Stránka 1 z 1

PC podezření na zavirování.

Napsal: 05 pro 2018 12:39
od gold
Prosím o pomoc.PC hlásí,že došlo k chybám a že po kontrole musí být proveden restart. Zamrzá tak 1x za hodinu cca na minutu.Často pracuje disk na 100proc.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by oldřich (administrator) on OLDA (05-12-2018 12:33:23)
Running from C:\Users\oldřich\Downloads
Loaded Profiles: oldřich (Available Profiles: oldřich)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(C. Ghisler & Co.) C:\totalcmd\TOTALCMD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-21] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1069296 2018-03-27] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Technologies S.A.)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [AvastBrowserAutoLaunch_D94630ADFD9E294522375000616C5DA7] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1819312 2018-11-16] (AVAST Software)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\oldřich\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] ()
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\oldřich\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] ()
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-08-24] (Piriform Ltd)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [GoogleChromeAutoLaunch_FE6A20CA7E40AA098E515C3A3E39A34B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589080 2018-11-16] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2B5E2A4C-36C6-4596-B56D-BC3F15599931}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: hac9qjf3.default
FF ProfilePath: C:\Users\oldřich\AppData\Roaming\Mozilla\Firefox\Profiles\hac9qjf3.default [2018-12-05]
FF Homepage: Mozilla\Firefox\Profiles\hac9qjf3.default -> hxxps://cz2.herozerogame.com/|hxxps://s1-cz.tanoth.gameforge.com/
FF NewTab: Mozilla\Firefox\Profiles\hac9qjf3.default -> about:newtab
FF NewTabOverride: Mozilla\Firefox\Profiles\hac9qjf3.default -> Enabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\oldřich\AppData\Roaming\Mozilla\Firefox\Profiles\hac9qjf3.default\Extensions\sp@avast.com.xpi [2018-11-15]
FF Extension: (Avast Online Security) - C:\Users\oldřich\AppData\Roaming\Mozilla\Firefox\Profiles\hac9qjf3.default\Extensions\wrc@avast.com.xpi [2018-11-21]
FF SearchPlugin: C:\Users\oldřich\AppData\Roaming\Mozilla\Firefox\Profiles\hac9qjf3.default\searchplugins\google-avast.xml [2018-09-19]
FF HKLM-x32\...\Firefox\Extensions: [{8B1E27AE-119E-456b-B22E-08C61FACB097}] - C:\Program Files (x86)\Tomabo\MP4 Converter\MP4D_FF.xpi
FF Extension: (MP4 Downloader Extension) - C:\Program Files (x86)\Tomabo\MP4 Converter\MP4D_FF.xpi [2016-07-26] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] ()
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://mysearch.avg.com/?cid={45DD1CF7-3D04-434F-A055-272FDE9E94D8}&mid=028d32a7d62f47d39d2a057438b6981c-92518a0fdba704d147702791a4152f31ba6bf657&lang=en&ds=co011&pr=sa&d=2013-06-28 19:05:03&v=15.3.0.11&pid=safeguard&sg=0&sap=hp
CHR StartupUrls: Default -> "hxxps://www.myfreezoo.cz/game/","hxxps://s1-cz. ... ogame.com/"
CHR Profile: C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default [2018-12-05]
CHR Extension: (Překladač Google) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-09-03]
CHR Extension: (Prezentace) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-03]
CHR Extension: (Dokumenty) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-03]
CHR Extension: (Disk Google) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-03]
CHR Extension: (YouTube) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-03]
CHR Extension: (Adblock Plus) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]
CHR Extension: (Aliexpress SuperStar) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2018-11-30]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2018-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-09-07]
CHR Extension: (Spyware Terminator Internet Guard) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\elbjpfdfllhaioofjgmiaekihidancnc [2018-09-03]
CHR Extension: (uBlock) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-11-23]
CHR Extension: (Tabulky) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-03]
CHR Extension: (CastBuddy) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghagedffjalchgcgdgfindabkpnmalel [2018-10-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-03]
CHR Extension: (Reklamy blokátor pro YouTube ™) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2018-09-03]
CHR Extension: (FormApps Extension) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2018-09-03]
CHR Extension: (PlayTo for Chromecast™) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngkenaoceimiimeokpdbmejeonaaami [2018-09-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-03]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2018-12-05]
CHR Extension: (Gmail) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-03]
CHR Extension: (Chrome Media Router) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-03]
CHR Profile: C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-21] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-03] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-21] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-03] (AVAST Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S3 WSService; C:\Windows\System32\WSService.dll [3460472 2014-11-21] (Microsoft Corporation) [File not signed]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\Windows\system32\DRIVERS\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-11-21] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-21] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-11-21] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-11-21] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-11-21] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-11-21] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-11-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-11-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-11-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-11-21] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-11-21] (AVAST Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-05 12:33 - 2018-12-05 12:33 - 000016070 _____ C:\Users\oldřich\Downloads\FRST.txt
2018-12-05 12:33 - 2018-12-05 12:33 - 000000000 ____D C:\FRST
2018-12-05 12:29 - 2018-12-05 12:29 - 002417152 _____ (Farbar) C:\Users\oldřich\Downloads\FRST64.exe
2018-12-05 12:22 - 2018-12-05 12:22 - 000287904 _____ C:\Windows\Minidump\120518-15578-01.dmp
2018-12-05 10:44 - 2018-12-05 10:44 - 000000096 ____H C:\Users\oldřich\Desktop\.~lock.ZOO.ods_0.ods#
2018-12-04 14:27 - 2018-12-04 14:30 - 734454064 _____ C:\Users\oldřich\Downloads\Cooganův-trik---1968.avi
2018-12-03 20:14 - 2018-12-03 20:49 - 387909423 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x04 - Blesková vražda (1).avi
2018-12-03 19:49 - 2018-12-03 20:10 - 387909423 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x04 - Blesková vražda.avi
2018-12-02 23:10 - 2018-12-02 23:39 - 313053114 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x03 - Pod vlivem.avi
2018-12-02 21:46 - 2018-12-02 21:46 - 000002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-02 21:46 - 2018-12-02 21:46 - 000002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-02 21:45 - 2018-12-02 21:45 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-02 21:45 - 2018-12-02 21:45 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-02 21:29 - 2018-12-02 21:33 - 880199389 _____ C:\Users\oldřich\Downloads\856 Ordinace v růžové zahradě 2 - 856.mp4
2018-12-01 21:40 - 2018-12-01 21:40 - 000279656 _____ C:\Windows\Minidump\120118-16343-01.dmp
2018-12-01 15:26 - 2018-12-01 15:26 - 001130840 _____ (Google Inc.) C:\Users\oldřich\Downloads\ChromeSetup.exe
2018-11-30 18:42 - 2018-11-30 18:42 - 000287736 _____ C:\Windows\Minidump\113018-15250-01.dmp
2018-11-29 22:38 - 2018-11-29 22:44 - 1305274092 _____ C:\Users\oldřich\Downloads\Ready Player One - Hra zacina (2018 BluRay 720p AC3 - CZ dabing).mkv
2018-11-29 19:52 - 2018-11-29 19:53 - 476377286 _____ C:\Users\oldřich\Downloads\Modrý kód 139-Polibek brouka-28.11.18.avi
2018-11-21 17:59 - 2018-11-21 17:59 - 000279600 _____ C:\Windows\Minidump\112118-22843-01.dmp
2018-11-21 13:23 - 2018-11-21 13:22 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-11-16 18:23 - 2018-11-16 18:24 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-11-16 18:23 - 2018-11-16 18:23 - 000001019 _____ C:\Users\oldřich\Desktop\SpeedFan.lnk
2018-11-16 18:23 - 2018-11-16 18:23 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2018-11-16 18:23 - 2018-11-16 18:23 - 000000000 ____D C:\Users\oldřich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2018-11-16 18:18 - 2018-11-16 18:18 - 000009216 ___SH C:\Users\oldřich\Downloads\Thumbs.db
2018-11-14 12:14 - 2018-10-25 01:54 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-14 12:14 - 2018-10-25 01:51 - 000121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-14 12:14 - 2018-10-25 01:46 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-14 12:14 - 2018-10-25 01:45 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-14 12:14 - 2018-10-18 03:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-14 12:14 - 2018-10-18 03:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-14 12:14 - 2018-10-16 04:46 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-14 12:14 - 2018-10-16 04:39 - 002171800 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-11-14 12:14 - 2018-10-16 04:39 - 001662504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-14 12:14 - 2018-10-16 04:39 - 001063368 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2018-11-14 12:14 - 2018-10-16 04:18 - 001137472 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-14 12:14 - 2018-10-16 04:02 - 001563584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-11-14 12:14 - 2018-10-16 04:02 - 001214920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-14 12:14 - 2018-10-12 21:35 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-14 12:14 - 2018-10-12 21:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-14 12:14 - 2018-10-12 21:25 - 000189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-14 12:14 - 2018-10-12 21:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-14 12:14 - 2018-10-12 21:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-14 12:14 - 2018-10-12 21:16 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-14 12:14 - 2018-10-12 21:16 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-14 12:14 - 2018-10-12 21:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-14 12:14 - 2018-10-12 21:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-11-14 12:14 - 2018-10-12 20:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-14 12:14 - 2018-10-12 20:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-14 12:14 - 2018-10-12 20:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-14 12:14 - 2018-10-12 20:51 - 000267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2018-11-14 12:14 - 2018-10-12 20:47 - 001049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-11-14 12:14 - 2018-10-12 20:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-14 12:14 - 2018-10-12 20:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-14 12:14 - 2018-10-12 20:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-14 12:14 - 2018-10-12 03:16 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-14 12:14 - 2018-10-12 03:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-14 12:14 - 2018-10-12 03:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-14 12:14 - 2018-10-12 03:10 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-14 12:14 - 2018-10-12 03:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-14 12:14 - 2018-10-12 02:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-14 12:14 - 2018-10-12 02:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-14 12:14 - 2018-10-12 02:58 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-14 12:14 - 2018-10-12 02:58 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-14 12:14 - 2018-10-12 02:35 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-11-14 12:14 - 2018-10-12 02:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-14 12:14 - 2018-10-12 02:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-14 12:14 - 2018-10-12 02:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-14 12:14 - 2018-10-12 02:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-14 12:14 - 2018-10-12 02:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-14 12:14 - 2018-10-12 02:17 - 000809984 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-14 12:14 - 2018-10-12 02:12 - 002882048 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-11-14 12:14 - 2018-10-12 02:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-14 12:14 - 2018-10-12 01:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-14 12:14 - 2018-10-06 19:14 - 001547192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-11-14 12:14 - 2018-10-06 19:14 - 000388536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-11-14 12:14 - 2018-10-06 19:04 - 001308976 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-14 12:14 - 2018-10-06 19:03 - 000356288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-14 12:14 - 2018-10-06 17:48 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-14 12:14 - 2018-10-06 16:41 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-14 12:14 - 2018-10-06 16:34 - 002175488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-14 12:14 - 2018-10-06 16:32 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-14 12:14 - 2018-09-28 14:38 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-11-14 12:14 - 2018-09-28 14:34 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-11-14 12:14 - 2018-09-23 17:47 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-14 12:14 - 2018-09-23 17:45 - 000468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-14 12:14 - 2018-09-23 17:45 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-14 12:14 - 2018-09-23 17:37 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-14 12:14 - 2018-09-23 17:24 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-14 12:14 - 2018-09-23 17:23 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-14 12:14 - 2018-09-23 17:23 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-14 12:14 - 2018-09-23 17:20 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-14 12:14 - 2018-09-23 17:17 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-14 12:14 - 2018-09-23 17:00 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-14 12:14 - 2018-09-23 17:00 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-14 12:14 - 2018-09-23 16:58 - 000904192 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-14 12:14 - 2018-09-23 16:56 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-14 12:14 - 2018-09-23 16:53 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-14 12:14 - 2018-09-23 16:51 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-14 12:14 - 2018-09-23 16:50 - 000709632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-14 12:14 - 2018-09-12 19:30 - 000137008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-11-14 12:14 - 2018-09-11 16:30 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-11-14 12:14 - 2018-08-26 04:38 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-11-14 12:14 - 2018-08-26 04:38 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-11-14 12:14 - 2018-08-26 04:21 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-11-14 12:14 - 2018-08-26 04:21 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-11-14 12:14 - 2018-08-26 02:45 - 000513448 _____ C:\Windows\SysWOW64\locale.nls
2018-11-14 12:14 - 2018-08-26 02:45 - 000513448 _____ C:\Windows\system32\locale.nls
2018-11-14 12:14 - 2018-08-21 14:39 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-14 12:14 - 2018-08-21 14:35 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-14 12:14 - 2018-08-19 17:22 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-14 12:14 - 2018-08-19 16:52 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-14 12:14 - 2018-08-19 16:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-12 22:23 - 2018-11-12 22:26 - 671317184 _____ C:\Users\oldřich\Downloads\31s.cz - Jízda.avi
2018-11-12 22:12 - 2018-11-12 22:22 - 1746258464 _____ C:\Users\oldřich\Downloads\31s.cz - Restart.mkv
2018-11-11 22:31 - 2018-11-11 23:50 - 876217726 _____ C:\Users\oldřich\Downloads\John Wick 1 - Akční 2014 CZdab (dublsoft).mp4
2018-11-07 01:30 - 2018-11-07 01:31 - 002425125 _____ C:\Users\oldřich\Downloads\videoplayback.m4a

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-05 12:23 - 2018-09-06 09:40 - 000000000 ____D C:\Users\oldřich\AppData\Local\CrashDumps
2018-12-05 12:22 - 2018-09-25 17:47 - 597067036 _____ C:\Windows\MEMORY.DMP
2018-12-05 12:22 - 2018-09-03 14:58 - 000000000 ____D C:\Windows\Minidump
2018-12-05 12:22 - 2018-09-03 00:27 - 000000000 ____D C:\Users\oldřich
2018-12-05 12:22 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-05 10:59 - 2018-09-03 00:34 - 000003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D300AD43-1DAD-4CA1-BFE2-4610B487236A}
2018-12-04 22:59 - 2018-09-25 18:12 - 000000000 ____D C:\Users\oldřich\AppData\Roaming\vlc
2018-12-04 16:51 - 2018-09-03 00:37 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3829940882-3502807747-84982314-1001
2018-12-04 16:09 - 2018-09-10 22:23 - 000000000 ____D C:\Users\oldřich\AppData\Roaming\Seznam.cz
2018-12-04 16:07 - 2018-09-03 00:59 - 000000000 ____D C:\Users\oldřich\AppData\LocalLow\Mozilla
2018-12-04 16:06 - 2018-09-03 00:33 - 000000000 ___DO C:\Users\oldřich\OneDrive
2018-12-04 16:02 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-12-03 16:00 - 2014-11-21 05:53 - 001661154 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-03 16:00 - 2014-11-21 05:10 - 000705162 _____ C:\Windows\system32\perfh005.dat
2018-12-03 16:00 - 2014-11-21 05:10 - 000143922 _____ C:\Windows\system32\perfc005.dat
2018-12-03 16:00 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf
2018-12-02 21:46 - 2018-09-03 00:37 - 000000000 ____D C:\Program Files (x86)\Google
2018-12-02 21:27 - 2018-09-08 16:36 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-12-02 21:26 - 2018-09-03 00:49 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-11-30 18:54 - 2018-09-03 00:34 - 000000000 __SHD C:\Users\oldřich\AppData\LocalLow\EmieUserList
2018-11-30 18:54 - 2018-09-03 00:34 - 000000000 __SHD C:\Users\oldřich\AppData\LocalLow\EmieSiteList
2018-11-30 18:54 - 2018-09-03 00:34 - 000000000 __SHD C:\Users\oldřich\AppData\Local\EmieUserList
2018-11-30 18:54 - 2018-09-03 00:34 - 000000000 __SHD C:\Users\oldřich\AppData\Local\EmieSiteList
2018-11-30 18:46 - 2018-09-03 00:49 - 000000000 ____D C:\Users\oldřich\AppData\Local\AVAST Software
2018-11-30 18:32 - 2018-09-19 14:15 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-11-30 18:32 - 2018-09-07 23:32 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-30 18:32 - 2018-09-04 20:48 - 000003176 _____ C:\Windows\System32\Tasks\{88BB4075-CDE1-4920-A443-5F07D09E1A1C}
2018-11-30 18:32 - 2018-09-04 20:45 - 000003176 _____ C:\Windows\System32\Tasks\{576B81E5-DBBC-464F-82A9-F59EE703EA65}
2018-11-30 18:32 - 2018-09-03 19:27 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-11-30 18:32 - 2018-09-03 01:06 - 000004524 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-30 18:32 - 2018-09-03 01:06 - 000004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-30 13:20 - 2018-09-27 09:30 - 000028672 ___SH C:\Users\oldřich\Desktop\Thumbs.db
2018-11-30 13:20 - 2018-09-05 09:51 - 000024520 _____ C:\Users\oldřich\Desktop\ZOO.ods_0.ods
2018-11-28 21:01 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\NDF
2018-11-26 17:24 - 2018-09-03 00:48 - 000239840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-11-23 21:46 - 2018-09-03 00:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-23 21:46 - 2018-09-03 00:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-22 22:57 - 2018-09-03 00:51 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-22 22:57 - 2018-09-03 00:51 - 000002406 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-11-22 15:50 - 2013-08-22 16:20 - 000000000 ____D C:\Windows\CbsTemp
2018-11-21 20:30 - 2018-09-03 00:59 - 000000924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-21 13:22 - 2018-10-23 19:49 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 001028680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000469272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000380464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000346592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000230344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000208472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000201768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000201240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000163208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000111800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000087432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000059496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000046384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-11-20 14:05 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-20 14:05 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-17 23:26 - 2018-09-04 20:36 - 000019593 _____ C:\Users\oldřich\Desktop\POZNÁMKY.odt
2018-11-17 17:32 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\rescache
2018-11-16 22:29 - 2018-09-05 12:26 - 000834960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-16 22:29 - 2018-09-05 12:26 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-16 18:16 - 2018-09-03 00:43 - 000001322 _____ C:\Users\Public\Desktop\Skype.lnk
2018-11-16 18:16 - 2018-09-03 00:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-11-16 18:14 - 2013-08-22 15:44 - 000387064 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-16 08:39 - 2018-09-07 23:32 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-14 14:41 - 2018-09-05 11:07 - 000000000 ____D C:\Windows\system32\MRT
2018-11-14 14:38 - 2018-09-05 11:07 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some files in TEMP:
====================
2018-09-29 22:28 - 2018-09-29 22:28 - 040094224 _____ (Ellora Assets Corporation ) C:\Users\oldřich\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2018-11-16 18:23 - 2018-11-16 18:23 - 000192512 _____ () C:\Users\oldřich\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 18:56 - 2015-02-10 18:56 - 000105984 _____ () C:\Users\oldřich\AppData\Local\Temp\sfextra.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-03 08:14

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by oldřich (05-12-2018 12:34:11)
Running from C:\Users\oldřich\Downloads
Windows 8.1 (Update) (X64) (2018-09-02 23:27:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3829940882-3502807747-84982314-500 - Administrator - Disabled)
Guest (S-1-5-21-3829940882-3502807747-84982314-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3829940882-3502807747-84982314-1004 - Limited - Enabled)
oldřich (S-1-5-21-3829940882-3502807747-84982314-1001 - Administrator - Enabled) => C:\Users\oldřich

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Airflow 1.0.0-beta6 (HKLM-x32\...\Airflow) (Version: 1.0.0-beta6 - InMethod, s.r.o.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.0.917.103 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Eusing Free MP3 Cutter (HKLM-x32\...\Eusing Free MP3 Cutter) (Version: - )
Free AVI to MP4 Converter (32-bit) 1.2 (HKLM-x32\...\{55F62293-FD7F-4CF0-8097-8DE29EF66DC8}_is1) (Version: 1.2 - Jacek Pazera)
Free AVI to MP4 Converter 1.0 (HKLM-x32\...\{756DF96D-E40E-4B52-A53D-036E3D6AAB44}_is1) (Version: - PolySoft Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - Irfan Skiljan)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 63.0.3 (x64 cs)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
MP4 Converter 3 (HKLM-x32\...\MP4 Converter_is1) (Version: - Tomabo)
OpenOffice 4.1.5 (HKLM-x32\...\{2FEA9841-64DE-4FA5-A36F-1CD23E2790EB}) (Version: 4.15.9789 - Apache Software Foundation)
Seznam Software (HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
Skype verze 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Wondershare AllMyTube(Build 5.0.0.3) (HKLM-x32\...\AllMyTube_is1) (Version: 5.0.0.3 - Wondershare)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
World of Tanks (HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers1: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files (x86)\Tomabo\MP4 Converter\MP4C_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers1: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files (x86)\Tomabo\MP4 Converter\MP4P_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\PROGRA~2\TOTALV~1\TVCShellExtx64.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers6: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files (x86)\Tomabo\MP4 Converter\MP4C_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers6: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files (x86)\Tomabo\MP4 Converter\MP4P_WS.dll [2015-07-21] (Tomabo)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {27A13939-3712-41D3-8559-A2164FE2D9BD} - System32\Tasks\{576B81E5-DBBC-464F-82A9-F59EE703EA65} => C:\Windows\system32\pcalua.exe -a G:\instalace\manažéry\TotalComander650\tcmdr650.exe -d G:\instalace\manažéry\TotalComander650
Task: {3EF9DA0A-9CB7-44EA-BC3A-1A4E9D6EBC5E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {52A2BA6F-2218-4C6C-B2A2-917B2361A4C2} - System32\Tasks\{88BB4075-CDE1-4920-A443-5F07D09E1A1C} => C:\Windows\system32\pcalua.exe -a G:\instalace\manažéry\TotalComander652\tcmdr652.exe -d G:\instalace\manažéry\TotalComander652
Task: {70AB7D3F-CA75-40E0-87CD-035CD8ECEB6A} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-03] (AVAST Software)
Task: {80023563-0D15-4461-9B93-FD382C561ECE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-21] (AVAST Software)
Task: {861C0CEB-00BE-48AC-A7B2-6E1746ED8606} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-02] (Google Inc.)
Task: {9464F744-C473-4B5D-B9B0-6F70B184CB1B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {C06E9B50-1A3E-421B-BDB6-7D11164A26EA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {D0F27F2C-EB1C-4A58-B3E2-529DC8E8F6EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] ()
Task: {D570BF3C-6F3F-4F22-94AD-212CBDE67FA1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-02] (Google Inc.)
Task: {D7225496-DC29-4F0E-8781-25F0F4D9A7C2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-02] (AVAST Software)
Task: {DC4FABA5-1000-4126-B19A-648985510B44} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-03] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-07-04 20:33 - 2014-07-04 20:33 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 000814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2018-12-02 21:46 - 2018-11-16 06:43 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
2018-12-02 21:46 - 2018-11-16 06:43 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll
2018-12-03 18:04 - 2018-12-03 18:04 - 031311872 _____ () C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.101\pepflashplayer.dll
2018-09-03 00:43 - 2018-11-09 19:57 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-11-16 18:16 - 2018-11-09 19:57 - 002381152 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2018-11-16 18:16 - 2018-11-09 19:57 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-11-16 18:16 - 2018-11-09 19:57 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-11-16 18:16 - 2018-11-09 19:57 - 000081864 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2018-09-03 00:43 - 2018-11-09 19:57 - 002723872 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-09-03 00:43 - 2018-11-09 19:57 - 000031776 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-11-16 18:16 - 2018-11-09 19:57 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-11-16 18:16 - 2018-11-09 19:57 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2018-11-15 18:48 - 000000826 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3829940882-3502807747-84982314-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\oldřich\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_20160830_155631.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{47C5AFD7-7C06-43C8-AFD3-AEC87A077AA8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CFF794E6-7114-4EB4-BB0B-8D5BA85C7D62}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1F53F198-0E1B-4497-9449-D048C374D171}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{52506540-54AF-4F52-B705-45AAC61EE65E}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AF7941E1-8CC3-4CA9-8F8A-A98CC2F26114}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{4CBA44BB-913E-4A62-9437-34AEB2435E27}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E07B31D8-A8CC-447D-BB5E-1AB61F44B563}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{FCD6E1CD-1C88-4DCC-906C-D4AFAC13DCBD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [TCP Query User{1FCF9EC1-0F5E-4CC5-A195-0E653FA1383A}C:\users\oldřich\downloads\odorik.exe] => (Allow) C:\users\oldřich\downloads\odorik.exe
FirewallRules: [UDP Query User{88026E05-3FAF-43EA-A9E4-0B72BE5A23A6}C:\users\oldřich\downloads\odorik.exe] => (Allow) C:\users\oldřich\downloads\odorik.exe
FirewallRules: [TCP Query User{A70CA720-6A6C-49C6-BF6E-1B5E873F48CE}C:\users\oldřich\desktop\odorik.exe] => (Allow) C:\users\oldřich\desktop\odorik.exe
FirewallRules: [UDP Query User{EC0CE601-BECB-4BEA-BD96-54255AA8B2E3}C:\users\oldřich\desktop\odorik.exe] => (Allow) C:\users\oldřich\desktop\odorik.exe
FirewallRules: [TCP Query User{1C3CB269-E00B-4AEB-8443-488241435E57}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{FA8BC68D-75D5-47C4-84B2-41A8F2AEADE0}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{E886934A-CB4A-46CE-91F2-40715C6BF21E}C:\program files (x86)\airflow\airflow.exe] => (Allow) C:\program files (x86)\airflow\airflow.exe
FirewallRules: [UDP Query User{D813C402-7206-4BB8-8D46-741C5CAE19CB}C:\program files (x86)\airflow\airflow.exe] => (Allow) C:\program files (x86)\airflow\airflow.exe
FirewallRules: [{2ECBB3F1-43A8-43C1-A7AA-672DF1295244}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{762DCA34-D993-4D76-98DE-8BF9A97E6592}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{DCB28BAC-2318-4572-A2DC-BC93890F9211}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{6A8F7677-FF92-46A2-B744-CB74C04E1405}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{1208D8A3-A9C1-48AF-B70C-22AF809194FE}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{BD0DE790-3E5E-431E-8E1E-AF96F9A7364B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Converter\MP4Downloader.exe] => Enabled:MP4 Downloader

==================== Restore Points =========================

27-11-2018 12:59:45 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2018 12:23:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/05/2018 12:22:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 6.3.9600.18460, časové razítko: 0x57c1b8c1
Název chybujícího modulu: twinui.appcore.dll, verze: 6.3.9600.18423, časové razítko: 0x5793b4e5
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000c2548
ID chybujícího procesu: 0x670
Čas spuštění chybující aplikace: 0x01d48c8cd0a792c4
Cesta k chybující aplikaci: C:\Windows\Explorer.EXE
Cesta k chybujícímu modulu: C:\Windows\System32\twinui.appcore.dll
ID zprávy: 1db93108-f880-11e8-827d-d43d7e5271ef
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/05/2018 12:18:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/05/2018 12:18:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/05/2018 11:48:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/05/2018 11:48:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/05/2018 11:18:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/05/2018 11:18:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.


System errors:
=============
Error: (12/05/2018 12:31:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Windows Store (WSService) byla neočekávaně ukončena. Tento stav nastal již 6krát.

Error: (12/05/2018 12:31:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Windows Store (WSService) byla neočekávaně ukončena. Tento stav nastal již 5krát.

Error: (12/05/2018 12:28:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Windows Store (WSService) byla neočekávaně ukončena. Tento stav nastal již 4krát.

Error: (12/05/2018 12:25:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Windows Store (WSService) byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (12/05/2018 12:23:30 PM) (Source: DCOM) (EventID: 10001) (User: OLDA)
Description: Nelze spustit server DCOM: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
15612
při provádění příkazu:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server

Error: (12/05/2018 12:23:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Store (WSService) byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 300000 milisekund: Restartovat službu.

Error: (12/05/2018 12:23:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Store (WSService) byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (12/05/2018 12:22:24 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x0000007a (0xfffff6fc80a26dd8, 0xffffffffc000009d, 0x00000001690ea880, 0xfffff90144dbb008). Výpis byl uložen do: C:\Windows\MEMORY.DMP. ID hlášení: 120518-15578-01


Windows Defender:
===================================
Date: 2018-09-03 01:49:17.541
Description:
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Systém kontroly sítě
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2018-12-01 11:34:18.327
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:18.023
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:17.755
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:17.487
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:17.222
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:16.925
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:16.643
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:16.378
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 33%
Total physical RAM: 8191.18 MB
Available physical RAM: 5449.27 MB
Total Virtual: 16383.18 MB
Available Virtual: 13435.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:809.88 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C0B93A2A)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: PC podezření na zavirování.

Napsal: 05 pro 2018 15:03
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: PC podezření na zavirování.

Napsal: 06 pro 2018 16:08
od gold
# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build: 11-26-2018
# Database: 2018-12-03.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-05-2018
# Duration: 00:00:03
# OS: Windows 8.1
# Cleaned: 5
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted Amazon Assistant for Chrome

***** [ Chromium URLs ] *****

Deleted http://mysearch.avg.com/?cid={45DD1CF7- ... 2013-06-28 19:05:03&v=15.3.0.11&pid=safeguard&sg=0&sap=hp
Deleted AVG Secure Search
Deleted http://mysearch.avg.com/?cid={45DD1CF7- ... 2013-06-28 19:05:03&v=15.3.0.11&pid=safeguard&sg=0&sap=hp
Deleted AVG Secure Search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1860 octets] - [05/12/2018 15:46:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: PC podezření na zavirování.

Napsal: 06 pro 2018 16:55
od Rudy
Dejte nové logy FRST+Addition.

Re: PC podezření na zavirování.

Napsal: 06 pro 2018 19:05
od gold
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by oldřich (administrator) on OLDA (06-12-2018 19:02:13)
Running from C:\Users\oldřich\Desktop
Loaded Profiles: oldřich (Available Profiles: oldřich)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(C. Ghisler & Co.) C:\totalcmd\TOTALCMD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-21] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1069296 2018-03-27] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Technologies S.A.)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [AvastBrowserAutoLaunch_D94630ADFD9E294522375000616C5DA7] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1819312 2018-11-16] (AVAST Software)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\oldřich\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] ()
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\oldřich\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] ()
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-08-24] (Piriform Ltd)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [GoogleChromeAutoLaunch_FE6A20CA7E40AA098E515C3A3E39A34B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589080 2018-11-16] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2B5E2A4C-36C6-4596-B56D-BC3F15599931}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: hac9qjf3.default
FF ProfilePath: C:\Users\oldřich\AppData\Roaming\Mozilla\Firefox\Profiles\hac9qjf3.default [2018-12-06]
FF Homepage: Mozilla\Firefox\Profiles\hac9qjf3.default -> hxxps://cz2.herozerogame.com/|hxxps://s1-cz.tanoth.gameforge.com/
FF NewTab: Mozilla\Firefox\Profiles\hac9qjf3.default -> about:newtab
FF NewTabOverride: Mozilla\Firefox\Profiles\hac9qjf3.default -> Enabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\oldřich\AppData\Roaming\Mozilla\Firefox\Profiles\hac9qjf3.default\Extensions\sp@avast.com.xpi [2018-11-15]
FF Extension: (Avast Online Security) - C:\Users\oldřich\AppData\Roaming\Mozilla\Firefox\Profiles\hac9qjf3.default\Extensions\wrc@avast.com.xpi [2018-11-21]
FF SearchPlugin: C:\Users\oldřich\AppData\Roaming\Mozilla\Firefox\Profiles\hac9qjf3.default\searchplugins\google-avast.xml [2018-09-19]
FF HKLM-x32\...\Firefox\Extensions: [{8B1E27AE-119E-456b-B22E-08C61FACB097}] - C:\Program Files (x86)\Tomabo\MP4 Converter\MP4D_FF.xpi
FF Extension: (MP4 Downloader Extension) - C:\Program Files (x86)\Tomabo\MP4 Converter\MP4D_FF.xpi [2016-07-26] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] ()
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.myfreezoo.cz/game/","hxxps://s1-cz. ... ogame.com/"
CHR Profile: C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default [2018-12-06]
CHR Extension: (Překladač Google) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-09-03]
CHR Extension: (Prezentace) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-03]
CHR Extension: (Dokumenty) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-03]
CHR Extension: (Disk Google) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-03]
CHR Extension: (YouTube) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-03]
CHR Extension: (Adblock Plus) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]
CHR Extension: (Aliexpress SuperStar) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2018-11-30]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2018-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-09-07]
CHR Extension: (Spyware Terminator Internet Guard) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\elbjpfdfllhaioofjgmiaekihidancnc [2018-09-03]
CHR Extension: (uBlock) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-11-23]
CHR Extension: (Tabulky) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-03]
CHR Extension: (CastBuddy) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghagedffjalchgcgdgfindabkpnmalel [2018-10-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-03]
CHR Extension: (Reklamy blokátor pro YouTube ™) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2018-09-03]
CHR Extension: (FormApps Extension) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2018-09-03]
CHR Extension: (PlayTo for Chromecast™) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngkenaoceimiimeokpdbmejeonaaami [2018-09-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-03]
CHR Extension: (Gmail) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-03]
CHR Extension: (Chrome Media Router) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-03]
CHR Profile: C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-21] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-03] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-21] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-03] (AVAST Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S3 WSService; C:\Windows\System32\WSService.dll [3460472 2014-11-21] (Microsoft Corporation) [File not signed]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\Windows\system32\DRIVERS\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-11-21] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-21] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-11-21] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-11-21] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-11-21] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-11-21] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-11-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-11-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-11-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-11-21] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-11-21] (AVAST Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-06 19:02 - 2018-12-06 19:02 - 000017380 _____ C:\Users\oldřich\Desktop\FRST.txt
2018-12-06 01:21 - 2018-12-06 01:39 - 336434972 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x07 - Vlna zločinu.avi
2018-12-05 22:49 - 2018-12-05 23:11 - 389404528 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x06 - Pekelná noc.avi
2018-12-05 22:36 - 2018-12-05 22:40 - 974273526 _____ C:\Users\oldřich\Downloads\857 Ordinace v růžové zahradě 2 - 857.mkv
2018-12-05 22:34 - 2018-12-05 22:49 - 256114422 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x05 - Nezákonně.avi
2018-12-05 22:10 - 2018-12-05 22:14 - 434652027 _____ C:\Users\oldřich\Downloads\857 Ordinace v růžové zahradě 2 - 857.mkv.crdownload
2018-12-05 15:46 - 2018-12-05 15:46 - 000000000 ____D C:\AdwCleaner
2018-12-05 15:44 - 2018-12-05 15:44 - 007321808 _____ (Malwarebytes) C:\Users\oldřich\Downloads\adwcleaner_7.2.5.0.exe
2018-12-05 15:44 - 2018-12-05 15:44 - 007321808 _____ (Malwarebytes) C:\Users\oldřich\Desktop\adwcleaner_7.2.5.0.exe
2018-12-05 13:38 - 2018-12-05 13:38 - 000000000 __SHD C:\found.003
2018-12-05 12:34 - 2018-12-05 12:34 - 000025752 _____ C:\Users\oldřich\Downloads\Addition.txt
2018-12-05 12:33 - 2018-12-06 19:02 - 000000000 ____D C:\FRST
2018-12-05 12:33 - 2018-12-05 12:34 - 000037867 _____ C:\Users\oldřich\Downloads\FRST.txt
2018-12-05 12:29 - 2018-12-05 12:29 - 002417152 _____ (Farbar) C:\Users\oldřich\Desktop\FRST64.exe
2018-12-05 12:22 - 2018-12-05 12:22 - 000287904 _____ C:\Windows\Minidump\120518-15578-01.dmp
2018-12-03 19:49 - 2018-12-03 20:10 - 387909423 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x04 - Blesková vražda.avi
2018-12-02 23:10 - 2018-12-02 23:39 - 313053114 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x03 - Pod vlivem.avi
2018-12-02 21:46 - 2018-12-02 21:46 - 000002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-02 21:46 - 2018-12-02 21:46 - 000002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-02 21:45 - 2018-12-02 21:45 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-02 21:45 - 2018-12-02 21:45 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-02 21:29 - 2018-12-02 21:33 - 880199389 _____ C:\Users\oldřich\Downloads\856 Ordinace v růžové zahradě 2 - 856.mp4
2018-12-01 21:40 - 2018-12-01 21:40 - 000279656 _____ C:\Windows\Minidump\120118-16343-01.dmp
2018-12-01 15:26 - 2018-12-01 15:26 - 001130840 _____ (Google Inc.) C:\Users\oldřich\Downloads\ChromeSetup.exe
2018-11-30 18:42 - 2018-11-30 18:42 - 000287736 _____ C:\Windows\Minidump\113018-15250-01.dmp
2018-11-29 22:38 - 2018-11-29 22:44 - 1305274092 _____ C:\Users\oldřich\Downloads\Ready Player One - Hra zacina (2018 BluRay 720p AC3 - CZ dabing).mkv
2018-11-29 19:52 - 2018-11-29 19:53 - 476377286 _____ C:\Users\oldřich\Downloads\Modrý kód 139-Polibek brouka-28.11.18.avi
2018-11-21 17:59 - 2018-11-21 17:59 - 000279600 _____ C:\Windows\Minidump\112118-22843-01.dmp
2018-11-21 13:23 - 2018-11-21 13:22 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-11-16 18:23 - 2018-11-16 18:24 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-11-16 18:23 - 2018-11-16 18:23 - 000001019 _____ C:\Users\oldřich\Desktop\SpeedFan.lnk
2018-11-16 18:23 - 2018-11-16 18:23 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2018-11-16 18:23 - 2018-11-16 18:23 - 000000000 ____D C:\Users\oldřich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2018-11-16 18:18 - 2018-11-16 18:18 - 000009216 ___SH C:\Users\oldřich\Downloads\Thumbs.db
2018-11-14 12:14 - 2018-10-25 01:54 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-14 12:14 - 2018-10-25 01:51 - 000121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-14 12:14 - 2018-10-25 01:46 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-14 12:14 - 2018-10-25 01:45 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-14 12:14 - 2018-10-18 03:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-14 12:14 - 2018-10-18 03:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-14 12:14 - 2018-10-16 04:46 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-14 12:14 - 2018-10-16 04:39 - 002171800 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-11-14 12:14 - 2018-10-16 04:39 - 001662504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-14 12:14 - 2018-10-16 04:39 - 001063368 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2018-11-14 12:14 - 2018-10-16 04:18 - 001137472 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-14 12:14 - 2018-10-16 04:02 - 001563584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-11-14 12:14 - 2018-10-16 04:02 - 001214920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-14 12:14 - 2018-10-12 21:35 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-14 12:14 - 2018-10-12 21:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-14 12:14 - 2018-10-12 21:25 - 000189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-14 12:14 - 2018-10-12 21:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-14 12:14 - 2018-10-12 21:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-14 12:14 - 2018-10-12 21:16 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-14 12:14 - 2018-10-12 21:16 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-14 12:14 - 2018-10-12 21:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-14 12:14 - 2018-10-12 21:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-11-14 12:14 - 2018-10-12 20:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-14 12:14 - 2018-10-12 20:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-14 12:14 - 2018-10-12 20:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-14 12:14 - 2018-10-12 20:51 - 000267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2018-11-14 12:14 - 2018-10-12 20:47 - 001049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-11-14 12:14 - 2018-10-12 20:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-14 12:14 - 2018-10-12 20:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-14 12:14 - 2018-10-12 20:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-14 12:14 - 2018-10-12 03:16 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-14 12:14 - 2018-10-12 03:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-14 12:14 - 2018-10-12 03:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-14 12:14 - 2018-10-12 03:10 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-14 12:14 - 2018-10-12 03:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-14 12:14 - 2018-10-12 02:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-14 12:14 - 2018-10-12 02:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-14 12:14 - 2018-10-12 02:58 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-14 12:14 - 2018-10-12 02:58 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-14 12:14 - 2018-10-12 02:35 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-11-14 12:14 - 2018-10-12 02:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-14 12:14 - 2018-10-12 02:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-14 12:14 - 2018-10-12 02:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-14 12:14 - 2018-10-12 02:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-14 12:14 - 2018-10-12 02:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-14 12:14 - 2018-10-12 02:17 - 000809984 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-14 12:14 - 2018-10-12 02:12 - 002882048 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-11-14 12:14 - 2018-10-12 02:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-14 12:14 - 2018-10-12 01:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-14 12:14 - 2018-10-06 19:14 - 001547192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-11-14 12:14 - 2018-10-06 19:14 - 000388536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-11-14 12:14 - 2018-10-06 19:04 - 001308976 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-14 12:14 - 2018-10-06 19:03 - 000356288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-14 12:14 - 2018-10-06 17:48 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-14 12:14 - 2018-10-06 16:41 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-14 12:14 - 2018-10-06 16:34 - 002175488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-14 12:14 - 2018-10-06 16:32 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-14 12:14 - 2018-09-28 14:38 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-11-14 12:14 - 2018-09-28 14:34 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-11-14 12:14 - 2018-09-23 17:47 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-14 12:14 - 2018-09-23 17:45 - 000468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-14 12:14 - 2018-09-23 17:45 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-14 12:14 - 2018-09-23 17:37 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-14 12:14 - 2018-09-23 17:24 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-14 12:14 - 2018-09-23 17:23 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-14 12:14 - 2018-09-23 17:23 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-14 12:14 - 2018-09-23 17:20 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-14 12:14 - 2018-09-23 17:17 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-14 12:14 - 2018-09-23 17:00 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-14 12:14 - 2018-09-23 17:00 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-14 12:14 - 2018-09-23 16:58 - 000904192 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-14 12:14 - 2018-09-23 16:56 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-14 12:14 - 2018-09-23 16:53 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-14 12:14 - 2018-09-23 16:51 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-14 12:14 - 2018-09-23 16:50 - 000709632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-14 12:14 - 2018-09-12 19:30 - 000137008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-11-14 12:14 - 2018-09-11 16:30 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-11-14 12:14 - 2018-08-26 04:38 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-11-14 12:14 - 2018-08-26 04:38 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-11-14 12:14 - 2018-08-26 04:21 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-11-14 12:14 - 2018-08-26 04:21 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-11-14 12:14 - 2018-08-26 02:45 - 000513448 _____ C:\Windows\SysWOW64\locale.nls
2018-11-14 12:14 - 2018-08-26 02:45 - 000513448 _____ C:\Windows\system32\locale.nls
2018-11-14 12:14 - 2018-08-21 14:39 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-14 12:14 - 2018-08-21 14:35 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-14 12:14 - 2018-08-19 17:22 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-14 12:14 - 2018-08-19 16:52 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-14 12:14 - 2018-08-19 16:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-12 22:23 - 2018-11-12 22:26 - 671317184 _____ C:\Users\oldřich\Downloads\31s.cz - Jízda.avi
2018-11-12 22:12 - 2018-11-12 22:22 - 1746258464 _____ C:\Users\oldřich\Downloads\31s.cz - Restart.mkv
2018-11-11 22:31 - 2018-11-11 23:50 - 876217726 _____ C:\Users\oldřich\Downloads\John Wick 1 - Akční 2014 CZdab (dublsoft).mp4
2018-11-07 01:30 - 2018-11-07 01:31 - 002425125 _____ C:\Users\oldřich\Downloads\videoplayback.m4a

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-06 16:44 - 2018-09-03 00:59 - 000000000 ____D C:\Users\oldřich\AppData\LocalLow\Mozilla
2018-12-06 15:00 - 2013-08-22 16:20 - 000000000 ____D C:\Windows\CbsTemp
2018-12-06 14:34 - 2018-09-03 00:34 - 000003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D300AD43-1DAD-4CA1-BFE2-4610B487236A}
2018-12-06 14:13 - 2018-09-03 00:49 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-12-06 14:13 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\NDF
2018-12-06 13:59 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf
2018-12-06 02:26 - 2018-09-25 18:12 - 000000000 ____D C:\Users\oldřich\AppData\Roaming\vlc
2018-12-05 21:08 - 2018-09-10 22:23 - 000000000 ____D C:\Users\oldřich\AppData\Roaming\Seznam.cz
2018-12-05 16:02 - 2018-09-03 00:33 - 000000000 ___DO C:\Users\oldřich\OneDrive
2018-12-05 16:01 - 2018-09-06 09:40 - 000000000 ____D C:\Users\oldřich\AppData\Local\CrashDumps
2018-12-05 15:58 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-05 15:47 - 2018-09-03 00:27 - 000000000 ____D C:\Users\oldřich
2018-12-05 15:45 - 2018-09-27 09:30 - 000033792 ___SH C:\Users\oldřich\Desktop\Thumbs.db
2018-12-05 15:45 - 2018-09-05 09:51 - 000030352 _____ C:\Users\oldřich\Desktop\ZOO.ods_0.ods
2018-12-05 12:22 - 2018-09-25 17:47 - 597067036 _____ C:\Windows\MEMORY.DMP
2018-12-05 12:22 - 2018-09-03 14:58 - 000000000 ____D C:\Windows\Minidump
2018-12-04 16:51 - 2018-09-03 00:37 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3829940882-3502807747-84982314-1001
2018-12-04 16:02 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-12-03 16:00 - 2014-11-21 05:53 - 001661154 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-03 16:00 - 2014-11-21 05:10 - 000705162 _____ C:\Windows\system32\perfh005.dat
2018-12-03 16:00 - 2014-11-21 05:10 - 000143922 _____ C:\Windows\system32\perfc005.dat
2018-12-02 21:46 - 2018-09-03 00:37 - 000000000 ____D C:\Program Files (x86)\Google
2018-12-02 21:27 - 2018-09-08 16:36 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-12-01 00:43 - 2018-09-05 12:26 - 000835688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-12-01 00:43 - 2018-09-05 12:26 - 000179808 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-30 18:54 - 2018-09-03 00:34 - 000000000 __SHD C:\Users\oldřich\AppData\LocalLow\EmieUserList
2018-11-30 18:54 - 2018-09-03 00:34 - 000000000 __SHD C:\Users\oldřich\AppData\LocalLow\EmieSiteList
2018-11-30 18:54 - 2018-09-03 00:34 - 000000000 __SHD C:\Users\oldřich\AppData\Local\EmieUserList
2018-11-30 18:54 - 2018-09-03 00:34 - 000000000 __SHD C:\Users\oldřich\AppData\Local\EmieSiteList
2018-11-30 18:46 - 2018-09-03 00:49 - 000000000 ____D C:\Users\oldřich\AppData\Local\AVAST Software
2018-11-30 18:32 - 2018-09-19 14:15 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-11-30 18:32 - 2018-09-07 23:32 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-30 18:32 - 2018-09-04 20:48 - 000003176 _____ C:\Windows\System32\Tasks\{88BB4075-CDE1-4920-A443-5F07D09E1A1C}
2018-11-30 18:32 - 2018-09-04 20:45 - 000003176 _____ C:\Windows\System32\Tasks\{576B81E5-DBBC-464F-82A9-F59EE703EA65}
2018-11-30 18:32 - 2018-09-03 19:27 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-11-30 18:32 - 2018-09-03 01:06 - 000004524 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-30 18:32 - 2018-09-03 01:06 - 000004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-26 17:24 - 2018-09-03 00:48 - 000239840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-11-23 21:46 - 2018-09-03 00:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-23 21:46 - 2018-09-03 00:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-22 22:57 - 2018-09-03 00:51 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-22 22:57 - 2018-09-03 00:51 - 000002406 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-11-21 20:30 - 2018-09-03 00:59 - 000000924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-21 13:22 - 2018-10-23 19:49 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 001028680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000469272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000380464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000346592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000230344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000208472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000201768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000201240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000163208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000111800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000087432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000059496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000046384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-11-20 14:05 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-20 14:05 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-17 23:26 - 2018-09-04 20:36 - 000019593 _____ C:\Users\oldřich\Desktop\POZNÁMKY.odt
2018-11-17 17:32 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\rescache
2018-11-16 18:16 - 2018-09-03 00:43 - 000001322 _____ C:\Users\Public\Desktop\Skype.lnk
2018-11-16 18:16 - 2018-09-03 00:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-11-16 18:14 - 2013-08-22 15:44 - 000387064 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-16 08:39 - 2018-09-07 23:32 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-14 14:41 - 2018-09-05 11:07 - 000000000 ____D C:\Windows\system32\MRT
2018-11-14 14:38 - 2018-09-05 11:07 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some files in TEMP:
====================
2018-09-29 22:28 - 2018-09-29 22:28 - 040094224 _____ (Ellora Assets Corporation ) C:\Users\oldřich\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2018-11-16 18:23 - 2018-11-16 18:23 - 000192512 _____ () C:\Users\oldřich\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 18:56 - 2015-02-10 18:56 - 000105984 _____ () C:\Users\oldřich\AppData\Local\Temp\sfextra.dll

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\appidapi.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-03 08:14

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by oldřich (06-12-2018 19:03:03)
Running from C:\Users\oldřich\Desktop
Windows 8.1 (Update) (X64) (2018-09-02 23:27:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3829940882-3502807747-84982314-500 - Administrator - Disabled)
Guest (S-1-5-21-3829940882-3502807747-84982314-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3829940882-3502807747-84982314-1004 - Limited - Enabled)
oldřich (S-1-5-21-3829940882-3502807747-84982314-1001 - Administrator - Enabled) => C:\Users\oldřich

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Airflow 1.0.0-beta6 (HKLM-x32\...\Airflow) (Version: 1.0.0-beta6 - InMethod, s.r.o.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.0.917.103 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Eusing Free MP3 Cutter (HKLM-x32\...\Eusing Free MP3 Cutter) (Version: - )
Free AVI to MP4 Converter (32-bit) 1.2 (HKLM-x32\...\{55F62293-FD7F-4CF0-8097-8DE29EF66DC8}_is1) (Version: 1.2 - Jacek Pazera)
Free AVI to MP4 Converter 1.0 (HKLM-x32\...\{756DF96D-E40E-4B52-A53D-036E3D6AAB44}_is1) (Version: - PolySoft Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - Irfan Skiljan)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 63.0.3 (x64 cs)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
MP4 Converter 3 (HKLM-x32\...\MP4 Converter_is1) (Version: - Tomabo)
OpenOffice 4.1.5 (HKLM-x32\...\{2FEA9841-64DE-4FA5-A36F-1CD23E2790EB}) (Version: 4.15.9789 - Apache Software Foundation)
Seznam Software (HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
Skype verze 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Wondershare AllMyTube(Build 5.0.0.3) (HKLM-x32\...\AllMyTube_is1) (Version: 5.0.0.3 - Wondershare)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
World of Tanks (HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers1: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files (x86)\Tomabo\MP4 Converter\MP4C_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers1: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files (x86)\Tomabo\MP4 Converter\MP4P_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\PROGRA~2\TOTALV~1\TVCShellExtx64.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers6: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files (x86)\Tomabo\MP4 Converter\MP4C_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers6: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files (x86)\Tomabo\MP4 Converter\MP4P_WS.dll [2015-07-21] (Tomabo)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {27A13939-3712-41D3-8559-A2164FE2D9BD} - System32\Tasks\{576B81E5-DBBC-464F-82A9-F59EE703EA65} => C:\Windows\system32\pcalua.exe -a G:\instalace\manažéry\TotalComander650\tcmdr650.exe -d G:\instalace\manažéry\TotalComander650
Task: {3EF9DA0A-9CB7-44EA-BC3A-1A4E9D6EBC5E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {52A2BA6F-2218-4C6C-B2A2-917B2361A4C2} - System32\Tasks\{88BB4075-CDE1-4920-A443-5F07D09E1A1C} => C:\Windows\system32\pcalua.exe -a G:\instalace\manažéry\TotalComander652\tcmdr652.exe -d G:\instalace\manažéry\TotalComander652
Task: {70AB7D3F-CA75-40E0-87CD-035CD8ECEB6A} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-03] (AVAST Software)
Task: {80023563-0D15-4461-9B93-FD382C561ECE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-21] (AVAST Software)
Task: {861C0CEB-00BE-48AC-A7B2-6E1746ED8606} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-02] (Google Inc.)
Task: {9464F744-C473-4B5D-B9B0-6F70B184CB1B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {C06E9B50-1A3E-421B-BDB6-7D11164A26EA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {D0F27F2C-EB1C-4A58-B3E2-529DC8E8F6EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] ()
Task: {D570BF3C-6F3F-4F22-94AD-212CBDE67FA1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-02] (Google Inc.)
Task: {D7225496-DC29-4F0E-8781-25F0F4D9A7C2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-02] (AVAST Software)
Task: {DC4FABA5-1000-4126-B19A-648985510B44} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-03] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-07-04 20:33 - 2014-07-04 20:33 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 000814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-07-04 20:33 - 2014-07-04 20:33 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-12-02 21:46 - 2018-11-16 06:43 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
2018-12-02 21:46 - 2018-11-16 06:43 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll
2018-11-20 14:05 - 2018-11-20 14:05 - 026871808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll
2018-12-03 18:04 - 2018-12-03 18:04 - 031311872 _____ () C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.101\pepflashplayer.dll
2018-09-03 00:49 - 2018-09-03 00:49 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-21 13:22 - 2018-11-21 13:22 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-09-03 00:43 - 2018-11-09 19:57 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-11-16 18:16 - 2018-11-09 19:57 - 002381152 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2018-11-16 18:16 - 2018-11-09 19:57 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-11-16 18:16 - 2018-11-09 19:57 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-11-16 18:16 - 2018-11-09 19:57 - 000081864 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2018-09-25 20:41 - 2017-03-23 08:49 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2018-09-25 20:41 - 2016-07-21 09:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2018-09-03 00:43 - 2018-11-09 19:57 - 002723872 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-09-03 00:43 - 2018-11-09 19:57 - 000031776 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-11-16 18:16 - 2018-11-09 19:57 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-11-16 18:16 - 2018-11-09 19:57 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2018-11-15 18:48 - 000000826 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3829940882-3502807747-84982314-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\oldřich\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_20160830_155631.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{47C5AFD7-7C06-43C8-AFD3-AEC87A077AA8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CFF794E6-7114-4EB4-BB0B-8D5BA85C7D62}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1F53F198-0E1B-4497-9449-D048C374D171}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{52506540-54AF-4F52-B705-45AAC61EE65E}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AF7941E1-8CC3-4CA9-8F8A-A98CC2F26114}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{4CBA44BB-913E-4A62-9437-34AEB2435E27}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E07B31D8-A8CC-447D-BB5E-1AB61F44B563}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{FCD6E1CD-1C88-4DCC-906C-D4AFAC13DCBD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [TCP Query User{1FCF9EC1-0F5E-4CC5-A195-0E653FA1383A}C:\users\oldřich\downloads\odorik.exe] => (Allow) C:\users\oldřich\downloads\odorik.exe
FirewallRules: [UDP Query User{88026E05-3FAF-43EA-A9E4-0B72BE5A23A6}C:\users\oldřich\downloads\odorik.exe] => (Allow) C:\users\oldřich\downloads\odorik.exe
FirewallRules: [TCP Query User{A70CA720-6A6C-49C6-BF6E-1B5E873F48CE}C:\users\oldřich\desktop\odorik.exe] => (Allow) C:\users\oldřich\desktop\odorik.exe
FirewallRules: [UDP Query User{EC0CE601-BECB-4BEA-BD96-54255AA8B2E3}C:\users\oldřich\desktop\odorik.exe] => (Allow) C:\users\oldřich\desktop\odorik.exe
FirewallRules: [TCP Query User{1C3CB269-E00B-4AEB-8443-488241435E57}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{FA8BC68D-75D5-47C4-84B2-41A8F2AEADE0}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{E886934A-CB4A-46CE-91F2-40715C6BF21E}C:\program files (x86)\airflow\airflow.exe] => (Allow) C:\program files (x86)\airflow\airflow.exe
FirewallRules: [UDP Query User{D813C402-7206-4BB8-8D46-741C5CAE19CB}C:\program files (x86)\airflow\airflow.exe] => (Allow) C:\program files (x86)\airflow\airflow.exe
FirewallRules: [{2ECBB3F1-43A8-43C1-A7AA-672DF1295244}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{762DCA34-D993-4D76-98DE-8BF9A97E6592}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{DCB28BAC-2318-4572-A2DC-BC93890F9211}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{6A8F7677-FF92-46A2-B744-CB74C04E1405}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{1208D8A3-A9C1-48AF-B70C-22AF809194FE}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{BD0DE790-3E5E-431E-8E1E-AF96F9A7364B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Converter\MP4Downloader.exe] => Enabled:MP4 Downloader

==================== Restore Points =========================

27-11-2018 12:59:45 Naplánovaný kontrolní bod
05-12-2018 13:38:13 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2018 06:52:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/06/2018 06:52:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/06/2018 06:36:23 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (3664) Instance: Při zotavení či obnovení databáze došlo k neočekávané chybě -501.

Error: (12/06/2018 06:36:23 PM) (Source: ESENT) (EventID: 465) (User: )
Description: svchost (3664) Instance: Při částečném obnovení byl zjištěn poškozený soubor protokolu C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Záznam s chybou kontrolního součtu je umístěn na pozici END. Data neodpovídající záznamům protokolu se poprvé vyskytla v sektoru 201 (0x000000C9). Soubor je poškozený a nelze jej použít.

Error: (12/06/2018 06:36:23 PM) (Source: ESENT) (EventID: 477) (User: )
Description: svchost (3664) Instance: Ověření načtení rozsahu protokolu ze souboru C:\ProgramData\Microsoft\Windows\AppRepository\edb.log s posunem 823296 (0x00000000000c9000) o 4096 (0x00001000) bajtů se nezdařilo. Došlo k neshodě kontrolního součtu rozsahu. Byl očekáván kontrolní součet 9145967595214551246 (0x7eed011207ff38ce), ale skutečný kontrolní součet byl 9145967595214551246 (0x7eed011207ff38ce). Operace čtení se nezdaří a dojde k chybě -501 (0xfffffe0b). Pokud tento stav potrvá, obnovte soubor protokolu z předchozí zálohy.

Error: (12/06/2018 06:36:23 PM) (Source: ESENT) (EventID: 465) (User: )
Description: svchost (3664) Instance: Při částečném obnovení byl zjištěn poškozený soubor protokolu C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Záznam s chybou kontrolního součtu je umístěn na pozici END. Data neodpovídající záznamům protokolu se poprvé vyskytla v sektoru 201 (0x000000C9). Soubor je poškozený a nelze jej použít.

Error: (12/06/2018 06:36:23 PM) (Source: ESENT) (EventID: 477) (User: )
Description: svchost (3664) Instance: Ověření načtení rozsahu protokolu ze souboru C:\ProgramData\Microsoft\Windows\AppRepository\edb.log s posunem 823296 (0x00000000000c9000) o 4096 (0x00001000) bajtů se nezdařilo. Došlo k neshodě kontrolního součtu rozsahu. Byl očekáván kontrolní součet 9145967595214551246 (0x7eed011207ff38ce), ale skutečný kontrolní součet byl 9145967595214551246 (0x7eed011207ff38ce). Operace čtení se nezdaří a dojde k chybě -501 (0xfffffe0b). Pokud tento stav potrvá, obnovte soubor protokolu z předchozí zálohy.

Error: (12/06/2018 06:36:23 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (3664) Instance: Při zotavení či obnovení databáze došlo k neočekávané chybě -501.


System errors:
=============
Error: (12/06/2018 06:59:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Windows Store (WSService) byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (12/06/2018 06:54:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Store (WSService) byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 300000 milisekund: Restartovat službu.

Error: (12/06/2018 06:52:08 PM) (Source: DCOM) (EventID: 10001) (User: OLDA)
Description: Nelze spustit server DCOM: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
15612
při provádění příkazu:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server

Error: (12/06/2018 06:52:08 PM) (Source: DCOM) (EventID: 10001) (User: OLDA)
Description: Nelze spustit server DCOM: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
15612
při provádění příkazu:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server

Error: (12/06/2018 06:52:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Store (WSService) byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (12/06/2018 06:41:21 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby AppX Deployment Service (AppXSVC), ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (12/06/2018 06:38:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby AppX Deployment Service (AppXSVC), ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (12/06/2018 06:36:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Windows Store (WSService) byla neočekávaně ukončena. Tento stav nastal již 7krát.


Windows Defender:
===================================
Date: 2018-09-03 01:49:17.541
Description:
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Systém kontroly sítě
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2018-12-01 11:34:18.327
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:18.023
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:17.755
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:17.487
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:17.222
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:16.925
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:16.643
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:16.378
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 74%
Total physical RAM: 8191.18 MB
Available physical RAM: 2108.45 MB
Total Virtual: 16383.18 MB
Available Virtual: 8909.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:806.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C0B93A2A)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: PC podezření na zavirování.

Napsal: 06 pro 2018 20:19
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
C:\Windows\System32\Tasks\{88BB4075-CDE1-4920-A443-5F07D09E1A1C}
C:\Windows\System32\Tasks\{576B81E5-DBBC-464F-82A9-F59EE703EA65}
C:\Users\oldřich\AppData\Local\Temp
C:\Windows\SysWOW64\appidapi.dll
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\PROGRA~2\TOTALV~1\TVCShellExtx64.dll -> No File
Task: {52A2BA6F-2218-4C6C-B2A2-917B2361A4C2} - System32\Tasks\{88BB4075-CDE1-4920-A443-5F07D09E1A1C} => C:\Windows\system32\pcalua.exe -a G:\instalace\manažéry\TotalComander652\tcmdr652.exe -d G:\instalace\manažéry\TotalComander652
Task: {861C0CEB-00BE-48AC-A7B2-6E1746ED8606} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-02] (Google Inc.)
Task: {D570BF3C-6F3F-4F22-94AD-212CBDE67FA1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-02] (Google Inc.)

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: PC podezření na zavirování.

Napsal: 06 pro 2018 21:02
od gold
Fix result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by oldřich (06-12-2018 20:46:24) Run:1
Running from C:\Users\oldřich\Desktop
Loaded Profiles: oldřich (Available Profiles: oldřich)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
C:\Windows\System32\Tasks\{88BB4075-CDE1-4920-A443-5F07D09E1A1C}
C:\Windows\System32\Tasks\{576B81E5-DBBC-464F-82A9-F59EE703EA65}
C:\Users\old�ich\AppData\Local\Temp
C:\Windows\SysWOW64\appidapi.dll
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\PROGRA~2\TOTALV~1\TVCShellExtx64.dll -> No File
Task: {52A2BA6F-2218-4C6C-B2A2-917B2361A4C2} - System32\Tasks\{88BB4075-CDE1-4920-A443-5F07D09E1A1C} => C:\Windows\system32\pcalua.exe -a G:\instalace\mana��ry\TotalComander652\tcmdr652.exe -d G:\instalace\mana��ry\TotalComander652
Task: {861C0CEB-00BE-48AC-A7B2-6E1746ED8606} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-02] (Google Inc.)
Task: {D570BF3C-6F3F-4F22-94AD-212CBDE67FA1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-02] (Google Inc.)

EmptyTemp:
End
*****************

Processes closed successfully.
C:\Windows\System32\Tasks\{88BB4075-CDE1-4920-A443-5F07D09E1A1C} => moved successfully
C:\Windows\System32\Tasks\{576B81E5-DBBC-464F-82A9-F59EE703EA65} => moved successfully
"C:\Users\old�ich\AppData\Local\Temp" => not found
C:\Windows\SysWOW64\appidapi.dll => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\TVCShellExt => removed successfully
HKLM\Software\Classes\CLSID\{4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52A2BA6F-2218-4C6C-B2A2-917B2361A4C2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52A2BA6F-2218-4C6C-B2A2-917B2361A4C2}" => removed successfully
"C:\Windows\System32\Tasks\{88BB4075-CDE1-4920-A443-5F07D09E1A1C}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{88BB4075-CDE1-4920-A443-5F07D09E1A1C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{861C0CEB-00BE-48AC-A7B2-6E1746ED8606}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{861C0CEB-00BE-48AC-A7B2-6E1746ED8606}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D570BF3C-6F3F-4F22-94AD-212CBDE67FA1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D570BF3C-6F3F-4F22-94AD-212CBDE67FA1}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15545235 B
Java, Flash, Steam htmlcache => 2363 B
Windows/system/drivers => 12865291 B
Edge => 0 B
Chrome => 625655479 B
Firefox => 1077404498 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 249229 B
systemprofile32 => 0 B
LocalService => 110036 B
NetworkService => 0 B
oldřich => 479270815 B

RecycleBin => 52080813136 B
EmptyTemp: => 50.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:49:31 ====

Re: PC podezření na zavirování.

Napsal: 06 pro 2018 21:03
od Rudy
Smazáno, log již by měl být OK.

Re: PC podezření na zavirování.

Napsal: 06 pro 2018 21:12
od gold
Ok děkuji, přeji hezký večer.

Re: PC podezření na zavirování.

Napsal: 06 pro 2018 21:14
od gold
mám poslat ještě log?

Re: PC podezření na zavirování.

Napsal: 06 pro 2018 21:53
od gold
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by oldřich (administrator) on OLDA (06-12-2018 21:49:18)
Running from C:\Users\oldřich\Desktop
Loaded Profiles: oldřich (Available Profiles: oldřich)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Wargaming.net) C:\Games\World_of_Tanks\WargamingGameUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(C. Ghisler & Co.) C:\totalcmd\TOTALCMD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-21] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1069296 2018-03-27] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Technologies S.A.)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [AvastBrowserAutoLaunch_D94630ADFD9E294522375000616C5DA7] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1819312 2018-11-16] (AVAST Software)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [World of Tanks] => C:\Games\World_of_Tanks\WargamingGameUpdater.exe [3139936 2018-06-25] (Wargaming.net)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\oldřich\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] ()
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\oldřich\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] ()
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-08-24] (Piriform Ltd)
HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\Run: [GoogleChromeAutoLaunch_FE6A20CA7E40AA098E515C3A3E39A34B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589080 2018-11-16] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2B5E2A4C-36C6-4596-B56D-BC3F15599931}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: hac9qjf3.default
FF ProfilePath: C:\Users\oldřich\AppData\Roaming\Mozilla\Firefox\Profiles\hac9qjf3.default [2018-12-06]
FF Homepage: Mozilla\Firefox\Profiles\hac9qjf3.default -> hxxps://cz2.herozerogame.com/|hxxps://s1-cz.tanoth.gameforge.com/
FF NewTab: Mozilla\Firefox\Profiles\hac9qjf3.default -> about:newtab
FF NewTabOverride: Mozilla\Firefox\Profiles\hac9qjf3.default -> Enabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\oldřich\AppData\Roaming\Mozilla\Firefox\Profiles\hac9qjf3.default\Extensions\sp@avast.com.xpi [2018-11-15]
FF Extension: (Avast Online Security) - C:\Users\oldřich\AppData\Roaming\Mozilla\Firefox\Profiles\hac9qjf3.default\Extensions\wrc@avast.com.xpi [2018-11-21]
FF SearchPlugin: C:\Users\oldřich\AppData\Roaming\Mozilla\Firefox\Profiles\hac9qjf3.default\searchplugins\google-avast.xml [2018-09-19]
FF HKLM-x32\...\Firefox\Extensions: [{8B1E27AE-119E-456b-B22E-08C61FACB097}] - C:\Program Files (x86)\Tomabo\MP4 Converter\MP4D_FF.xpi
FF Extension: (MP4 Downloader Extension) - C:\Program Files (x86)\Tomabo\MP4 Converter\MP4D_FF.xpi [2016-07-26] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] ()
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.myfreezoo.cz/game/","hxxps://s1-cz. ... ogame.com/"
CHR Profile: C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default [2018-12-06]
CHR Extension: (Překladač Google) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-09-03]
CHR Extension: (Prezentace) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-03]
CHR Extension: (Dokumenty) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-03]
CHR Extension: (Disk Google) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-03]
CHR Extension: (YouTube) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-03]
CHR Extension: (Adblock Plus) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-04]
CHR Extension: (Aliexpress SuperStar) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2018-11-30]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2018-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-09-07]
CHR Extension: (Spyware Terminator Internet Guard) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\elbjpfdfllhaioofjgmiaekihidancnc [2018-09-03]
CHR Extension: (uBlock) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-11-23]
CHR Extension: (Tabulky) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-03]
CHR Extension: (CastBuddy) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghagedffjalchgcgdgfindabkpnmalel [2018-10-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-03]
CHR Extension: (Reklamy blokátor pro YouTube ™) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2018-09-03]
CHR Extension: (FormApps Extension) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2018-09-03]
CHR Extension: (PlayTo for Chromecast™) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngkenaoceimiimeokpdbmejeonaaami [2018-09-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-03]
CHR Extension: (Gmail) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-03]
CHR Extension: (Chrome Media Router) - C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-03]
CHR Profile: C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-21] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-03] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-21] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-03] (AVAST Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S3 WSService; C:\Windows\System32\WSService.dll [3460472 2014-11-21] (Microsoft Corporation) [File not signed]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\Windows\system32\DRIVERS\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-11-21] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-21] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-11-21] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-11-21] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-11-21] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-11-26] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-11-21] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-11-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-11-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-11-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-11-21] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-11-21] (AVAST Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-06 20:46 - 2018-12-06 20:49 - 000004011 _____ C:\Users\oldřich\Desktop\Fixlog.txt
2018-12-06 19:03 - 2018-12-06 19:04 - 000026978 _____ C:\Users\oldřich\Desktop\Addition.txt
2018-12-06 19:02 - 2018-12-06 21:50 - 000016293 _____ C:\Users\oldřich\Desktop\FRST.txt
2018-12-06 01:21 - 2018-12-06 01:39 - 336434972 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x07 - Vlna zločinu.avi
2018-12-05 22:49 - 2018-12-05 23:11 - 389404528 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x06 - Pekelná noc.avi
2018-12-05 22:36 - 2018-12-05 22:40 - 974273526 _____ C:\Users\oldřich\Downloads\857 Ordinace v růžové zahradě 2 - 857.mkv
2018-12-05 22:34 - 2018-12-05 22:49 - 256114422 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x05 - Nezákonně.avi
2018-12-05 22:10 - 2018-12-05 22:14 - 434652027 _____ C:\Users\oldřich\Downloads\857 Ordinace v růžové zahradě 2 - 857.mkv.crdownload
2018-12-05 15:46 - 2018-12-05 15:46 - 000000000 ____D C:\AdwCleaner
2018-12-05 15:44 - 2018-12-05 15:44 - 007321808 _____ (Malwarebytes) C:\Users\oldřich\Downloads\adwcleaner_7.2.5.0.exe
2018-12-05 15:44 - 2018-12-05 15:44 - 007321808 _____ (Malwarebytes) C:\Users\oldřich\Desktop\adwcleaner_7.2.5.0.exe
2018-12-05 13:38 - 2018-12-05 13:38 - 000000000 __SHD C:\found.003
2018-12-05 12:34 - 2018-12-05 12:34 - 000025752 _____ C:\Users\oldřich\Downloads\Addition.txt
2018-12-05 12:33 - 2018-12-06 21:49 - 000000000 ____D C:\FRST
2018-12-05 12:33 - 2018-12-05 12:34 - 000037867 _____ C:\Users\oldřich\Downloads\FRST.txt
2018-12-05 12:29 - 2018-12-05 12:29 - 002417152 _____ (Farbar) C:\Users\oldřich\Desktop\FRST64.exe
2018-12-05 12:22 - 2018-12-05 12:22 - 000287904 _____ C:\Windows\Minidump\120518-15578-01.dmp
2018-12-03 19:49 - 2018-12-03 20:10 - 387909423 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x04 - Blesková vražda.avi
2018-12-02 23:10 - 2018-12-02 23:39 - 313053114 _____ C:\Users\oldřich\Downloads\Kriminálka Miami 03x03 - Pod vlivem.avi
2018-12-02 21:46 - 2018-12-02 21:46 - 000002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-02 21:46 - 2018-12-02 21:46 - 000002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-02 21:29 - 2018-12-02 21:33 - 880199389 _____ C:\Users\oldřich\Downloads\856 Ordinace v růžové zahradě 2 - 856.mp4
2018-12-01 21:40 - 2018-12-01 21:40 - 000279656 _____ C:\Windows\Minidump\120118-16343-01.dmp
2018-12-01 15:26 - 2018-12-01 15:26 - 001130840 _____ (Google Inc.) C:\Users\oldřich\Downloads\ChromeSetup.exe
2018-11-30 18:42 - 2018-11-30 18:42 - 000287736 _____ C:\Windows\Minidump\113018-15250-01.dmp
2018-11-29 22:38 - 2018-11-29 22:44 - 1305274092 _____ C:\Users\oldřich\Downloads\Ready Player One - Hra zacina (2018 BluRay 720p AC3 - CZ dabing).mkv
2018-11-29 19:52 - 2018-11-29 19:53 - 476377286 _____ C:\Users\oldřich\Downloads\Modrý kód 139-Polibek brouka-28.11.18.avi
2018-11-21 17:59 - 2018-11-21 17:59 - 000279600 _____ C:\Windows\Minidump\112118-22843-01.dmp
2018-11-21 13:23 - 2018-11-21 13:22 - 000378584 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-11-16 18:23 - 2018-11-16 18:24 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-11-16 18:23 - 2018-11-16 18:23 - 000001019 _____ C:\Users\oldřich\Desktop\SpeedFan.lnk
2018-11-16 18:23 - 2018-11-16 18:23 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2018-11-16 18:23 - 2018-11-16 18:23 - 000000000 ____D C:\Users\oldřich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2018-11-16 18:18 - 2018-11-16 18:18 - 000009216 ___SH C:\Users\oldřich\Downloads\Thumbs.db
2018-11-14 12:14 - 2018-10-25 01:54 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-14 12:14 - 2018-10-25 01:51 - 000121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-14 12:14 - 2018-10-25 01:46 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-14 12:14 - 2018-10-25 01:45 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-14 12:14 - 2018-10-18 03:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-14 12:14 - 2018-10-18 03:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-14 12:14 - 2018-10-16 04:46 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-14 12:14 - 2018-10-16 04:39 - 002171800 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-11-14 12:14 - 2018-10-16 04:39 - 001662504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-14 12:14 - 2018-10-16 04:39 - 001063368 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2018-11-14 12:14 - 2018-10-16 04:18 - 001137472 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-14 12:14 - 2018-10-16 04:02 - 001563584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-11-14 12:14 - 2018-10-16 04:02 - 001214920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-14 12:14 - 2018-10-12 21:35 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-14 12:14 - 2018-10-12 21:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-14 12:14 - 2018-10-12 21:25 - 000189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-14 12:14 - 2018-10-12 21:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-14 12:14 - 2018-10-12 21:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-14 12:14 - 2018-10-12 21:16 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-14 12:14 - 2018-10-12 21:16 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-14 12:14 - 2018-10-12 21:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-14 12:14 - 2018-10-12 21:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-11-14 12:14 - 2018-10-12 20:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-14 12:14 - 2018-10-12 20:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-14 12:14 - 2018-10-12 20:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-14 12:14 - 2018-10-12 20:51 - 000267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2018-11-14 12:14 - 2018-10-12 20:47 - 001049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-11-14 12:14 - 2018-10-12 20:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-14 12:14 - 2018-10-12 20:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-14 12:14 - 2018-10-12 20:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-14 12:14 - 2018-10-12 03:16 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-14 12:14 - 2018-10-12 03:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-14 12:14 - 2018-10-12 03:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-14 12:14 - 2018-10-12 03:10 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-14 12:14 - 2018-10-12 03:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-14 12:14 - 2018-10-12 02:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-14 12:14 - 2018-10-12 02:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-14 12:14 - 2018-10-12 02:58 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-14 12:14 - 2018-10-12 02:58 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-14 12:14 - 2018-10-12 02:35 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-11-14 12:14 - 2018-10-12 02:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-14 12:14 - 2018-10-12 02:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-14 12:14 - 2018-10-12 02:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-14 12:14 - 2018-10-12 02:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-14 12:14 - 2018-10-12 02:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-14 12:14 - 2018-10-12 02:17 - 000809984 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-14 12:14 - 2018-10-12 02:12 - 002882048 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-11-14 12:14 - 2018-10-12 02:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-14 12:14 - 2018-10-12 01:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-14 12:14 - 2018-10-06 19:14 - 001547192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-11-14 12:14 - 2018-10-06 19:14 - 000388536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-11-14 12:14 - 2018-10-06 19:04 - 001308976 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-14 12:14 - 2018-10-06 19:03 - 000356288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-14 12:14 - 2018-10-06 17:48 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-14 12:14 - 2018-10-06 16:41 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-14 12:14 - 2018-10-06 16:34 - 002175488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-14 12:14 - 2018-10-06 16:32 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-14 12:14 - 2018-09-28 14:38 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-11-14 12:14 - 2018-09-28 14:34 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-11-14 12:14 - 2018-09-23 17:47 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-14 12:14 - 2018-09-23 17:45 - 000468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-14 12:14 - 2018-09-23 17:45 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-14 12:14 - 2018-09-23 17:37 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-14 12:14 - 2018-09-23 17:24 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-14 12:14 - 2018-09-23 17:23 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-14 12:14 - 2018-09-23 17:23 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-14 12:14 - 2018-09-23 17:20 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-14 12:14 - 2018-09-23 17:17 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-14 12:14 - 2018-09-23 17:00 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-14 12:14 - 2018-09-23 17:00 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-14 12:14 - 2018-09-23 16:58 - 000904192 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-14 12:14 - 2018-09-23 16:56 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-14 12:14 - 2018-09-23 16:53 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-14 12:14 - 2018-09-23 16:51 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-14 12:14 - 2018-09-23 16:50 - 000709632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-14 12:14 - 2018-09-12 19:30 - 000137008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-11-14 12:14 - 2018-09-11 16:30 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-11-14 12:14 - 2018-08-26 04:38 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-11-14 12:14 - 2018-08-26 04:38 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-11-14 12:14 - 2018-08-26 04:21 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-11-14 12:14 - 2018-08-26 04:21 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-11-14 12:14 - 2018-08-26 02:45 - 000513448 _____ C:\Windows\SysWOW64\locale.nls
2018-11-14 12:14 - 2018-08-26 02:45 - 000513448 _____ C:\Windows\system32\locale.nls
2018-11-14 12:14 - 2018-08-21 14:39 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-14 12:14 - 2018-08-21 14:35 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-14 12:14 - 2018-08-19 17:22 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-14 12:14 - 2018-08-19 16:52 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-14 12:14 - 2018-08-19 16:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-12 22:23 - 2018-11-12 22:26 - 671317184 _____ C:\Users\oldřich\Downloads\31s.cz - Jízda.avi
2018-11-12 22:12 - 2018-11-12 22:22 - 1746258464 _____ C:\Users\oldřich\Downloads\31s.cz - Restart.mkv
2018-11-11 22:31 - 2018-11-11 23:50 - 876217726 _____ C:\Users\oldřich\Downloads\John Wick 1 - Akční 2014 CZdab (dublsoft).mp4
2018-11-07 01:30 - 2018-11-07 01:31 - 002425125 _____ C:\Users\oldřich\Downloads\videoplayback.m4a

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-06 21:47 - 2018-09-03 00:34 - 000003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D300AD43-1DAD-4CA1-BFE2-4610B487236A}
2018-12-06 21:02 - 2018-09-10 22:23 - 000000000 ____D C:\Users\oldřich\AppData\Roaming\Seznam.cz
2018-12-06 20:58 - 2018-09-03 00:33 - 000000000 ___DO C:\Users\oldřich\OneDrive
2018-12-06 20:57 - 2018-09-06 09:40 - 000000000 ____D C:\Users\oldřich\AppData\Local\CrashDumps
2018-12-06 20:56 - 2018-09-27 09:30 - 000033792 ___SH C:\Users\oldřich\Desktop\Thumbs.db
2018-12-06 20:54 - 2013-08-22 15:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-06 20:52 - 2013-08-22 14:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-12-06 16:44 - 2018-09-03 00:59 - 000000000 ____D C:\Users\oldřich\AppData\LocalLow\Mozilla
2018-12-06 15:00 - 2013-08-22 16:20 - 000000000 ____D C:\Windows\CbsTemp
2018-12-06 14:13 - 2018-09-03 00:49 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-12-06 14:13 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\NDF
2018-12-06 13:59 - 2013-08-22 14:36 - 000000000 ____D C:\Windows\Inf
2018-12-06 02:26 - 2018-09-25 18:12 - 000000000 ____D C:\Users\oldřich\AppData\Roaming\vlc
2018-12-05 15:47 - 2018-09-03 00:27 - 000000000 ____D C:\Users\oldřich
2018-12-05 15:45 - 2018-09-05 09:51 - 000030352 _____ C:\Users\oldřich\Desktop\ZOO.ods_0.ods
2018-12-05 12:22 - 2018-09-25 17:47 - 597067036 _____ C:\Windows\MEMORY.DMP
2018-12-05 12:22 - 2018-09-03 14:58 - 000000000 ____D C:\Windows\Minidump
2018-12-04 16:51 - 2018-09-03 00:37 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3829940882-3502807747-84982314-1001
2018-12-03 16:00 - 2014-11-21 05:53 - 001661154 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-03 16:00 - 2014-11-21 05:10 - 000705162 _____ C:\Windows\system32\perfh005.dat
2018-12-03 16:00 - 2014-11-21 05:10 - 000143922 _____ C:\Windows\system32\perfc005.dat
2018-12-02 21:46 - 2018-09-03 00:37 - 000000000 ____D C:\Program Files (x86)\Google
2018-12-02 21:27 - 2018-09-08 16:36 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-12-01 00:43 - 2018-09-05 12:26 - 000835688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-12-01 00:43 - 2018-09-05 12:26 - 000179808 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-30 18:54 - 2018-09-03 00:34 - 000000000 __SHD C:\Users\oldřich\AppData\LocalLow\EmieUserList
2018-11-30 18:54 - 2018-09-03 00:34 - 000000000 __SHD C:\Users\oldřich\AppData\LocalLow\EmieSiteList
2018-11-30 18:54 - 2018-09-03 00:34 - 000000000 __SHD C:\Users\oldřich\AppData\Local\EmieUserList
2018-11-30 18:54 - 2018-09-03 00:34 - 000000000 __SHD C:\Users\oldřich\AppData\Local\EmieSiteList
2018-11-30 18:46 - 2018-09-03 00:49 - 000000000 ____D C:\Users\oldřich\AppData\Local\AVAST Software
2018-11-30 18:32 - 2018-09-19 14:15 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-11-30 18:32 - 2018-09-07 23:32 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-30 18:32 - 2018-09-03 19:27 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-11-30 18:32 - 2018-09-03 01:06 - 000004524 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-30 18:32 - 2018-09-03 01:06 - 000004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-26 17:24 - 2018-09-03 00:48 - 000239840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-11-23 21:46 - 2018-09-03 00:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-23 21:46 - 2018-09-03 00:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-22 22:57 - 2018-09-03 00:51 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-11-22 22:57 - 2018-09-03 00:51 - 000002406 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-11-21 20:30 - 2018-09-03 00:59 - 000000924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-21 13:22 - 2018-10-23 19:49 - 000042288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 001028680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000469272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000380464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000346592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000230344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000208472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000201768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000201240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000163208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000111800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000087432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000059496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-11-21 13:22 - 2018-09-03 00:48 - 000046384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-11-20 14:05 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-11-20 14:05 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-17 23:26 - 2018-09-04 20:36 - 000019593 _____ C:\Users\oldřich\Desktop\POZNÁMKY.odt
2018-11-17 17:32 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\rescache
2018-11-16 18:16 - 2018-09-03 00:43 - 000001322 _____ C:\Users\Public\Desktop\Skype.lnk
2018-11-16 18:16 - 2018-09-03 00:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-11-16 18:14 - 2013-08-22 15:44 - 000387064 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-16 08:39 - 2018-09-07 23:32 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-14 14:41 - 2018-09-05 11:07 - 000000000 ____D C:\Windows\system32\MRT
2018-11-14 14:38 - 2018-09-05 11:07 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-03 08:14

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by oldřich (06-12-2018 21:52:09)
Running from C:\Users\oldřich\Desktop
Windows 8.1 (Update) (X64) (2018-09-02 23:27:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3829940882-3502807747-84982314-500 - Administrator - Disabled)
Guest (S-1-5-21-3829940882-3502807747-84982314-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3829940882-3502807747-84982314-1004 - Limited - Enabled)
oldřich (S-1-5-21-3829940882-3502807747-84982314-1001 - Administrator - Enabled) => C:\Users\oldřich

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Airflow 1.0.0-beta6 (HKLM-x32\...\Airflow) (Version: 1.0.0-beta6 - InMethod, s.r.o.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.0.917.103 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Eusing Free MP3 Cutter (HKLM-x32\...\Eusing Free MP3 Cutter) (Version: - )
Free AVI to MP4 Converter (32-bit) 1.2 (HKLM-x32\...\{55F62293-FD7F-4CF0-8097-8DE29EF66DC8}_is1) (Version: 1.2 - Jacek Pazera)
Free AVI to MP4 Converter 1.0 (HKLM-x32\...\{756DF96D-E40E-4B52-A53D-036E3D6AAB44}_is1) (Version: - PolySoft Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - Irfan Skiljan)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 63.0.3 (x64 cs)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.2 - Mozilla)
MP4 Converter 3 (HKLM-x32\...\MP4 Converter_is1) (Version: - Tomabo)
OpenOffice 4.1.5 (HKLM-x32\...\{2FEA9841-64DE-4FA5-A36F-1CD23E2790EB}) (Version: 4.15.9789 - Apache Software Foundation)
Seznam Software (HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
Skype verze 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Wondershare AllMyTube(Build 5.0.0.3) (HKLM-x32\...\AllMyTube_is1) (Version: 5.0.0.3 - Wondershare)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
World of Tanks (HKU\S-1-5-21-3829940882-3502807747-84982314-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers1: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files (x86)\Tomabo\MP4 Converter\MP4C_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers1: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files (x86)\Tomabo\MP4 Converter\MP4P_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-21] (AVAST Software)
ContextMenuHandlers6: [Tomabo.MP4Converter] -> {67A979E9-C5A6-4C0F-B0B7-FB516406FA9E} => C:\Program Files (x86)\Tomabo\MP4 Converter\MP4C_WS.dll [2015-07-21] (Tomabo)
ContextMenuHandlers6: [Tomabo.MP4Player] -> {DA4F8B8B-91CF-43AD-BB0B-B52BF770DA3E} => C:\Program Files (x86)\Tomabo\MP4 Converter\MP4P_WS.dll [2015-07-21] (Tomabo)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {27A13939-3712-41D3-8559-A2164FE2D9BD} - \{576B81E5-DBBC-464F-82A9-F59EE703EA65} -> No File <==== ATTENTION
Task: {3EF9DA0A-9CB7-44EA-BC3A-1A4E9D6EBC5E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {70AB7D3F-CA75-40E0-87CD-035CD8ECEB6A} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-03] (AVAST Software)
Task: {80023563-0D15-4461-9B93-FD382C561ECE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-21] (AVAST Software)
Task: {9464F744-C473-4B5D-B9B0-6F70B184CB1B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {C06E9B50-1A3E-421B-BDB6-7D11164A26EA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {D0F27F2C-EB1C-4A58-B3E2-529DC8E8F6EC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] ()
Task: {D7225496-DC29-4F0E-8781-25F0F4D9A7C2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-02] (AVAST Software)
Task: {DC4FABA5-1000-4126-B19A-648985510B44} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-03] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-07-04 20:33 - 2014-07-04 20:33 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 000814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 003650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2018-12-02 21:46 - 2018-11-16 06:43 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
2018-12-02 21:46 - 2018-11-16 06:43 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll
2018-12-03 18:04 - 2018-12-03 18:04 - 031311872 _____ () C:\Users\oldřich\AppData\Local\Google\Chrome\User Data\PepperFlash\32.0.0.101\pepflashplayer.dll
2014-07-04 20:33 - 2014-07-04 20:33 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-09-03 00:49 - 2018-09-03 00:49 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-21 13:22 - 2018-11-21 13:22 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-09-03 00:43 - 2018-11-09 19:57 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-11-16 18:16 - 2018-11-09 19:57 - 002381152 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2018-11-16 18:16 - 2018-11-09 19:57 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-11-16 18:16 - 2018-11-09 19:57 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-11-16 18:16 - 2018-11-09 19:57 - 000081864 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2018-09-25 20:41 - 2017-03-23 08:49 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2018-09-25 20:41 - 2016-07-21 09:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2018-09-03 00:43 - 2018-11-09 19:57 - 002723872 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-09-03 00:43 - 2018-11-09 19:57 - 000031776 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-11-16 18:16 - 2018-11-09 19:57 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-11-16 18:16 - 2018-11-09 19:57 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2018-11-15 18:48 - 000000826 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3829940882-3502807747-84982314-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\oldřich\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_20160830_155631.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{47C5AFD7-7C06-43C8-AFD3-AEC87A077AA8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CFF794E6-7114-4EB4-BB0B-8D5BA85C7D62}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1F53F198-0E1B-4497-9449-D048C374D171}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{52506540-54AF-4F52-B705-45AAC61EE65E}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AF7941E1-8CC3-4CA9-8F8A-A98CC2F26114}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{4CBA44BB-913E-4A62-9437-34AEB2435E27}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E07B31D8-A8CC-447D-BB5E-1AB61F44B563}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{FCD6E1CD-1C88-4DCC-906C-D4AFAC13DCBD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [TCP Query User{1FCF9EC1-0F5E-4CC5-A195-0E653FA1383A}C:\users\oldřich\downloads\odorik.exe] => (Allow) C:\users\oldřich\downloads\odorik.exe
FirewallRules: [UDP Query User{88026E05-3FAF-43EA-A9E4-0B72BE5A23A6}C:\users\oldřich\downloads\odorik.exe] => (Allow) C:\users\oldřich\downloads\odorik.exe
FirewallRules: [TCP Query User{A70CA720-6A6C-49C6-BF6E-1B5E873F48CE}C:\users\oldřich\desktop\odorik.exe] => (Allow) C:\users\oldřich\desktop\odorik.exe
FirewallRules: [UDP Query User{EC0CE601-BECB-4BEA-BD96-54255AA8B2E3}C:\users\oldřich\desktop\odorik.exe] => (Allow) C:\users\oldřich\desktop\odorik.exe
FirewallRules: [TCP Query User{1C3CB269-E00B-4AEB-8443-488241435E57}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{FA8BC68D-75D5-47C4-84B2-41A8F2AEADE0}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{E886934A-CB4A-46CE-91F2-40715C6BF21E}C:\program files (x86)\airflow\airflow.exe] => (Allow) C:\program files (x86)\airflow\airflow.exe
FirewallRules: [UDP Query User{D813C402-7206-4BB8-8D46-741C5CAE19CB}C:\program files (x86)\airflow\airflow.exe] => (Allow) C:\program files (x86)\airflow\airflow.exe
FirewallRules: [{2ECBB3F1-43A8-43C1-A7AA-672DF1295244}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{762DCA34-D993-4D76-98DE-8BF9A97E6592}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{DCB28BAC-2318-4572-A2DC-BC93890F9211}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{6A8F7677-FF92-46A2-B744-CB74C04E1405}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{1208D8A3-A9C1-48AF-B70C-22AF809194FE}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{BD0DE790-3E5E-431E-8E1E-AF96F9A7364B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Converter\MP4Downloader.exe] => Enabled:MP4 Downloader

==================== Restore Points =========================

27-11-2018 12:59:45 Naplánovaný kontrolní bod
05-12-2018 13:38:13 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2018 09:19:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/06/2018 09:19:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/06/2018 09:08:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/06/2018 09:08:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/06/2018 09:08:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (12/06/2018 08:57:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program wszndesktop.exe.

Program: wszndesktop.exe
Soubor:

Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.

Další údaje
Hodnota chyby: 00000000
Typ disku: 0

Error: (12/06/2018 08:57:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wszndesktop.exe, verze: 0.0.0.0, časové razítko: 0x55645b41
Název chybujícího modulu: ntdll.dll, verze: 6.3.9600.18895, časové razítko: 0x5a4b127e
Kód výjimky: 0xc000012f
Posun chyby: 0x0009d4e2
ID chybujícího procesu: 0x12e0
Čas spuštění chybující aplikace: 0x01d48d9ddd80098b
Cesta k chybující aplikaci: C:\Users\oldřich\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 2c23b68e-f991-11e8-827f-d43d7e5271ef
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/06/2018 08:55:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OLDA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.


System errors:
=============
Error: (12/06/2018 09:19:31 PM) (Source: DCOM) (EventID: 10001) (User: OLDA)
Description: Nelze spustit server DCOM: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
15612
při provádění příkazu:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server

Error: (12/06/2018 09:19:31 PM) (Source: DCOM) (EventID: 10001) (User: OLDA)
Description: Nelze spustit server DCOM: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
15612
při provádění příkazu:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server

Error: (12/06/2018 09:19:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Windows Store (WSService) byla neočekávaně ukončena. Tento stav nastal již 8krát.

Error: (12/06/2018 09:08:04 PM) (Source: DCOM) (EventID: 10001) (User: OLDA)
Description: Nelze spustit server DCOM: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
15612
při provádění příkazu:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server

Error: (12/06/2018 09:08:04 PM) (Source: DCOM) (EventID: 10001) (User: OLDA)
Description: Nelze spustit server DCOM: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
15612
při provádění příkazu:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server

Error: (12/06/2018 09:08:04 PM) (Source: DCOM) (EventID: 10001) (User: OLDA)
Description: Nelze spustit server DCOM: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
15612
při provádění příkazu:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server

Error: (12/06/2018 09:08:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Windows Store (WSService) byla neočekávaně ukončena. Tento stav nastal již 7krát.

Error: (12/06/2018 09:01:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Windows Store (WSService) byla neočekávaně ukončena. Tento stav nastal již 6krát.


Windows Defender:
===================================
Date: 2018-09-03 01:49:17.541
Description:
Funkce Ochrana v reálném čase u prohledávání Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Systém kontroly sítě
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2018-12-01 11:34:18.327
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:18.023
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:17.755
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:17.487
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:17.222
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:16.925
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:16.643
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-12-01 11:34:16.378
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 55%
Total physical RAM: 8191.18 MB
Available physical RAM: 3671.64 MB
Total Virtual: 16383.18 MB
Available Virtual: 11311.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:857.16 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C0B93A2A)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: PC podezření na zavirování.

Napsal: 06 pro 2018 21:59
od Rudy
Nemusel jste, ale vidím, že je opravdu OK. Nemáte zač a hezký den! :)

Re: PC podezření na zavirování.

Napsal: 06 pro 2018 22:06
od gold
Děkuji za perfektní pomoc.

Re: PC podezření na zavirování.

Napsal: 07 pro 2018 09:57
od Rudy
Rádo se stalo! :)