Disk na 100%

[vruss1]

Prosím o kontrolu, notebook se chová nestandardně. Disk na 100%, programy se ukončují, nelze spustit video soubory.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2019
Ran by Jiri (administrator) on DESKTOP-L2L7HIU (15-04-2019 19:42:46)
Running from C:\Users\Jiri\Desktop
Loaded Profiles: Jiri (Available Profiles: Jiri)
Platform: Windows 10 Home Version 1803 17134.648 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Config.Msi\238c09e0.rbf
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Update\Install\{AA4120D1-25AA-47C0-BD20-0C06A3CAD87C}\73.0.3683.103_73.0.3683.86_chrome_updater.exe
(Google LLC -> Google Inc.) C:\Windows\Temp\CR_FF971.tmp\setup.exe
(Google LLC -> Google Inc.) C:\Windows\Temp\CR_FF971.tmp\setup.exe
(Garmin International, Inc. -> ) C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Garmin International, Inc. -> Garmin Ltd or its subsidiaries) C:\Windows\Temp\tmp9EFA.tmp.exe
(Garmin International, Inc. -> Garmin Ltd or its subsidiaries) C:\Windows\Temp\{D75D493D-3398-4097-B7BB-C551651D758D}\.cr\tmp9EFA.tmp.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804360 2016-03-22] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Jiri\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Jiri\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30784504 2018-08-31] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\MountPoints2: {9fa28602-a234-11e8-b215-dc85de76bb80} - "F:\Lenovo_Suite.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-28] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{7c382922-46e5-4d4b-b78b-15faae9beefe}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{9ef98ba5-cf11-479e-a387-f67dbf94db0e}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{c7640d68-af04-4ce3-b668-d6351c6edae5}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{e9659b41-11db-49a7-86c1-2eeb6b95d5c8}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2013-12-23] (DVDVideoSoft Ltd. -> DVDVideoSoft Ltd.) [File not signed]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2013-12-23] (DVDVideoSoft Ltd. -> DVDVideoSoft Ltd.) [File not signed]

FireFox:
========
FF DefaultProfile: xlz3hdwq.default
FF ProfilePath: C:\Users\Jiri\AppData\Roaming\Mozilla\Firefox\Profiles\xlz3hdwq.default [2019-04-15]
FF Homepage: Mozilla\Firefox\Profiles\xlz3hdwq.default -> hxxps://www.seznam.cz/
FF HomepageOverride: Mozilla\Firefox\Profiles\xlz3hdwq.default -> Disabled: _ceMembers_@free.easypdfcombine.com
FF NewTabOverride: Mozilla\Firefox\Profiles\xlz3hdwq.default -> Disabled: _ceMembers_@free.easypdfcombine.com
FF Extension: (Seznam doplněk - Esko) - C:\Users\Jiri\AppData\Roaming\Mozilla\Firefox\Profiles\xlz3hdwq.default\Extensions\sko-extension@firma.seznam.cz.xpi [2019-02-16]
FF Extension: (EasyPDFCombine) - C:\Users\Jiri\AppData\Roaming\Mozilla\Firefox\Profiles\xlz3hdwq.default\Extensions\_ceMembers_@free.easypdfcombine.com.xpi [2019-03-08] [UpdateUrl:hxxps:\/\/updates.tb.ask.com\/updateXpi.json?id=222529105&version=8.885.14.57860&track=TTAB02&trackRevision=1&fromId=_ceMembers_%40free.easypdfcombine.com&isBridgeExtension=false]
FF Extension: (Seznam doplněk - Email) - C:\Users\Jiri\AppData\Roaming\Mozilla\Firefox\Profiles\xlz3hdwq.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2018-11-22]
FF Extension: (No Name) - C:\Users\Jiri\AppData\Roaming\Mozilla\Firefox\Profiles\xlz3hdwq.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2017-09-11] [Legacy] [not signed]
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (Garmin International, Inc. -> GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (Garmin International, Inc. -> GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default [2019-04-08]
CHR Extension: (Dokumenty) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-15]
CHR Extension: (Disk Google) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-21]
CHR Extension: (YouTube) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-21]
CHR Extension: (Gmail) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-10]
CHR Extension: (Chrome Media Router) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-04] (Intel(R) pGFX -> Intel Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ArcSec; C:\WINDOWS\System32\drivers\ArcSec.sys [312184 2010-09-21] (ArcSoft, Inc. -> ) [File not signed]
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2017-08-03] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_1aae4f19e68d0780\nvlddmkm.sys [17003280 2017-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_1aae4f19e68d0780\nvpciflt.sys [48072 2017-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343520 2019-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-15 19:42 - 2019-04-15 19:44 - 000016916 _____ C:\Users\Jiri\Desktop\FRST.txt
2019-04-15 19:39 - 2019-04-15 19:42 - 000011153 _____ C:\Users\Jiri\Downloads\Addition.txt
2019-04-15 19:34 - 2019-04-15 19:42 - 000024978 _____ C:\Users\Jiri\Downloads\FRST.txt
2019-04-15 19:33 - 2019-04-15 19:34 - 000000000 ____D C:\FRST
2019-04-15 19:30 - 2019-04-15 19:31 - 002434048 _____ (Farbar) C:\Users\Jiri\Desktop\FRST64.exe
2019-04-08 21:24 - 2019-04-08 21:24 - 021205512 _____ (Piriform Software Ltd) C:\Users\Jiri\Downloads\ccsetup555.exe
2019-04-08 21:13 - 2019-04-15 19:20 - 000007625 _____ C:\Users\Jiri\AppData\Local\resmon.resmoncfg
2019-04-08 20:56 - 2019-04-08 20:56 - 000000000 __SHD C:\found.000
2019-04-08 20:09 - 2019-04-08 20:09 - 000000000 ____D C:\Users\Jiri\AppData\Local\D3DSCache
2019-04-01 03:01 - 2019-04-01 03:01 - 000000000 ____D C:\Users\Jiri\AppData\Roaming\WinRAR
2019-04-01 03:01 - 2019-04-01 03:01 - 000000000 ____D C:\Users\Jiri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-04-01 03:01 - 2019-04-01 03:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-04-01 03:00 - 2019-04-01 03:01 - 000000000 ____D C:\Program Files\WinRAR
2019-04-01 02:59 - 2019-04-01 02:59 - 003122016 _____ (Alexander Roshal) C:\Users\Jiri\Downloads\winrar-x64-561.exe
2019-03-31 18:28 - 2019-03-31 23:08 - 3102027521 _____ C:\Users\Jiri\Downloads\S Jakubem v přírodě II. (12 dílů) (2017) 720x404 XviD 2pass_rbbs.rar
2019-03-31 18:15 - 2019-03-31 18:54 - 000000000 ____D C:\Users\Jiri\Downloads\A.Prayer.Before.Dawn.2017.WEB-DL.XviD.AC3-FGT
2019-03-31 18:10 - 2019-03-31 18:41 - 000000000 ____D C:\Users\Jiri\Downloads\Alpha.2018.1080p.WEB-DL.DD5.1.H264-FGT
2019-03-31 17:55 - 2019-03-31 18:43 - 873140377 _____ C:\Users\Jiri\Downloads\Vikingove_S05E13_Nový bůh_720p.HDTV.H264.CZdab_PB.mkv
2019-03-31 17:55 - 2019-03-31 18:07 - 872463364 _____ C:\Users\Jiri\Downloads\Vikingove_S05E14_Ztracený okamžik_720p.HDTV.H264.CZdab_PB.mkv
2019-03-31 17:54 - 2019-03-31 18:48 - 896646851 _____ C:\Users\Jiri\Downloads\Vikingove_S05E12_Nejodpornější vražda_720p.HDTV.H264.CZdab_PB.mkv
2019-03-31 17:54 - 2019-03-31 18:40 - 900408374 _____ C:\Users\Jiri\Downloads\Vikingove_S05E11_Odhalení_720p.HDTV.H264.CZdab_PB.mkv
2019-03-31 01:32 - 2019-03-31 01:35 - 000000000 ____D C:\Users\Jiri\Downloads\S Jakubem na rybách 1.série (2017)

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-15 19:42 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-15 19:42 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-15 19:38 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-15 19:32 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-15 19:19 - 2018-11-16 10:50 - 000000000 ____D C:\Program Files\rempl
2019-04-15 19:18 - 2017-01-31 13:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-15 19:14 - 2017-04-17 19:19 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2019-04-15 19:11 - 2017-01-31 13:50 - 000000000 ____D C:\Users\Jiri\AppData\LocalLow\Mozilla
2019-04-15 19:09 - 2017-01-31 11:02 - 000000000 __SHD C:\Users\Jiri\IntelGraphicsProfiles
2019-04-08 21:49 - 2017-08-14 23:20 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-08 21:44 - 2018-06-18 05:35 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-08 21:44 - 2018-04-12 17:50 - 000716276 _____ C:\WINDOWS\system32\perfh005.dat
2019-04-08 21:44 - 2018-04-12 17:50 - 000144534 _____ C:\WINDOWS\system32\perfc005.dat
2019-04-08 21:44 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-08 21:38 - 2018-06-18 05:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-08 21:37 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-08 21:32 - 2017-02-03 23:25 - 000000000 ____D C:\Users\Jiri\AppData\Roaming\uTorrent
2019-04-08 21:28 - 2018-07-26 04:19 - 000000000 ____D C:\Users\Jiri\AppData\Local\CrashDumps
2019-04-08 21:28 - 2018-06-17 20:04 - 000000000 ___DC C:\WINDOWS\Panther
2019-04-08 21:28 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-04-08 21:11 - 2018-06-18 05:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-08 20:46 - 2016-04-19 13:14 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-04-08 20:24 - 2018-04-15 19:40 - 000000000 ____D C:\Users\Jiri\AppData\Roaming\Seznam.cz
2019-04-08 20:13 - 2018-06-18 05:22 - 000000000 ____D C:\Users\Jiri
2019-04-08 20:06 - 2018-06-18 05:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-04 22:33 - 2018-10-02 18:17 - 000002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2019-04-04 22:33 - 2018-06-21 19:10 - 000003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-04 22:33 - 2018-06-21 19:10 - 000003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-04 22:33 - 2018-06-18 05:46 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-04-04 22:33 - 2018-06-18 05:46 - 000002866 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2019-04-04 22:33 - 2018-06-18 05:46 - 000002858 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1891661057-2910923079-390476046-1005
2019-04-04 22:33 - 2018-06-18 05:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-04-04 22:33 - 2017-01-31 19:07 - 000000000 ____D C:\Users\Jiri\AppData\Roaming\vlc
2019-03-31 06:04 - 2016-04-21 15:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-31 01:26 - 2016-04-21 15:07 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-03-28 23:25 - 2018-06-21 19:11 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-28 23:25 - 2018-06-21 19:11 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-28 22:54 - 2018-06-18 05:22 - 000002358 _____ C:\Users\Jiri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-28 22:54 - 2017-06-30 17:41 - 000000000 ___RD C:\Users\Jiri\OneDrive

==================== Files in the root of some directories =======

2018-04-15 19:39 - 2018-04-15 19:39 - 000099384 _____ () C:\Users\Jiri\AppData\Roaming\inst.exe
2018-04-15 19:39 - 2018-04-15 19:39 - 000007859 _____ () C:\Users\Jiri\AppData\Roaming\pcouffin.cat
2018-04-15 19:39 - 2018-04-15 19:39 - 000001167 _____ () C:\Users\Jiri\AppData\Roaming\pcouffin.inf
2018-04-15 19:39 - 2018-04-15 19:39 - 000000055 _____ () C:\Users\Jiri\AppData\Roaming\pcouffin.log
2018-04-15 19:39 - 2018-04-15 19:39 - 000082816 _____ (VSO Software) C:\Users\Jiri\AppData\Roaming\pcouffin.sys
2019-04-08 21:13 - 2019-04-15 19:20 - 000007625 _____ () C:\Users\Jiri\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-18 05:17

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2019
Ran by Jiri (15-04-2019 19:44:36)
Running from C:\Users\Jiri\Desktop
Windows 10 Home Version 1803 17134.648 (X64) (2018-06-18 03:48:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1891661057-2910923079-390476046-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1891661057-2910923079-390476046-503 - Limited - Disabled)
Guest (S-1-5-21-1891661057-2910923079-390476046-501 - Limited - Disabled)
Jiri (S-1-5-21-1891661057-2910923079-390476046-1005 - Administrator - Enabled) => C:\Users\Jiri
WDAGUtilityAccount (S-1-5-21-1891661057-2910923079-390476046-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Aktualizace NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
ANT Drivers Installer x64 (HKLM\...\{BA6C6C01-097B-4E79-9CAA-0FB9F863ED7C}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apowersoft Video Stahovač verze 6.3.1 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.3.1 - APOWERSOFT LIMITED)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.71.1081 - AB Team, d.o.o.)
Elevated Installer (HKLM-x32\...\{98EFD351-ECFC-41FA-83A4-7BFF16ED65E7}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Free YouTube Download version 3.2.19.1219 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.19.1219 - DVDVideoSoft Ltd.)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{1e266d7b-b23c-4e1e-afd0-0ee47558133d}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{61863549-E2F6-443E-94FE-622AE4168B7E}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
LibreOffice 5.1.2.2 (HKLM\...\{7A6851F9-0867-4CB4-9017-35ECA0CBA162}) (Version: 5.1.2.2 - The Document Foundation)
Microsoft OneDrive (HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Mozilla Firefox 66.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 66.0.2 (x64 cs)) (Version: 66.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 66.0.2.7024 - Mozilla)
NVIDIA Ovladače grafiky 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.57 - NVIDIA Corporation)
Ovládací panel NVIDIA 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.57 - NVIDIA Corporation) Hidden
Seznam Software (HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VSO ConvertXtoVideo Ultimate 2 (HKLM-x32\...\{{3852A371-F5ED-491A-86C3-998CD0688D4A}_is1) (Version: 2.0.0.82 - VSO Software)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1891661057-2910923079-390476046-1005_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1891661057-2910923079-390476046-1005_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13BC1AE6-76DE-4426-8A95-1DDE2EE9C7BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {26C331BB-C186-4D29-9530-CF665381C661} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe (ASUSTeK Computer Inc. -> AsusTek)
Task: {274BEE18-6155-435F-9E27-E72538B33653} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4BCA934B-DD48-4D17-8CDA-E3E86ADC5B22} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe (Garmin International, Inc. -> )
Task: {5E68D762-B7A6-48E2-A2AE-6A23A0FA7D21} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {65233102-E296-49CF-8777-D71DCBDDF596} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7476D7BF-972D-4DD4-BDEB-11D5FD3F0A1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {843922D1-52AD-4601-9EB9-4E1BC1793C4B} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {97396AA0-6662-4CBA-B43E-CD41D5FE8E7E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {B7A59149-8655-4CC1-9545-0AC8F6F28CE8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {C5D8F411-1052-44C1-A6A5-D62D0ABAAB08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {C82AD6EC-5DD5-49DA-B382-98A4D9048059} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {EF07C14A-D927-4807-B3BC-1C2E0768BA1A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-03-28 02:22 - 2017-03-28 02:22 - 000113664 _____ (.NET Foundation) [File not signed] C:\WINDOWS\TEMP\{25943AB1-FC07-4A1F-8CA8-390FA819E230}\.ba\mbahost.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2019-01-04 17:34 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\StartupApproved\Run: => "GarminExpress"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A4212C87-8844-4EAD-AA84-FFCDDCB976BD}] => (Allow) C:\Users\Jiri\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{ED090501-9BD2-45B6-A832-2B23B87BE961}] => (Allow) C:\Users\Jiri\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{9CEBD5B6-9104-49B3-A5A1-70247CCB450A}] => (Allow) C:\Users\Jiri\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{B57A4F04-D713-4A70-8AAE-90175CC4B81D}] => (Allow) C:\Users\Jiri\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{601A271A-2E8E-47C7-A9E4-CD4456B4037E}] => (Allow) C:\Users\Jiri\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{5987FDA8-8C73-405D-9D76-C9D2A558BFBB}] => (Allow) C:\Users\Jiri\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{0D839495-6426-4A90-ACF7-C4C550F84025}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DF74C541-8951-48DE-BA08-522CC2D7018F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0A26F390-8121-4F78-B13F-CAE8D9207679}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{ED350B38-DA27-4585-B189-E48BE4889A73}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{010815D6-C7CD-4EEC-83ED-CB4271ACB065}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{CF9C43ED-41C5-4541-8EF6-4A2CF08CCCEE}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{E997B882-0AFE-411F-8649-3079F84DE0B2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

15-04-2019 19:16:05 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2019 07:42:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 15.4.2019.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 2084

Čas spuštění: 01d4f3b15a3fef06

Čas ukončení: 31

Cesta k aplikaci: C:\Users\Jiri\Downloads\FRST64.exe

ID hlášení: e2d20ea5-b073-458b-af48-ba2798b1fabb

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (04/15/2019 07:18:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: sedsvc.exe, verze: 10.0.17134.10024, časové razítko: 0x2d29399d
Název chybujícího modulu: sedsvc.exe, verze: 10.0.17134.10024, časové razítko: 0x2d29399d
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000010451
ID chybujícího procesu: 0x9ac
Čas spuštění chybující aplikace: 0x01d4ee42faa59c08
Cesta k chybující aplikaci: C:\Program Files\rempl\sedsvc.exe
Cesta k chybujícímu modulu: C:\Program Files\rempl\sedsvc.exe
ID zprávy: 19c62ea4-92d5-415d-b46c-04600fdb0322
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/08/2019 08:14:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/08/2019 08:14:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (04/08/2019 08:14:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 005 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (04/08/2019 08:11:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchUI.exe verze 10.0.17134.648 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1810

Čas spuštění: 01d4ee3629fe942d

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

ID hlášení: a7fdb423-9e6e-4e9b-8870-3125f30ab083

Úplný název balíčku s chybou: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy

ID aplikace související s balíčkem s chybou: CortanaUI

Error: (04/07/2019 09:51:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program audiodg.exe verze 10.0.17134.619 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: cb8

Čas spuštění: 01d4ed789ce089d5

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\System32\audiodg.exe

ID hlášení: a246fe5b-45d4-4a90-a56c-ec2567cec488

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (04/03/2019 06:06:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x8007001f, Zařízení připojené k systému nefunguje.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet


System errors:
=============
Error: (04/15/2019 07:23:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070643): Aktualizace definic pro Windows Defender Antivirus - KB2267602 (definice 1.291.1983.0).

Error: (04/15/2019 07:09:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/08/2019 09:42:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L2L7HIU)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-L2L7HIU\Jiri (SID: S-1-5-21-1891661057-2910923079-390476046-1005) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/08/2019 09:41:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/08/2019 09:03:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/08/2019 08:49:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-L2L7HIU)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/08/2019 08:37:20 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku C: bylo zjištěno poškození.

Hlavní tabulka souborů (MFT) obsahuje poškozený záznam souboru. Referenční číslo souboru je 0x30000000036f40. Název souboru je \Program Files\AVAST Software\Avast\setup\vps_binaries_64-2db.vpx.

Error: (04/08/2019 08:36:18 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku C: bylo zjištěno poškození.

Bylo nalezeno poškození ve struktuře indexů systému souborů. Referenční číslo souboru je 0x1400000003a50b. Název souboru je \ProgramData\Microsoft\Windows Defender\Scans. Poškozený atribut indexu je :$I30:$INDEX_ALLOCATION.


Windows Defender:
===================================
Date: 2019-04-08 21:11:23.634
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {33CFDBB6-303B-4AEB-A5BE-72E0755FE8D0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: DESKTOP-L2L7HIU\Jiri

Date: 2018-09-04 20:58:08.077
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {68EFFF33-51D3-4DB5-96FE-504C26D5E832}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\NETWORK SERVICE

Date: 2019-04-08 20:36:23.563
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.727.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-08 20:36:23.562
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.727.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-08 20:36:23.562
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.727.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-08 20:36:23.550
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.727.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-08 20:36:23.550
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.727.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2018-06-18 07:02:24.995
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:02:24.989
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:02:24.983
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:02:24.976
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:00:08.224
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:00:08.194
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:00:08.172
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:00:08.144
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 71%
Total physical RAM: 3981.48 MB
Available physical RAM: 1144.53 MB
Total Virtual: 5453.48 MB
Available Virtual: 2129.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.39 GB) (Free:189.71 GB) NTFS

\\?\Volume{0e851309-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{0e851309-0000-0000-0000-103874000000}\ () (Fixed) (Total:0.88 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0E851309)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=904 MB) - (Type=27)

==================== End of Addition.txt ============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[vruss1]

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-15-2019
# Duration: 00:00:32
# OS: Windows 10 Home
# Cleaned: 16
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\Users\Jiri\AppData\Roaming\Seznam.cz

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted EasyPDFCombine

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2586 octets] - [15/04/2019 20:14:26]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Rudy]

OK. Dejte nové logy FRST+Addition.

[vruss1]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2019 01
Ran by Jiri (administrator) on DESKTOP-L2L7HIU (15-04-2019 21:17:17)
Running from C:\Users\Jiri\Desktop
Loaded Profiles: Jiri (Available Profiles: Jiri)
Platform: Windows 10 Home Version 1803 17134.648 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.580_none_ead976921d8220dc\TiWorker.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804360 2016-03-22] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30784504 2018-08-31] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\MountPoints2: {9fa28602-a234-11e8-b215-dc85de76bb80} - "F:\Lenovo_Suite.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-28] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{7c382922-46e5-4d4b-b78b-15faae9beefe}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{9ef98ba5-cf11-479e-a387-f67dbf94db0e}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{c7640d68-af04-4ce3-b668-d6351c6edae5}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{e9659b41-11db-49a7-86c1-2eeb6b95d5c8}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2013-12-23] (DVDVideoSoft Ltd. -> DVDVideoSoft Ltd.) [File not signed]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2013-12-23] (DVDVideoSoft Ltd. -> DVDVideoSoft Ltd.) [File not signed]

FireFox:
========
FF DefaultProfile: xlz3hdwq.default
FF ProfilePath: C:\Users\Jiri\AppData\Roaming\Mozilla\Firefox\Profiles\xlz3hdwq.default [2019-04-15]
FF Homepage: Mozilla\Firefox\Profiles\xlz3hdwq.default -> hxxps://www.seznam.cz/
FF HomepageOverride: Mozilla\Firefox\Profiles\xlz3hdwq.default -> Disabled: _ceMembers_@free.easypdfcombine.com
FF NewTabOverride: Mozilla\Firefox\Profiles\xlz3hdwq.default -> Disabled: _ceMembers_@free.easypdfcombine.com
FF Extension: (Seznam doplněk - Esko) - C:\Users\Jiri\AppData\Roaming\Mozilla\Firefox\Profiles\xlz3hdwq.default\Extensions\sko-extension@firma.seznam.cz.xpi [2019-02-16]
FF Extension: (Seznam doplněk - Email) - C:\Users\Jiri\AppData\Roaming\Mozilla\Firefox\Profiles\xlz3hdwq.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2018-11-22]
FF Extension: (No Name) - C:\Users\Jiri\AppData\Roaming\Mozilla\Firefox\Profiles\xlz3hdwq.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2017-09-11] [Legacy] [not signed]
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (Garmin International, Inc. -> GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (Garmin International, Inc. -> GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default [2019-04-08]
CHR Extension: (Dokumenty) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-15]
CHR Extension: (Disk Google) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-21]
CHR Extension: (YouTube) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-21]
CHR Extension: (Gmail) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-10]
CHR Extension: (Chrome Media Router) - C:\Users\Jiri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-04] (Intel(R) pGFX -> Intel Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ArcSec; C:\WINDOWS\System32\drivers\ArcSec.sys [312184 2010-09-21] (ArcSoft, Inc. -> ) [File not signed]
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2017-08-03] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_1aae4f19e68d0780\nvlddmkm.sys [17003280 2017-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_1aae4f19e68d0780\nvpciflt.sys [48072 2017-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343520 2019-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-15 21:16 - 2019-04-15 21:16 - 000000000 ____D C:\Users\Jiri\Desktop\FRST-OlderVersion
2019-04-15 20:13 - 2019-04-15 20:14 - 000000000 ____D C:\AdwCleaner
2019-04-15 20:12 - 2019-04-15 20:12 - 007025360 _____ (Malwarebytes) C:\Users\Jiri\Desktop\adwcleaner_7.3.exe
2019-04-15 19:44 - 2019-04-15 19:47 - 000033006 _____ C:\Users\Jiri\Desktop\Addition.txt
2019-04-15 19:42 - 2019-04-15 21:30 - 000015444 _____ C:\Users\Jiri\Desktop\FRST.txt
2019-04-15 19:39 - 2019-04-15 19:42 - 000011153 _____ C:\Users\Jiri\Downloads\Addition.txt
2019-04-15 19:34 - 2019-04-15 19:42 - 000024978 _____ C:\Users\Jiri\Downloads\FRST.txt
2019-04-15 19:33 - 2019-04-15 21:17 - 000000000 ____D C:\FRST
2019-04-15 19:30 - 2019-04-15 21:16 - 002434048 _____ (Farbar) C:\Users\Jiri\Desktop\FRST64.exe
2019-04-15 19:18 - 2019-04-15 20:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-08 21:24 - 2019-04-08 21:24 - 021205512 _____ (Piriform Software Ltd) C:\Users\Jiri\Downloads\ccsetup555.exe
2019-04-08 21:13 - 2019-04-15 20:33 - 000007625 _____ C:\Users\Jiri\AppData\Local\resmon.resmoncfg
2019-04-08 20:56 - 2019-04-08 20:56 - 000000000 __SHD C:\found.000
2019-04-08 20:09 - 2019-04-08 20:09 - 000000000 ____D C:\Users\Jiri\AppData\Local\D3DSCache
2019-04-01 03:01 - 2019-04-01 03:01 - 000000000 ____D C:\Users\Jiri\AppData\Roaming\WinRAR
2019-04-01 03:01 - 2019-04-01 03:01 - 000000000 ____D C:\Users\Jiri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-04-01 03:01 - 2019-04-01 03:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-04-01 03:00 - 2019-04-01 03:01 - 000000000 ____D C:\Program Files\WinRAR
2019-04-01 02:59 - 2019-04-01 02:59 - 003122016 _____ (Alexander Roshal) C:\Users\Jiri\Downloads\winrar-x64-561.exe
2019-03-31 18:28 - 2019-03-31 23:08 - 3102027521 _____ C:\Users\Jiri\Downloads\S Jakubem v přírodě II. (12 dílů) (2017) 720x404 XviD 2pass_rbbs.rar
2019-03-31 18:15 - 2019-03-31 18:54 - 000000000 ____D C:\Users\Jiri\Downloads\A.Prayer.Before.Dawn.2017.WEB-DL.XviD.AC3-FGT
2019-03-31 18:10 - 2019-03-31 18:41 - 000000000 ____D C:\Users\Jiri\Downloads\Alpha.2018.1080p.WEB-DL.DD5.1.H264-FGT
2019-03-31 17:55 - 2019-03-31 18:43 - 873140377 _____ C:\Users\Jiri\Downloads\Vikingove_S05E13_Nový bůh_720p.HDTV.H264.CZdab_PB.mkv
2019-03-31 17:55 - 2019-03-31 18:07 - 872463364 _____ C:\Users\Jiri\Downloads\Vikingove_S05E14_Ztracený okamžik_720p.HDTV.H264.CZdab_PB.mkv
2019-03-31 17:54 - 2019-03-31 18:48 - 896646851 _____ C:\Users\Jiri\Downloads\Vikingove_S05E12_Nejodpornější vražda_720p.HDTV.H264.CZdab_PB.mkv
2019-03-31 17:54 - 2019-03-31 18:40 - 900408374 _____ C:\Users\Jiri\Downloads\Vikingove_S05E11_Odhalení_720p.HDTV.H264.CZdab_PB.mkv
2019-03-31 01:32 - 2019-03-31 01:35 - 000000000 ____D C:\Users\Jiri\Downloads\S Jakubem na rybách 1.série (2017)

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-15 21:28 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-15 21:24 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-15 21:22 - 2016-04-21 15:10 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-15 20:53 - 2018-06-18 05:35 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-15 20:53 - 2018-04-12 17:50 - 000716276 _____ C:\WINDOWS\system32\perfh005.dat
2019-04-15 20:53 - 2018-04-12 17:50 - 000144534 _____ C:\WINDOWS\system32\perfc005.dat
2019-04-15 20:53 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-15 20:49 - 2017-04-17 19:19 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2019-04-15 20:48 - 2017-01-31 13:50 - 000000000 ____D C:\Users\Jiri\AppData\LocalLow\Mozilla
2019-04-15 20:47 - 2018-06-18 05:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-15 20:47 - 2017-08-14 23:20 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-15 20:47 - 2017-01-31 11:02 - 000000000 __SHD C:\Users\Jiri\IntelGraphicsProfiles
2019-04-15 20:45 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-15 20:19 - 2018-10-02 18:17 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-15 20:18 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-15 20:17 - 2016-04-21 15:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-15 20:09 - 2016-04-21 15:07 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-04-15 20:01 - 2016-04-19 13:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-15 19:54 - 2016-04-19 13:12 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-15 19:53 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-15 19:19 - 2018-11-16 10:50 - 000000000 ____D C:\Program Files\rempl
2019-04-08 21:32 - 2017-02-03 23:25 - 000000000 ____D C:\Users\Jiri\AppData\Roaming\uTorrent
2019-04-08 21:28 - 2018-07-26 04:19 - 000000000 ____D C:\Users\Jiri\AppData\Local\CrashDumps
2019-04-08 21:28 - 2018-06-17 20:04 - 000000000 ___DC C:\WINDOWS\Panther
2019-04-08 21:28 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-04-08 21:11 - 2018-06-18 05:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-08 20:46 - 2016-04-19 13:14 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-04-08 20:13 - 2018-06-18 05:22 - 000000000 ____D C:\Users\Jiri
2019-04-08 20:06 - 2018-06-18 05:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-04 22:33 - 2018-10-02 18:17 - 000002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2019-04-04 22:33 - 2018-06-21 19:10 - 000003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-04 22:33 - 2018-06-21 19:10 - 000003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-04 22:33 - 2018-06-18 05:46 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-04-04 22:33 - 2018-06-18 05:46 - 000002866 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2019-04-04 22:33 - 2018-06-18 05:46 - 000002858 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1891661057-2910923079-390476046-1005
2019-04-04 22:33 - 2018-06-18 05:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-04-04 22:33 - 2017-01-31 19:07 - 000000000 ____D C:\Users\Jiri\AppData\Roaming\vlc
2019-04-01 19:51 - 2018-04-12 01:41 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-01 19:51 - 2018-04-12 01:41 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-28 23:25 - 2018-06-21 19:11 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-28 23:25 - 2018-06-21 19:11 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-28 22:54 - 2018-06-18 05:22 - 000002358 _____ C:\Users\Jiri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-28 22:54 - 2017-06-30 17:41 - 000000000 ___RD C:\Users\Jiri\OneDrive

==================== Files in the root of some directories =======

2018-04-15 19:39 - 2018-04-15 19:39 - 000099384 _____ () C:\Users\Jiri\AppData\Roaming\inst.exe
2018-04-15 19:39 - 2018-04-15 19:39 - 000007859 _____ () C:\Users\Jiri\AppData\Roaming\pcouffin.cat
2018-04-15 19:39 - 2018-04-15 19:39 - 000001167 _____ () C:\Users\Jiri\AppData\Roaming\pcouffin.inf
2018-04-15 19:39 - 2018-04-15 19:39 - 000000055 _____ () C:\Users\Jiri\AppData\Roaming\pcouffin.log
2018-04-15 19:39 - 2018-04-15 19:39 - 000082816 _____ (VSO Software) C:\Users\Jiri\AppData\Roaming\pcouffin.sys
2019-04-08 21:13 - 2019-04-15 20:33 - 000007625 _____ () C:\Users\Jiri\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-18 05:17

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2019 01
Ran by Jiri (15-04-2019 21:31:00)
Running from C:\Users\Jiri\Desktop
Windows 10 Home Version 1803 17134.648 (X64) (2018-06-18 03:48:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1891661057-2910923079-390476046-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1891661057-2910923079-390476046-503 - Limited - Disabled)
Guest (S-1-5-21-1891661057-2910923079-390476046-501 - Limited - Disabled)
Jiri (S-1-5-21-1891661057-2910923079-390476046-1005 - Administrator - Enabled) => C:\Users\Jiri
WDAGUtilityAccount (S-1-5-21-1891661057-2910923079-390476046-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Aktualizace NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
ANT Drivers Installer x64 (HKLM\...\{BA6C6C01-097B-4E79-9CAA-0FB9F863ED7C}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apowersoft Video Stahovač verze 6.3.1 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.3.1 - APOWERSOFT LIMITED)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.71.1081 - AB Team, d.o.o.)
Elevated Installer (HKLM-x32\...\{98EFD351-ECFC-41FA-83A4-7BFF16ED65E7}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Free YouTube Download version 3.2.19.1219 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.19.1219 - DVDVideoSoft Ltd.)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{1e266d7b-b23c-4e1e-afd0-0ee47558133d}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{61863549-E2F6-443E-94FE-622AE4168B7E}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
LibreOffice 5.1.2.2 (HKLM\...\{7A6851F9-0867-4CB4-9017-35ECA0CBA162}) (Version: 5.1.2.2 - The Document Foundation)
Microsoft OneDrive (HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Mozilla Firefox 66.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 66.0.3 (x64 cs)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 66.0.3.7038 - Mozilla)
NVIDIA Ovladače grafiky 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.57 - NVIDIA Corporation)
Ovládací panel NVIDIA 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.57 - NVIDIA Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VSO ConvertXtoVideo Ultimate 2 (HKLM-x32\...\{{3852A371-F5ED-491A-86C3-998CD0688D4A}_is1) (Version: 2.0.0.82 - VSO Software)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1891661057-2910923079-390476046-1005_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1891661057-2910923079-390476046-1005_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13BC1AE6-76DE-4426-8A95-1DDE2EE9C7BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {26C331BB-C186-4D29-9530-CF665381C661} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe (ASUSTeK Computer Inc. -> AsusTek)
Task: {274BEE18-6155-435F-9E27-E72538B33653} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4BCA934B-DD48-4D17-8CDA-E3E86ADC5B22} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe (Garmin International, Inc. -> )
Task: {5E68D762-B7A6-48E2-A2AE-6A23A0FA7D21} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {65233102-E296-49CF-8777-D71DCBDDF596} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7476D7BF-972D-4DD4-BDEB-11D5FD3F0A1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {843922D1-52AD-4601-9EB9-4E1BC1793C4B} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {97396AA0-6662-4CBA-B43E-CD41D5FE8E7E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {B7A59149-8655-4CC1-9545-0AC8F6F28CE8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {C5D8F411-1052-44C1-A6A5-D62D0ABAAB08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {C82AD6EC-5DD5-49DA-B382-98A4D9048059} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {EF07C14A-D927-4807-B3BC-1C2E0768BA1A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2019-01-04 17:34 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\StartupApproved\Run: => "GarminExpress"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A4212C87-8844-4EAD-AA84-FFCDDCB976BD}] => (Allow) C:\Users\Jiri\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{ED090501-9BD2-45B6-A832-2B23B87BE961}] => (Allow) C:\Users\Jiri\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{9CEBD5B6-9104-49B3-A5A1-70247CCB450A}] => (Allow) C:\Users\Jiri\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{B57A4F04-D713-4A70-8AAE-90175CC4B81D}] => (Allow) C:\Users\Jiri\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{601A271A-2E8E-47C7-A9E4-CD4456B4037E}] => (Allow) C:\Users\Jiri\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{5987FDA8-8C73-405D-9D76-C9D2A558BFBB}] => (Allow) C:\Users\Jiri\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{0D839495-6426-4A90-ACF7-C4C550F84025}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DF74C541-8951-48DE-BA08-522CC2D7018F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0A26F390-8121-4F78-B13F-CAE8D9207679}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{ED350B38-DA27-4585-B189-E48BE4889A73}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{010815D6-C7CD-4EEC-83ED-CB4271ACB065}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{CF9C43ED-41C5-4541-8EF6-4A2CF08CCCEE}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{E997B882-0AFE-411F-8649-3079F84DE0B2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

15-04-2019 19:16:05 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2019 08:15:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wuauclt.exe, verze: 10.0.17134.1, časové razítko: 0x22d334aa
Název chybujícího modulu: combase.dll, verze: 10.0.17134.619, časové razítko: 0xa54ce84e
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000b055c
ID chybujícího procesu: 0x2ac
Čas spuštění chybující aplikace: 0x01d4f3b55136a109
Cesta k chybující aplikaci: C:\WINDOWS\system32\wuauclt.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\combase.dll
ID zprávy: 69d64b9a-b55f-429b-95a0-1e2d9b2ebf7b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/15/2019 07:42:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 15.4.2019.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 2084

Čas spuštění: 01d4f3b15a3fef06

Čas ukončení: 31

Cesta k aplikaci: C:\Users\Jiri\Downloads\FRST64.exe

ID hlášení: e2d20ea5-b073-458b-af48-ba2798b1fabb

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (04/15/2019 07:18:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: sedsvc.exe, verze: 10.0.17134.10024, časové razítko: 0x2d29399d
Název chybujícího modulu: sedsvc.exe, verze: 10.0.17134.10024, časové razítko: 0x2d29399d
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000010451
ID chybujícího procesu: 0x9ac
Čas spuštění chybující aplikace: 0x01d4ee42faa59c08
Cesta k chybující aplikaci: C:\Program Files\rempl\sedsvc.exe
Cesta k chybujícímu modulu: C:\Program Files\rempl\sedsvc.exe
ID zprávy: 19c62ea4-92d5-415d-b46c-04600fdb0322
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/08/2019 08:14:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/08/2019 08:14:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (04/08/2019 08:14:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 005 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (04/08/2019 08:11:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchUI.exe verze 10.0.17134.648 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1810

Čas spuštění: 01d4ee3629fe942d

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

ID hlášení: a7fdb423-9e6e-4e9b-8870-3125f30ab083

Úplný název balíčku s chybou: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy

ID aplikace související s balíčkem s chybou: CortanaUI

Error: (04/07/2019 09:51:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program audiodg.exe verze 10.0.17134.619 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: cb8

Čas spuštění: 01d4ed789ce089d5

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\System32\audiodg.exe

ID hlášení: a246fe5b-45d4-4a90-a56c-ec2567cec488

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:


System errors:
=============
Error: (04/15/2019 08:53:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/15/2019 08:45:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024001e): Aktualizace definic pro Windows Defender Antivirus - KB2267602 (definice 1.291.1986.0).

Error: (04/15/2019 08:45:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-L2L7HIU)
Description: Server Microsoft.OneConnect_5.1902.361.0_x64__8wekyb3d8bbwe!App.AppXe8pdgw5syxe8pgccbk3mcn5hanwamr0e.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/15/2019 08:20:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/15/2019 08:18:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/15/2019 08:15:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-L2L7HIU)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/15/2019 08:15:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-L2L7HIU)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/15/2019 08:15:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800706be): 2019-04 Kumulativní aktualizace pro Windows 10 Version 1803 pro systémy typu x64 (KB4493464).


Windows Defender:
===================================
Date: 2019-04-08 21:11:23.634
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {33CFDBB6-303B-4AEB-A5BE-72E0755FE8D0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: DESKTOP-L2L7HIU\Jiri

Date: 2018-09-04 20:58:08.077
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {68EFFF33-51D3-4DB5-96FE-504C26D5E832}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\NETWORK SERVICE

Date: 2019-04-15 20:58:26.336
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.291.1983.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15800.1
Kód chyby: 0x80240016
Popis chyby ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2019-04-08 20:36:23.563
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.727.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-08 20:36:23.562
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.727.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-08 20:36:23.562
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.727.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-08 20:36:23.550
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.727.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2018-06-18 07:02:24.995
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:02:24.989
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:02:24.983
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:02:24.976
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:00:08.224
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:00:08.194
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:00:08.172
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-18 07:00:08.144
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Jiri\Pictures\FOTKY\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 59%
Total physical RAM: 3981.48 MB
Available physical RAM: 1615.71 MB
Total Virtual: 5453.48 MB
Available Virtual: 3022.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.39 GB) (Free:189.33 GB) NTFS

\\?\Volume{0e851309-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{0e851309-0000-0000-0000-103874000000}\ () (Fixed) (Total:0.88 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0E851309)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=904 MB) - (Type=27)

==================== End of Addition.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\MountPoints2: {9fa28602-a234-11e8-b215-dc85de76bb80} - "F:\Lenovo_Suite.exe"
FF Extension: (No Name) - C:\Users\Jiri\AppData\Roaming\Mozilla\Firefox\Profiles\xlz3hdwq.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {7476D7BF-972D-4DD4-BDEB-11D5FD3F0A1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {C5D8F411-1052-44C1-A6A5-D62D0ABAAB08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {C82AD6EC-5DD5-49DA-B382-98A4D9048059} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[vruss1]

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2019 01
Ran by Jiri (15-04-2019 22:01:11) Run:1
Running from C:\Users\Jiri\Desktop
Loaded Profiles: Jiri (Available Profiles: Jiri)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\...\MountPoints2: {9fa28602-a234-11e8-b215-dc85de76bb80} - "F:\Lenovo_Suite.exe"
FF Extension: (No Name) - C:\Users\Jiri\AppData\Roaming\Mozilla\Firefox\Profiles\xlz3hdwq.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {7476D7BF-972D-4DD4-BDEB-11D5FD3F0A1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {C5D8F411-1052-44C1-A6A5-D62D0ABAAB08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {C82AD6EC-5DD5-49DA-B382-98A4D9048059} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-1891661057-2910923079-390476046-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fa28602-a234-11e8-b215-dc85de76bb80} => removed successfully
HKLM\Software\Classes\CLSID\{9fa28602-a234-11e8-b215-dc85de76bb80} => not found
C:\Users\Jiri\AppData\Roaming\Mozilla\Firefox\Profiles\xlz3hdwq.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7476D7BF-972D-4DD4-BDEB-11D5FD3F0A1C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7476D7BF-972D-4DD4-BDEB-11D5FD3F0A1C}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5D8F411-1052-44C1-A6A5-D62D0ABAAB08}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5D8F411-1052-44C1-A6A5-D62D0ABAAB08}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C82AD6EC-5DD5-49DA-B382-98A4D9048059}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C82AD6EC-5DD5-49DA-B382-98A4D9048059}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49812484 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 170813357 B
Edge => 695296 B
Chrome => 12728719 B
Firefox => 90660650 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 26664 B
NetworkService => 0 B
Jiri => 11366257 B

RecycleBin => 0 B
EmptyTemp: => 330.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:03:39 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[vruss1]

Zdá se to být v pořádku. Velice děkuji za pomoc.

[Rudy]

Nemáte zač!