20 11:53 - 026481656 _____ (Microsoft Corporation) C:\Users\Ondra\AppData\Local\Temp\AccessDatabaseEngine.exe
2018-08-20 11:53 - 2018-08-20 11:53 - 076055472 _____ (Microsoft Corporation) C:\Users\Ondra\AppData\Local\Temp\accessruntimeanddataconnectivity2007sp3-kb2526310-fullfile-en-us.exe
2018-03-07 12:38 - 2018-11-13 09:13 - 000079904 _____ () C:\Users\Ondra\AppData\Local\Temp\i4jdel0.exe
2018-04-19 07:53 - 2018-04-19 07:53 - 001884616 _____ (Oracle Corporation) C:\Users\Ondra\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-10-17 12:43 - 2018-10-17 12:43 - 001892728 _____ (Oracle Corporation) C:\Users\Ondra\AppData\Local\Temp\jre-8u191-windows-au.exe
2018-03-15 12:49 - 2018-03-15 12:49 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180315114904010.dll
2018-03-15 12:49 - 2018-03-15 12:49 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180315114905105.dll
2018-03-24 07:25 - 2018-03-24 07:25 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180324062525120.dll
2018-03-24 07:25 - 2018-03-24 07:25 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180324062525212.dll
2018-03-26 15:12 - 2018-03-26 15:12 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180326141209552.dll
2018-03-26 15:12 - 2018-03-26 15:12 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180326141209634.dll
2018-03-30 07:23 - 2018-03-30 07:23 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180330062334323.dll
2018-03-30 07:23 - 2018-03-30 07:23 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180330062334408.dll
2018-03-30 15:34 - 2018-03-30 15:34 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180330143415557.dll
2018-03-30 15:34 - 2018-03-30 15:34 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180330143415626.dll
2018-04-07 09:42 - 2018-04-07 09:42 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180407084242481.dll
2018-04-07 09:42 - 2018-04-07 09:42 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180407084242568.dll
2018-04-07 09:44 - 2018-04-07 09:44 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180407084412689.dll
2018-04-07 09:44 - 2018-04-07 09:44 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180407084412761.dll
2018-05-02 10:57 - 2018-05-02 10:57 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180502095729231.dll
2018-05-02 10:57 - 2018-05-02 10:57 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180502095729342.dll
2018-05-14 13:35 - 2018-05-14 13:35 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180514123521924.dll
2018-05-14 13:35 - 2018-05-14 13:35 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180514123522005.dll
2018-05-22 09:08 - 2018-05-22 09:08 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180522080829762.dll
2018-05-22 09:08 - 2018-05-22 09:08 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180522080829856.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095630739.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095630816.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095633611.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095633681.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095636661.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095636971.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095638761.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095638829.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095639731.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095640238.dll
2018-03-15 12:48 - 2018-03-15 12:48 - 001853440 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_20183154811622.dll
2018-03-15 12:48 - 2018-03-15 12:48 - 001853440 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_20183154811741.dll
2018-03-07 15:38 - 2018-03-07 15:38 - 001853440 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_2018373814138.dll
2018-03-07 15:38 - 2018-03-07 15:38 - 001853440 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_2018373814232.dll
2018-04-30 05:59 - 2018-08-26 07:49 - 062091672 _____ (Skype Technologies S.A.) C:\Users\Ondra\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-05 06:56

==================== End of FRST.txt ============================

#2 Příspěvek od **Rudy** » 14 lis 2018 10:16

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

flood · #3 Příspěvek od **flood** » 14 lis 2018 10:55

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-14-2018
# Duration: 00:00:02
# OS: Windows 7 Professional
# Cleaned: 80
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Ondra\AppData\Roaming\Elex-tech
Deleted C:\Program Files (x86)\Amazon\Amazon Assistant
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService
Deleted C:\Users\Ondra\AppData\Local\WinSweeper

***** [ Files ] *****

Deleted C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\4hu0wz3w.default\searchplugins\yahoo-lavasoft.xml
Deleted C:\Windows\System32\LavasoftTcpService64.dll
Deleted C:\Windows\System32\LavasoftTcpServiceOff.ini
Deleted C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Deleted C:\Windows\SysWOW64\lavasofttcpservice.dll
Deleted C:\Windows\System32\log\iSafeKrnlCall.log
Deleted C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKU\S-1-5-21-3001894681-2676971518-1704727488-1004\Software\Classes\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKCU\Software\Classes\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
Deleted HKLM\Software\Wow6432Node\AppDataLow\Software\Amazon\AmazonAssistant
Deleted HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll
Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
Deleted HKLM\Software\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
Deleted HKLM\Software\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06}
Deleted HKLM\Software\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06}
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Amazon Assistant Service
Deleted HKLM\Software\Wow6432Node\Uniblue
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Deleted HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
Deleted HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\OverlayIcon.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Deleted HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted HKLM\Software\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted HKLM\Software\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted HKLM\Software\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKLM\Software\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Deleted HKLM\Software\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted HKLM\Software\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Deleted HKLM\Software\Classes\OverlayIcon.MyOverlayIcon
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\Wow6432Node\Classes\AppID\LavasoftTcpService.exe
Deleted HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
Deleted HKLM\Software\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinSweep
Deleted HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

***** [ Chromium (and derivatives) ] *****

Deleted User-Agent Switcher for Chrome
Deleted Amazon Assistant for Chrome
Deleted Bing Search Engine

***** [ Chromium URLs ] *****

Deleted AVG Secure Search
Deleted DAEMON Search
Deleted slunecnice.cz
Deleted Ask Search

***** [ Firefox (and derivatives) ] *****

Deleted Amazon Assistant for Firefox

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [9160 octets] - [14/11/2018 10:48:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **Rudy** » 14 lis 2018 12:59

OK. Dejte nový log FRST.

flood · #5 Příspěvek od **flood** » 14 lis 2018 13:58

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.11.2018
Ran by Ondra (administrator) on ONDRA-HP (14-11-2018 13:54:16)
Running from C:\Users\Ondra\Desktop
Loaded Profiles: Ondra (Available Profiles: Ondra & winpostgr)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\BitX\bitxsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
() C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(pCloud AG) C:\Program Files (x86)\pCloud Drive\pCloud.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\net1.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Neil Hodgson neilh@scintilla.org) C:\Program Files (x86)\wscite\SciTE.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Neil Hodgson neilh@scintilla.org) C:\Program Files (x86)\wscite\SciTE.exe
(Neil Hodgson neilh@scintilla.org) C:\Program Files (x86)\wscite\SciTE.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\xampp\xampp-control.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\xampp\mysql\bin\mysqld.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NuSphere Corp.) C:\Program Files\NuSphere\PhpED\phped.exe
(AI Internet Solutions LLC) C:\Program Files (x86)\NuSphere\PhpED\CSE Validator Lite 14\cmdlineprocessor.exe
(NuSphere Corp.) C:\Program Files\NuSphere\PhpED\DbgListener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_28_0_0_161_ActiveX.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [153816 2016-10-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-22] (AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2016-01-27] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [191200 2015-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46459080 2018-10-04] ()
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\Run: [Google Update] => C:\Users\Ondra\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-17] (Google Inc.)
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe [4265784 2018-05-16] (pCloud AG)
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\MountPoints2: {77b27b87-8844-11e4-82e9-ecb1d7985ea1} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Ondra\AppData\Roaming\Copy\CopyAgent.exe"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] DPPassFilter scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
SSODL: EldosMountNotificator-cbfs6 - {8016A1F4-8798-44D4-BDEF-3F771BC6F5BD} - C:\Windows\system32\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {8016A1F4-8798-44D4-BDEF-3F771BC6F5BD} - C:\Windows\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-11-13]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-06-30]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{38A2953D-E789-45D6-8629-4236ACEE5287}: [DhcpNameServer] 31.31.224.2 192.168.1.1
Tcpip\..\Interfaces\{72BC198D-7E48-43B8-85F1-53B6DD8D90DC}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... 0811__yaie
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
SearchScopes: HKU\S-1-5-21-3001894681-2676971518-1704727488-1002 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bi ... earchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-08-07] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2018-03-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - NuSphere Debugger ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar64.dll [2016-08-14] ()
Toolbar: HKLM-x32 - NuSphere Debugger ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll [2016-08-14] ()
DPF: HKLM-x32 {F680B28A-3AEE-4C88-93ED-45AE9215C128} hxxps://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab

FireFox:
========
FF DefaultProfile: 4hu0wz3w.default
FF ProfilePath: C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\4hu0wz3w.default [2018-10-26]
FF Homepage: Mozilla\Firefox\Profiles\4hu0wz3w.default -> hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... 0811__yaff
FF NewTab: Mozilla\Firefox\Profiles\4hu0wz3w.default -> hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... 0811__yaff
FF Extension: (Avast SafePrice) - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\4hu0wz3w.default\Extensions\sp@avast.com.xpi [2018-06-28]
FF Extension: (Avast Online Security) - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\4hu0wz3w.default\Extensions\wrc@avast.com.xpi [2018-06-28]
FF Extension: (Edit Cookies) - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\4hu0wz3w.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2016-10-24] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (DPChrome) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-06-30] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-09-13] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-3001894681-2676971518-1704727488-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Ondra\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3001894681-2676971518-1704727488-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Ondra\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3001894681-2676971518-1704727488-1002: SkypeForBusinessPlugin-16.2 -> C:\Users\Ondra\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.282\npGatewayNpapi.dll [2018-10-19] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3001894681-2676971518-1704727488-1002: SkypeForBusinessPlugin64-16.2 -> C:\Users\Ondra\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.282\npGatewayNpapi-x64.dll [2018-10-19] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__ ... earchTerms}
CHR Profile: C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default [2018-11-14]
CHR Extension: (Prezentace) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-28]
CHR Extension: (Dokumenty) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Disk Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (JSON Formatter) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjindcccaagfpapjjmafapmmgkkhgoa [2018-04-04]
CHR Extension: (YouTube) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Bing) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2018-11-14]
CHR Extension: (Vyhledávání Google) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (RTF Viewer) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\djalaeippddcgflofefafkgijpefkjef [2018-06-10]
CHR Extension: (Xdebug helper) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc [2018-06-19]
CHR Extension: (MozBar) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2018-10-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-09]
CHR Extension: (Boomerang - SOAP & REST Client) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eipdnjedkpcnlmmdfdkgfpljanehloah [2018-08-16]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-10-12]
CHR Extension: (Facebook Pixel Helper) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2018-10-26]
CHR Extension: (Full Page Screen Capture) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-10-21]
CHR Extension: (Tabulky) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Page Analytics (by Google)) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2016-06-30]
CHR Extension: (Quick Javascript Switcher) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2016-05-25]
CHR Extension: (Ripple Emulator (Beta)) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc [2014-12-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Avast Online Security) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-12]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2014-12-16]
CHR Extension: (DBG debugger helper) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmakegkfgkoaeoligncjmnklkdmdjin [2014-12-16]
CHR Extension: (Advanced REST client) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2017-12-17]
CHR Extension: (feedly) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2016-08-22]
CHR Extension: (VratnePenize.cz Připomínáček) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiekfaemafmplemocgimeccahephhdgf [2018-04-17]
CHR Extension: (Google Analytics Debugger) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkmfdileelhofjcijamephohjechhna [2018-09-06]
CHR Extension: (DBG debugger toolbar) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjdjkohmopcgecijakgemceodpjpdp [2018-06-19]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-08-08]
CHR Extension: (AP - Data Layer Inspector+) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmcbdogdandhihllalknlcjfpdjcleom [2018-07-06]
CHR Extension: (Google Sheets) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcahnhkcfaikkapifpaenbabamhfnecc [2016-05-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-03]
CHR Extension: (Rozšíření DigitalPersona) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-01-27]
CHR Extension: (Save to Pocket) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2018-07-06]
CHR Extension: (MetaMask) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2018-11-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (ColorPick Eyedropper) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2018-09-06]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2018-11-14]
CHR Extension: (Pretty Beautiful Javascript) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\piekbefgpgdecckjcpffhnacjflfoddg [2016-09-05]
CHR Extension: (Gmail) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-17]
CHR HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2013-09-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-22] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-22] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-17] (AVAST Software)
R2 BitXService; C:\Program Files (x86)\BitX\bitxsvc.exe [1886208 2016-08-10] () [File not signed]
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9121248 2018-10-24] (AVAST Software)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-18] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-09-13] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [567608 2013-09-06] (Hewlett-Packard Company)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-10-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 Service1; C:\Program Files (x86)\WinStrom\winstromservice.exe [586752 2015-04-30] (FlexiBee Systems s.r.o.) [File not signed]
S3 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247536 2018-07-18] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248856 2017-08-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-29] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [53352 2016-12-08] ()
S2 WinStrom-PostgreSQL; C:\Program Files (x86)\WinStrom\pgsql\9.3\bin\pg_ctl.exe [76800 2014-03-18] (PostgreSQL Global Development Group) [File not signed]
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-06-30] (Broadcom Corporation) [File not signed]
S3 wpscloudsvr; C:\Users\Ondra\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe [242344 2018-11-02] (Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201408 2018-10-22] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230512 2018-10-22] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201928 2018-10-22] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346760 2018-10-22] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59664 2018-10-22] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [185240 2018-10-22] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47064 2018-10-22] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42456 2018-10-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163376 2018-10-22] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111968 2018-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88112 2018-10-22] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028840 2018-10-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467904 2018-10-22] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208640 2018-10-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381144 2018-10-22] (AVAST Software)
R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-09-09] (/n software, Inc.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-06-13] (Hewlett-Packard Company)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [502256 2016-01-22] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2013-08-22] (WinMagic Inc.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [476888 2016-01-27] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8876248 2016-10-06] (Realtek Semiconductor Corp.)
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2013-08-22] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2013-08-22] (WinMagic Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-04] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [41824 2018-07-18] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [200832 2018-01-15] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [211704 2018-01-15] (Oracle Corporation)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2016-09-09] (/n software, Inc.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-14 13:54 - 2018-11-14 13:54 - 000037465 _____ C:\Users\Ondra\Desktop\FRST.txt
2018-11-14 13:53 - 2018-11-14 13:53 - 000000000 ____D C:\Users\Ondra\Desktop\FRST-OlderVersion
2018-11-14 10:47 - 2018-11-14 10:49 - 000000000 ____D C:\AdwCleaner
2018-11-14 10:47 - 2018-11-14 10:48 - 000000546 _____ C:\Users\Ondra\Desktop\navod.txt
2018-11-14 10:45 - 2018-11-14 10:45 - 007592144 _____ (Malwarebytes) C:\Users\Ondra\Desktop\adwcleaner_7.2.4.0.exe
2018-11-14 08:24 - 2018-11-14 13:54 - 000000000 ____D C:\FRST
2018-11-14 08:23 - 2018-11-14 13:53 - 002416128 _____ (Farbar) C:\Users\Ondra\Desktop\FRST64.exe
2018-11-14 08:13 - 2018-11-14 10:51 - 000001078 _____ C:\Windows\system32dbgraw.bmp
2018-11-13 10:35 - 2018-11-13 10:35 - 000003936 _____ C:\Windows\System32\Tasks\Avast Cleanup Update
2018-11-13 10:35 - 2018-11-13 10:35 - 000001226 _____ C:\Users\Public\Desktop\Avast Cleanup Premium.lnk
2018-11-03 08:58 - 2018-11-03 08:58 - 000000522 _____ C:\Users\Ondra\Downloads\ce23ffdf-39a1-4cb5-a593-04f39243044b.tmp
2018-11-02 16:32 - 2018-11-11 13:44 - 000004182 _____ C:\Windows\System32\Tasks\WpsExternal_Ondra_20181102163233
2018-11-02 16:32 - 2018-11-02 16:32 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2018-11-02 14:25 - 2018-10-30 11:18 - 000014781 _____ C:\Users\Ondra\Documents\fix_orders.csv_0.ods
2018-10-30 09:22 - 2018-10-30 09:22 - 007693048 _____ (Tim Kosse) C:\Users\Ondra\Downloads\FileZilla_3.38.1_win64-setup.exe
2018-10-25 13:16 - 2018-10-25 13:16 - 000001489 _____ C:\Users\Ondra\Desktop\ImageMagick Display.lnk
2018-10-25 13:16 - 2018-10-25 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 7.0.8 Q16 (32-bit)
2018-10-25 13:16 - 2018-10-25 13:16 - 000000000 ____D C:\imagemagick
2018-10-23 18:34 - 2018-10-23 18:34 - 000000113 _____ C:\Users\Ondra\Downloads\konfig (2).txt
2018-10-22 07:37 - 2018-10-22 07:37 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-10-22 07:37 - 2018-10-22 07:37 - 000042456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-10-18 08:21 - 2018-10-18 08:22 - 007799552 _____ (Tim Kosse) C:\Users\Ondra\Downloads\FileZilla_3.37.4_win64-setup.exe
2018-10-17 12:46 - 2018-10-17 12:45 - 000110968 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-14 10:58 - 2009-07-14 05:45 - 000026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-14 10:58 - 2009-07-14 05:45 - 000026832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-14 10:56 - 2018-08-26 08:03 - 000001317 _____ C:\Users\Public\Desktop\Skype.lnk
2018-11-14 10:56 - 2018-08-26 08:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-11-14 10:56 - 2014-06-30 08:27 - 000669830 _____ C:\Windows\system32\perfh005.dat
2018-11-14 10:56 - 2014-06-30 08:27 - 000141956 _____ C:\Windows\system32\perfc005.dat
2018-11-14 10:56 - 2009-07-14 06:13 - 001586648 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-14 10:56 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-11-14 10:52 - 2014-12-26 22:24 - 000000000 ____D C:\Users\Ondra\Downloads\Vuze Leap
2018-11-14 10:51 - 2018-04-17 07:17 - 000000000 ____D C:\Users\Ondra\AppData\Local\AVAST Software
2018-11-14 10:50 - 2018-08-15 06:45 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForOndra.job
2018-11-14 10:50 - 2018-06-01 13:17 - 000000000 ____D C:\Users\Ondra\AppData\Local\pCloud
2018-11-14 10:50 - 2016-10-07 07:51 - 000000000 __SHD C:\Users\Ondra\IntelGraphicsProfiles
2018-11-14 10:50 - 2016-07-13 07:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-11-14 10:50 - 2016-02-02 14:19 - 000000000 ___RD C:\Users\Ondra\Disk Google
2018-11-14 10:50 - 2015-01-05 09:49 - 000000000 ____D C:\Users\Ondra\AppData\Local\winstrom-data
2018-11-14 10:50 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-14 10:49 - 2017-03-02 08:36 - 000000000 ____D C:\Program Files (x86)\Amazon
2018-11-14 10:49 - 2016-01-27 09:18 - 000000000 ____D C:\Windows\system32\log
2018-11-14 10:46 - 2017-03-27 09:07 - 000000000 ____D C:\Users\Ondra\AppData\LocalLow\Mozilla
2018-11-14 10:46 - 2015-03-13 11:24 - 000000000 ____D C:\Users\Ondra\AppData\Local\Spotify
2018-11-14 10:46 - 2014-12-31 10:51 - 000007595 _____ C:\Users\Ondra\AppData\Local\Resmon.ResmonCfg
2018-11-14 09:32 - 2015-03-13 11:24 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\Spotify
2018-11-14 09:15 - 2015-01-08 14:03 - 000000000 ____D C:\Users\Ondra\Desktop\Mail Sent to Local Server
2018-11-14 08:32 - 2018-08-15 06:45 - 000003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForOndra
2018-11-14 08:28 - 2014-12-16 17:40 - 000002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-13 10:35 - 2018-04-17 07:17 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-11-13 10:35 - 2014-12-16 17:56 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\AVAST Software
2018-11-13 10:35 - 2014-12-16 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-11-13 10:35 - 2014-12-16 17:51 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-13 09:59 - 2014-12-20 11:45 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\Skype
2018-11-13 09:58 - 2014-12-16 17:46 - 000000000 ____D C:\Users\Ondra\Downloads\Instal
2018-11-13 09:13 - 2017-08-03 15:07 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\Azureus
2018-11-12 11:56 - 2016-08-10 13:58 - 000000000 ____D C:\tmp
2018-11-11 15:00 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2018-11-11 13:44 - 2017-11-23 09:06 - 000003218 _____ C:\Windows\System32\Tasks\{CCFF13F8-536E-4288-9304-1CD003F5BEE5}
2018-11-11 13:44 - 2016-10-05 09:04 - 000003564 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002UA
2018-11-11 13:44 - 2016-10-05 09:04 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002Core
2018-11-11 13:44 - 2015-12-06 15:28 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-11-11 13:44 - 2015-07-17 08:28 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-11 13:44 - 2015-01-29 08:33 - 000003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422516814
2018-11-11 13:44 - 2014-12-16 17:39 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-11 13:44 - 2014-12-16 17:39 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-10 12:40 - 2017-03-12 13:37 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-11-09 15:27 - 2015-04-23 09:11 - 000000000 ____D C:\Users\Ondra\AppData\Local\CrashDumps
2018-11-08 14:06 - 2015-01-29 08:33 - 000000000 ____D C:\Program Files (x86)\Opera
2018-11-07 12:00 - 2014-12-25 08:12 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\FileZilla
2018-11-06 10:50 - 2015-01-19 09:13 - 000000000 ____D C:\Users\Ondra\Documents\Temp
2018-11-06 08:27 - 2016-08-12 11:02 - 000000000 ____D C:\Users\Ondra\Documents\Visual Studio 2015
2018-11-03 17:50 - 2017-09-17 19:02 - 000000000 ____D C:\Users\Ondra\AppData\Roaming\vlc
2018-11-03 07:25 - 2018-03-05 09:23 - 000000600 _____ C:\Users\Ondra\AppData\Roaming\winscp.rnd
2018-11-02 18:45 - 2017-09-17 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-11-02 18:45 - 2016-02-02 14:17 - 000002007 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-11-02 18:45 - 2016-02-02 14:17 - 000001995 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-10-31 08:11 - 2015-01-08 13:39 - 000002094 ____H C:\Users\Ondra\Documents\Default.rdp
2018-10-30 19:29 - 2009-07-14 06:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-10-26 17:22 - 2018-04-17 07:17 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-10-26 17:22 - 2018-04-17 07:17 - 000002393 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-10-25 14:30 - 2014-12-16 17:32 - 000000000 ____D C:\Users\Ondra\AppData\Local\VirtualStore
2018-10-25 11:32 - 2016-02-11 07:52 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-22 07:37 - 2017-11-16 11:40 - 000201408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-10-22 07:37 - 2017-09-16 17:28 - 000185240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-10-22 07:37 - 2017-03-12 13:37 - 000346760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-10-22 07:37 - 2017-03-12 13:37 - 000230512 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-10-22 07:37 - 2017-03-12 13:37 - 000201928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-10-22 07:37 - 2017-03-12 13:37 - 000059664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 001028840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000467904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000381144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000208640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000163376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000111968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000088112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-10-22 07:37 - 2014-12-16 17:53 - 000047064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-10-21 10:30 - 2015-01-05 19:35 - 000000000 ____D C:\Users\Ondra\Downloads\Source
2018-10-18 11:34 - 2017-04-18 11:30 - 000000000 ____D C:\Users\Ondra\AppData\Local\FileZilla
2018-10-17 16:44 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-10-17 16:19 - 2009-07-14 05:45 - 000342696 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-17 12:47 - 2017-05-30 14:16 - 000002406 _____ C:\Users\Ondra\Desktop\GP webpay Keystore Manager.lnk
2018-10-17 12:47 - 2016-01-28 08:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-17 12:47 - 2015-01-05 09:49 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-17 12:46 - 2016-01-28 08:11 - 000000000 ____D C:\Program Files\Java
2018-10-17 12:45 - 2016-01-28 08:11 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-10-17 12:44 - 2016-04-19 16:30 - 000098680 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== Files in the root of some directories =======

2017-09-18 07:47 - 2017-09-18 07:47 - 000000046 _____ () C:\Users\Ondra\AppData\Roaming\Camdata.ini
2017-09-18 07:47 - 2017-09-18 07:47 - 000000408 _____ () C:\Users\Ondra\AppData\Roaming\CamLayout.ini
2017-09-18 07:47 - 2017-09-18 07:47 - 000000408 _____ () C:\Users\Ondra\AppData\Roaming\CamShapes.ini
2017-09-18 07:47 - 2017-09-18 07:47 - 000004536 _____ () C:\Users\Ondra\AppData\Roaming\CamStudio.cfg
2018-03-02 11:33 - 2018-03-02 11:34 - 000000721 _____ () C:\Users\Ondra\AppData\Roaming\GPU Monitor_GPU0_Settings.ini
2017-09-17 18:57 - 2017-09-17 18:57 - 000000096 _____ () C:\Users\Ondra\AppData\Roaming\version2.xml
2018-03-05 09:23 - 2018-11-03 07:25 - 000000600 _____ () C:\Users\Ondra\AppData\Roaming\winscp.rnd
2016-03-13 09:09 - 2018-06-18 21:10 - 000000600 _____ () C:\Users\Ondra\AppData\Local\PUTTY.RND
2014-12-31 10:51 - 2018-11-14 10:46 - 000007595 _____ () C:\Users\Ondra\AppData\Local\Resmon.ResmonCfg
2018-08-08 07:15 - 2018-08-08 07:15 - 000000000 _____ () C:\Users\Ondra\AppData\Local\{955851AF-13F3-406F-9F09-081DF1B29957}

Some files in TEMP:
====================
2018-08-20 11:53 - 2018-08-20 11:53 - 026481656 _____ (Microsoft Corporation) C:\Users\Ondra\AppData\Local\Temp\AccessDatabaseEngine.exe
2018-08-20 11:53 - 2018-08-20 11:53 - 076055472 _____ (Microsoft Corporation) C:\Users\Ondra\AppData\Local\Temp\accessruntimeanddataconnectivity2007sp3-kb2526310-fullfile-en-us.exe
2018-03-07 12:38 - 2018-11-13 09:13 - 000079904 _____ () C:\Users\Ondra\AppData\Local\Temp\i4jdel0.exe
2018-04-19 07:53 - 2018-04-19 07:53 - 001884616 _____ (Oracle Corporation) C:\Users\Ondra\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-10-17 12:43 - 2018-10-17 12:43 - 001892728 _____ (Oracle Corporation) C:\Users\Ondra\AppData\Local\Temp\jre-8u191-windows-au.exe
2018-03-15 12:49 - 2018-03-15 12:49 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180315114904010.dll
2018-03-15 12:49 - 2018-03-15 12:49 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180315114905105.dll
2018-03-24 07:25 - 2018-03-24 07:25 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180324062525120.dll
2018-03-24 07:25 - 2018-03-24 07:25 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180324062525212.dll
2018-03-26 15:12 - 2018-03-26 15:12 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180326141209552.dll
2018-03-26 15:12 - 2018-03-26 15:12 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180326141209634.dll
2018-03-30 07:23 - 2018-03-30 07:23 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180330062334323.dll
2018-03-30 07:23 - 2018-03-30 07:23 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180330062334408.dll
2018-03-30 15:34 - 2018-03-30 15:34 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180330143415557.dll
2018-03-30 15:34 - 2018-03-30 15:34 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180330143415626.dll
2018-04-07 09:42 - 2018-04-07 09:42 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180407084242481.dll
2018-04-07 09:42 - 2018-04-07 09:42 - 001857024 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180407084242568.dll
2018-04-07 09:44 - 2018-04-07 09:44 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180407084412689.dll
2018-04-07 09:44 - 2018-04-07 09:44 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180407084412761.dll
2018-05-02 10:57 - 2018-05-02 10:57 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180502095729231.dll
2018-05-02 10:57 - 2018-05-02 10:57 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180502095729342.dll
2018-05-14 13:35 - 2018-05-14 13:35 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180514123521924.dll
2018-05-14 13:35 - 2018-05-14 13:35 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180514123522005.dll
2018-05-22 09:08 - 2018-05-22 09:08 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180522080829762.dll
2018-05-22 09:08 - 2018-05-22 09:08 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180522080829856.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095630739.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095630816.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095633611.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095633681.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095636661.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095636971.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095638761.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095638829.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095639731.dll
2018-05-25 10:56 - 2018-05-25 10:56 - 001876992 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_180525095640238.dll
2018-03-15 12:48 - 2018-03-15 12:48 - 001853440 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_20183154811622.dll
2018-03-15 12:48 - 2018-03-15 12:48 - 001853440 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_20183154811741.dll
2018-03-07 15:38 - 2018-03-07 15:38 - 001853440 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_2018373814138.dll
2018-03-07 15:38 - 2018-03-07 15:38 - 001853440 _____ (Opera Software) C:\Users\Ondra\AppData\Local\Temp\Opera_installer_2018373814232.dll
2018-04-30 05:59 - 2018-08-26 07:49 - 062091672 _____ (Skype Technologies S.A.) C:\Users\Ondra\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-14 11:47

==================== End of FRST.txt ============================

#6 Příspěvek od **Rudy** » 14 lis 2018 16:21

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\MountPoints2: {77b27b87-8844-11e4-82e9-ecb1d7985ea1} - "I:\WD SmartWare.exe" autoplay=true
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__ ... M__&query={searchTerms}
CHR Extension: (Bing) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2018-11-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002UA
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002Core
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Ondra\AppData\Local\{955851AF-13F3-406F-9F09-081DF1B29957}
C:\Users\Ondra\AppData\Local\Temp
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
Task: {7230974C-F59A-4405-BF84-987D8CF87FF5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002Core => C:\Users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2016-10-05] (Google Inc.)
Task: {7B1EAAE8-6631-4937-88FA-1728C7441E0D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002UA => C:\Users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2016-10-05] (Google Inc.)
Task: {7BBB5E1C-5622-42AB-9D1C-ECDD88A79CC0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-11-14] (AVAST Software) <==== ATTENTION

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

flood · #7 Příspěvek od **flood** » 14 lis 2018 16:47

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.11.2018
Ran by Ondra (14-11-2018 16:41:35) Run:1
Running from C:\Users\Ondra\Desktop
Loaded Profiles: Ondra (Available Profiles: Ondra & winpostgr)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\...\MountPoints2: {77b27b87-8844-11e4-82e9-ecb1d7985ea1} - "I:\WD SmartWare.exe" autoplay=true
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__ ... M__&query={searchTerms}
CHR Extension: (Bing) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2018-11-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002UA
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002Core
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Ondra\AppData\Local\{955851AF-13F3-406F-9F09-081DF1B29957}
C:\Users\Ondra\AppData\Local\Temp
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Ondra\AppData\Roaming\Copy\overlay\CopyShExt.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
Task: {7230974C-F59A-4405-BF84-987D8CF87FF5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002Core => C:\Users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2016-10-05] (Google Inc.)
Task: {7B1EAAE8-6631-4937-88FA-1728C7441E0D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002UA => C:\Users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2016-10-05] (Google Inc.)
Task: {7BBB5E1C-5622-42AB-9D1C-ECDD88A79CC0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-11-14] (AVAST Software) <==== ATTENTION

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b27b87-8844-11e4-82e9-ecb1d7985ea1} => removed successfully
HKLM\Software\Classes\CLSID\{77b27b87-8844-11e4-82e9-ecb1d7985ea1} => not found
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-3001894681-2676971518-1704727488-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
"Chrome HomePage" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
CHR Extension: (Bing) - C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2018-11-14] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002UA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002Core => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\Ondra\AppData\Local\{955851AF-13F3-406F-9F09-081DF1B29957} => moved successfully

"C:\Users\Ondra\AppData\Local\Temp" folder move:

Could not move "C:\Users\Ondra\AppData\Local\Temp" => Scheduled to move on reboot.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1aCopyShExtError => removed successfully
HKLM\Software\Classes\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\2aCopyShExtSynced => removed successfully
HKLM\Software\Classes\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\3aCopyShExtSyncing => removed successfully
HKLM\Software\Classes\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4aCopyShExtSyncingProg1 => removed successfully
HKLM\Software\Classes\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\5aCopyShExtSyncingProg2 => removed successfully
HKLM\Software\Classes\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\6aCopyShExtSyncingProg3 => removed successfully
HKLM\Software\Classes\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\7aCopyShExtSyncingProg4 => removed successfully
HKLM\Software\Classes\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\8aCopyShExtSyncingProg5 => removed successfully
HKLM\Software\Classes\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7230974C-F59A-4405-BF84-987D8CF87FF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7230974C-F59A-4405-BF84-987D8CF87FF5}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002Core" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002Core" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B1EAAE8-6631-4937-88FA-1728C7441E0D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B1EAAE8-6631-4937-88FA-1728C7441E0D}" => removed successfully
"C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002UA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3001894681-2676971518-1704727488-1002UA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7BBB5E1C-5622-42AB-9D1C-ECDD88A79CC0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BBB5E1C-5622-42AB-9D1C-ECDD88A79CC0}" => removed successfully
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29500403 B
Java, Flash, Steam htmlcache => 2717 B
Windows/system/drivers => 144287645 B
Edge => 0 B
Chrome => 663770042 B
Firefox => 295556691 B
Opera => 306647239 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42852770 B
systemprofile32 => 67908 B
LocalService => 0 B
NetworkService => 471556 B
Ondra => 1426582219 B
winpostgr => 0 B

RecycleBin => 352711941 B
EmptyTemp: => 3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-11-2018 16:43:17)

C:\Users\Ondra\AppData\Local\Temp => moved successfully

==== End of Fixlog 16:43:17 ====

#8 Příspěvek od **Rudy** » 14 lis 2018 16:59

Smazáno. Je už vše v pořádku?

flood · #9 Příspěvek od **flood** » 14 lis 2018 17:25

Ono se to neprojevovalo nijak pravidelne, jen mi 2x nahodne vyskocilo Avast upozorneni na ten malware. Pri celkovem testu ho to pak nikdy nenaslo.

Ted jsem spustil celkovy test a take nic. Tak snad to bude dobre, uvidime.

Dekuji za pomoc!

#10 Příspěvek od **Rudy** » 14 lis 2018 18:07

Snad ano. Nemáte zač!

VIRY.CZ

win32:malware-gen

win32:malware-gen

Re: win32:malware-gen

Re: win32:malware-gen

Re: win32:malware-gen

Re: win32:malware-gen

Re: win32:malware-gen

Re: win32:malware-gen

Re: win32:malware-gen

Re: win32:malware-gen

Re: win32:malware-gen