Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Těžba Bitcoinu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
filip.z
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 27 pro 2005 00:29

Těžba Bitcoinu

#1 Příspěvek od filip.z »

Dobrý den, včera večer jsem zaregistroval veliké vytížení paměti. Po projetí Avastem vyskočí upozornění na problémy v C:\Windows\SysWOW64\SysConfServ\nheqminer.exe. Celá složka SysWOW64 je mě podezřelá a nheqminer.exe po prohledání na Googlu má snad něco společného s těžbou. Prosím o kontrolu logu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05.2019 01
Ran by David Záhorský (administrator) on DESKTOP-BQRE00U (15-05-2019 11:18:19)
Running from C:\Users\David Záhorský\Desktop
Loaded Profiles: David Záhorský (Available Profiles: David Záhorský)
Platform: Windows 10 Home Version 1809 17763.475 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.26.95.0_x64__kzf8qxf38zg5c\SkypeHelper.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.21218.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.20211.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(File-New-Project) [File not signed] C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.0.6.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_6facd738cc4484c9\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_6facd738cc4484c9\IntelCpHeciSvc.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.26.95.0_x64__kzf8qxf38zg5c\Skype4Life.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.21365.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.21365.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.49.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Raimersoft) [File not signed] C:\Program Files (x86)\RarmaRadio\RarmaRadio.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163776 2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] (Samsung Electronics CO., LTD. -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.157\Installer\chrmstp.exe [2019-05-15] (Google LLC -> Google Inc.)
AppInit_DLLs: C:\WINDOWS\SysWOW64\winselfprotect.dll => C:\WINDOWS\SysWOW64\winselfprotect.dll [1739776 2018-02-21] () [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04A7BA12-20A0-4CE6-B3C0-18C12CB2F7E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-02-17] (Google Inc -> Google Inc.)
Task: {167CF87C-4C9C-48CD-9FCA-A3894887396D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-02-17] (Google Inc -> Google Inc.)
Task: {23B278E3-521D-45F4-9661-265F7C9B050F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {277A30FB-24BB-4FBA-A76A-4C99966B220F} - System32\Tasks\Opera scheduled Autoupdate 1519069390 => C:\Users\David Záhorský\AppData\Local\Programs\Opera\launcher.exe
Task: {321B2DD6-EA08-4406-9FAD-E2E4F98FC5C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {474139F7-D93A-4D7A-AC1B-8C46E054C9B1} - System32\Tasks\{427AEC9D-7A1C-4B2F-9F84-E45C8F6CA796} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.41.0.101/cs/abandoninstall?page=tsBing
Task: {6FB4D47D-2DD1-4CCC-BD36-37A88C7BD249} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {83968995-9061-44CE-9F5C-225A66DFA78C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {9357A0AC-3B30-489D-84D4-009741FA44FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {97C14C78-9391-4142-B811-B4CF0DEC4C10} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1551520 2015-05-14] (ASUSTeK Computer Inc. -> ) [File not signed]
Task: {9ADA842A-528F-49EB-AD64-9863EA512F32} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C52691D-1FB0-457E-8192-8CB5DE1B46A6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {A6E29CD9-F39B-444C-8F42-32CAB027345D} - System32\Tasks\S-1-5-21-3461955402-3671429942-3536090380-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [134144 2019-03-13] (Microsoft Windows -> Microsoft Corporation)
Task: {C84B0A4F-61D7-4D5A-91C6-B8AA1954EF5C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {EEAFD2C3-E124-4AEF-A016-3014142AC115} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\David Záhorský\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{603f877a-28fc-4c39-8054-8d95f8189f7d}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]

FireFox:
========
FF DefaultProfile: 1p5aj6ni.default
FF ProfilePath: C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default [2019-05-15]
FF Homepage: Mozilla\Firefox\Profiles\1p5aj6ni.default -> www.seznam.cz
FF Extension: (Facebook Container) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\@contain-facebook.xpi [2019-03-26]
FF Extension: (Check4Change) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\check4change-owner@mozdev.org.xpi [2018-07-06]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-05]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\sp@avast.com.xpi [2018-12-21] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (uBlock Origin) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\uBlock0@raymondhill.net.xpi [2019-05-13]
FF Extension: (Avast Online Security) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\wrc@avast.com.xpi [2019-04-29]
FF Extension: (Malwarebytes Browser Extension) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2019-04-11]
FF Extension: (Linkification) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi [2016-04-28] [Legacy]
FF Extension: (Firefox B) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\{ac40163c-8804-4dad-90fc-e25ebd6e9a57}.xpi [2019-05-13]
FF Extension: (No Name) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-22]
FF Extension: (Baidu Search Update) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\features\{3d1db48e-522e-4d66-b795-60dd470c1ab0}\baidu-code-update@mozillaonline.com.xpi [2019-05-07]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-3461955402-3671429942-3536090380-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-3461955402-3671429942-3536090380-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-3461955402-3671429942-3536090380-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxp://www.seznam.cz/
CHR StartupUrls: Profile 2 -> "hxxps://www.seznam.cz/"
CHR Profile: C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-28]
CHR Profile: C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-05-15]
CHR Extension: (Překladač Google) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-12-26]
CHR Extension: (Prezentace) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-09]
CHR Extension: (Dokumenty) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-09]
CHR Extension: (Disk Google) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Linkify) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkkgikibkmalecfagnebbhbacnbhckmh [2018-07-09]
CHR Extension: (YouTube) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-20]
CHR Extension: (uBlock Origin) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-05-12]
CHR Extension: (Adobe Acrobat) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-02]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-01-29]
CHR Extension: (Tabulky) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-09]
CHR Extension: (I don't care about cookies) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2019-04-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (AdBlock) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-02]
CHR Extension: (Avast Online Security) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-04-30]
CHR Extension: (Page Refresh) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmooaemjmediafeacjplpbpenjnpcneg [2018-10-24]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2019-04-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-09]
CHR Extension: (AdBlocker Ultimate) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2019-04-28]
CHR Extension: (MindBrella) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oijhdnohbodhpigbapooageplofoehpj [2018-07-09]
CHR Extension: (Gmail) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25]
CHR Profile: C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\45825AA2558EDB94 <==== ATTENTION (Rootkit!)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 SysUpdateService; C:\WINDOWS\SysWOW64\SysUpdService.exe [2974720 2019-04-17] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] (ASUSTeK Computer Inc. -> )
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [254128 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320624 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-20] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [257832 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1031000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [476776 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [220640 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek Semiconductor Corp. -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-15 11:18 - 2019-05-15 11:18 - 000027669 _____ C:\Users\David Záhorský\Desktop\FRST.txt
2019-05-15 11:18 - 2019-05-15 11:18 - 000000000 ____D C:\FRST
2019-05-15 11:16 - 2019-05-15 11:16 - 002434048 _____ (Farbar) C:\Users\David Záhorský\Desktop\FRST64.exe
2019-05-15 10:48 - 2019-05-15 10:50 - 188434128 _____ C:\Users\David Záhorský\Desktop\45bip3gh.exe
2019-05-14 20:32 - 2019-05-14 20:32 - 000000175 _____ C:\Users\David Záhorský\Desktop\V síti- Fotky penisů, nabídka trojky, dívky jako masturbační prostředek, říká o chystaném filmu dokumentarista Klusák - Hospodářské noviny (IHNED.cz).url
2019-05-14 16:58 - 2019-05-14 17:36 - 000012145 _____ C:\Users\David Záhorský\Desktop\Sestava.xlsx
2019-05-13 13:27 - 2019-05-13 14:16 - 1464005100 _____ C:\Users\David Záhorský\Desktop\Hra o trůny S08E05 CZTit. (frpli).mkv
2019-05-12 16:27 - 2019-05-12 16:27 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2019-05-11 14:43 - 2019-05-11 14:43 - 000000065 _____ C:\Users\David Záhorský\Desktop\Vila Adria - Moča.url
2019-05-09 14:48 - 2019-05-09 14:48 - 020928468 _____ C:\Users\David Záhorský\Desktop\13.-5.---19.-5.-Mexický-týden-01.pdf
2019-05-09 12:46 - 2019-05-09 12:46 - 000000216 _____ C:\Users\David Záhorský\Desktop\Prodej bytu Nekvasilova 3+kk bez RK - Bezrealitky.url
2019-05-07 15:46 - 2019-05-07 15:47 - 000000000 ____D C:\Users\David Záhorský\Desktop\Jak okamžitě zdvojnásobit rychlost SSD - Agem
2019-05-07 15:30 - 2019-05-15 00:27 - 000000000 ____D C:\Users\David Záhorský\Desktop\chernobyl.s01e01.720p.webrip.x264-tbs-cze
2019-05-04 10:19 - 2018-02-21 22:20 - 001739776 _____ C:\WINDOWS\SysWOW64\winselfprotect.dll
2019-05-04 10:18 - 2019-05-04 10:18 - 000000000 ____D C:\WINDOWS\SysWOW64\SysConfServ
2019-05-04 10:18 - 2018-03-19 23:43 - 001713152 _____ C:\WINDOWS\SysWOW64\winhost.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 026810880 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 023441920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 020815360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 019025408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 009683472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 007645632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 006544256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 003657728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-04 10:16 - 2019-05-04 10:16 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002777224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002720256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-04 10:16 - 2019-05-04 10:16 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002469376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-04 10:16 - 2019-05-04 10:16 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002275888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001697960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-04 10:16 - 2019-05-04 10:16 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001469168 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 001044520 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-04 10:16 - 2019-05-04 10:16 - 000806600 _____ C:\WINDOWS\system32\locale.nls
2019-05-04 10:16 - 2019-05-04 10:16 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000757664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2019-05-04 10:16 - 2019-05-04 10:16 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2019-05-04 10:16 - 2019-05-04 10:16 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-05-04 10:16 - 2019-05-04 10:16 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-05-04 10:16 - 2019-05-04 10:16 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-05-04 10:16 - 2019-05-04 10:16 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000090640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-05-03 13:23 - 2019-05-03 13:23 - 000000216 _____ C:\Users\David Záhorský\Desktop\Prodej bytu Argentinská 3+kk bez RK - Bezrealitky.url
2019-05-01 14:27 - 2019-05-01 14:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-05-01 14:26 - 2019-05-01 14:26 - 000000000 ____D C:\Users\David Záhorský\Desktop\MS Office 2010 Po Plus CZ SP2 Portable
2019-04-25 10:07 - 2019-04-25 10:07 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-04-22 10:48 - 2019-05-14 18:27 - 000000000 ____D C:\Users\David Záhorský\AppData\Roaming\WhatsApp
2019-04-22 10:48 - 2019-04-22 10:48 - 000002355 _____ C:\Users\David Záhorský\Desktop\WhatsApp.lnk
2019-04-22 10:48 - 2019-04-22 10:48 - 000000000 ____D C:\Users\David Záhorský\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-04-22 10:48 - 2019-04-22 10:48 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\WhatsApp
2019-04-22 10:48 - 2019-04-22 10:48 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\SquirrelTemp

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-15 11:09 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-15 10:50 - 2018-10-04 09:14 - 000000000 ____D C:\Users\David Záhorský
2019-05-15 10:48 - 2018-02-19 16:24 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\ClassicShell
2019-05-15 10:38 - 2018-10-04 09:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-15 10:17 - 2018-10-04 09:27 - 001693636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-15 10:17 - 2018-09-15 19:32 - 000716776 _____ C:\WINDOWS\system32\perfh005.dat
2019-05-15 10:17 - 2018-09-15 19:32 - 000144856 _____ C:\WINDOWS\system32\perfc005.dat
2019-05-15 10:17 - 2018-09-15 09:31 - 000000000 ____D C:\WINDOWS\INF
2019-05-15 10:13 - 2018-10-04 09:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-15 10:13 - 2018-09-15 08:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-15 10:08 - 2018-08-14 12:56 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\D3DSCache
2019-05-15 10:07 - 2018-09-15 09:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-15 10:07 - 2018-02-16 20:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-15 10:05 - 2018-02-16 20:07 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-15 02:54 - 2018-10-04 09:18 - 000003658 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1519069390
2019-05-15 02:54 - 2018-10-04 09:18 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-05-15 02:54 - 2018-10-04 09:18 - 000003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 02:54 - 2018-10-04 09:18 - 000003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-15 02:54 - 2018-10-04 09:18 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-05-15 02:54 - 2018-10-04 09:18 - 000002772 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2019-05-15 02:54 - 2018-10-04 09:18 - 000002244 _____ C:\WINDOWS\System32\Tasks\{427AEC9D-7A1C-4B2F-9F84-E45C8F6CA796}
2019-05-15 02:54 - 2018-10-04 09:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-05-15 01:50 - 2018-02-17 12:35 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-15 01:40 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-15 01:37 - 2018-02-19 18:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-05-15 01:37 - 2018-02-19 17:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-15 01:04 - 2018-02-19 17:44 - 000000000 ____D C:\Users\David Záhorský\AppData\LocalLow\Mozilla
2019-05-15 00:16 - 2018-02-17 12:36 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-15 00:16 - 2018-02-17 12:36 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-14 18:27 - 2019-02-04 01:50 - 000000000 ____D C:\Users\David Záhorský\AppData\Roaming\ViberPC
2019-05-14 14:57 - 2018-02-20 12:03 - 000000000 ____D C:\Users\David Záhorský\AppData\Roaming\vlc
2019-05-13 23:23 - 2018-09-15 09:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-13 23:23 - 2018-09-15 09:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-13 14:17 - 2019-04-08 17:50 - 000000000 ____D C:\Users\David Záhorský\Desktop\Filmy
2019-05-12 16:30 - 2018-02-19 22:40 - 000000000 ____D C:\ProgramData\TEMP
2019-05-12 16:30 - 2018-02-19 18:18 - 000000000 ____D C:\ProgramData\AVAST Software
2019-05-12 16:28 - 2018-02-19 18:20 - 000000000 ____D C:\Users\David Záhorský\AppData\Roaming\AVAST Software
2019-05-10 10:01 - 2018-02-19 18:13 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-08 18:56 - 2018-02-22 11:36 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\ElevatedDiagnostics
2019-05-08 18:42 - 2018-07-16 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-05-08 18:42 - 2018-05-16 14:08 - 000001383 _____ C:\Users\Public\Desktop\Skype.lnk
2019-05-07 15:47 - 2019-02-06 15:44 - 000000000 ____D C:\Users\David Záhorský\Desktop\Různé
2019-05-06 15:29 - 2018-02-19 22:38 - 000000000 ____D C:\Users\David Záhorský\Desktop\Ostatní
2019-05-04 10:18 - 2019-03-10 20:26 - 000303616 _____ (Alexander Roshal) C:\WINDOWS\SysWOW64\unrar.exe
2019-05-04 10:18 - 2019-03-10 20:26 - 000090624 _____ () C:\WINDOWS\SysWOW64\wget.exe
2019-05-04 10:18 - 2018-10-04 09:13 - 000446072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-04 10:17 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-04 10:17 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-04 10:17 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-02 16:17 - 2018-02-19 18:50 - 000000000 ____D C:\Texty
2019-05-01 14:31 - 2018-08-24 00:55 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\CrashDumps
2019-05-01 14:30 - 2018-12-20 17:56 - 000000000 ____D C:\Users\David Záhorský\Documents\Poznámkové bloky aplikace OneNote
2019-04-30 13:47 - 2018-02-28 12:59 - 000000000 ____D C:\Users\David Záhorský\Documents\Scan
2019-04-28 16:29 - 2018-02-19 22:03 - 000000000 ____D C:\Program Files\CCleaner
2019-04-25 10:08 - 2019-04-12 19:10 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-04-25 10:08 - 2018-10-04 09:18 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-04-25 10:08 - 2018-08-14 11:12 - 000476776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-04-25 10:08 - 2018-08-14 11:12 - 000385848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-04-25 10:07 - 2019-02-13 11:12 - 000257832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-04-25 10:07 - 2019-01-20 18:50 - 000320624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-04-25 10:07 - 2019-01-20 18:50 - 000254128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-04-25 10:07 - 2019-01-20 18:50 - 000196000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-04-25 10:07 - 2019-01-20 18:50 - 000057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-04-25 10:07 - 2019-01-20 18:50 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-04-25 10:07 - 2018-12-01 13:23 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-04-25 10:07 - 2018-09-15 09:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-25 10:07 - 2018-08-14 11:12 - 001031000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-04-25 10:07 - 2018-08-14 11:12 - 000220640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-04-25 10:07 - 2018-08-14 11:12 - 000205400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-04-25 10:07 - 2018-08-14 11:12 - 000166848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-04-25 10:07 - 2018-08-14 11:12 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-04-25 10:07 - 2018-08-14 11:12 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-04-23 16:59 - 2018-02-19 19:11 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-04-23 15:20 - 2018-03-06 18:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-23 10:13 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-23 10:13 - 2018-02-16 19:16 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\Packages
2019-04-22 19:59 - 2018-08-14 11:35 - 000000000 ____D C:\ProgramData\Packages
2019-04-19 18:13 - 2018-02-16 19:32 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\PlaceholderTileLogoFolder
2019-04-17 22:43 - 2019-02-16 11:55 - 002974720 _____ C:\WINDOWS\SysWOW64\SysUpdService.exe

==================== Files in the root of some directories =======

2018-03-06 02:19 - 2018-03-06 02:19 - 000001304 _____ () C:\Users\David Záhorský\AppData\Local\recently-used.xbel
2018-02-21 01:38 - 2018-02-21 01:38 - 000000017 _____ () C:\Users\David Záhorský\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05.2019 01
Ran by David Záhorský (15-05-2019 11:19:10)
Running from C:\Users\David Záhorský\Desktop
Windows 10 Home Version 1809 17763.475 (X64) (2018-10-04 07:18:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3461955402-3671429942-3536090380-500 - Administrator - Disabled)
David Záhorský (S-1-5-21-3461955402-3671429942-3536090380-1001 - Administrator - Enabled) => C:\Users\David Záhorský
DefaultAccount (S-1-5-21-3461955402-3671429942-3536090380-503 - Limited - Disabled)
Guest (S-1-5-21-3461955402-3671429942-3536090380-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3461955402-3671429942-3536090380-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Belkin Wireless USB Utility (HKLM-x32\...\{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin) Hidden
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.57.1051 - Webteh, d.o.o.)
CGI PKI .NET Component (HKLM-x32\...\CGIPkcs) (Version: 2.0.1.0 - CGI IT Czech Republic s.r.o.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Click and Relax 1.0 (HKLM-x32\...\ClickandRelax) (Version: - )
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
EVEREST Ultimate Edition v5.30 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.30 - Lavalys, Inc.)
Faktury 3.2.4 (HKLM-x32\...\%Product_Name% 3.2.4 ) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.157 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6373 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Microlife BPA 3.2 English (HKLM-x32\...\{B52161A2-B3BB-429A-9A57-A74CAB6185C7}) (Version: 3.2.5 - Microlife) Hidden
Microlife BPA 3.2 English (HKLM-x32\...\InstallShield_{B52161A2-B3BB-429A-9A57-A74CAB6185C7}) (Version: 3.2.5 - Microlife)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MozBackup 1.4.7 (HKLM-x32\...\MozBackup_is1) (Version: - Pavel Cvrček)
Mozilla Firefox 66.0.5 (x64 cs) (HKLM\...\Mozilla Firefox 66.0.5 (x64 cs)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.2.1 - Mozilla)
Mozilla Thunderbird 60.6.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.6.1 (x86 cs)) (Version: 60.6.1 - Mozilla)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
RarmaRadio 2.71 (HKLM-x32\...\RarmaRadio_is1) (Version: - RaimerSoft)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.46 (30.10.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.06.00.08(07.09.2016) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.27 (21.07.2017) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden
Skype verze 8.44 (HKLM-x32\...\Skype_is1) (Version: 8.44 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Start-Q v1.2 (HKLM-x32\...\{7B6060AF-A09C-402D-89E2-96BCF60F5763}_is1) (Version: - Duriosoft)
Twitch (HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Types (HKLM\...\Types) (Version: 1.9.3 - Evgeny Strunnikov)
UBitMenu CZ (HKLM-x32\...\{655C54AF-6A47-4a7f-962D-EB57418F94FD}_is1) (Version: 01.04 - UBit Schweiz AG)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{A951B9A0-13C0-4A4B-8E04-3CCF05701086}) (Version: 2.47.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Viber (HKLM-x32\...\{452386AD-F9CF-4958-B52C-1521965F1C80}) (Version: 10.0.0.32 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\...\{bf62c583-7dcb-4b98-bc9f-4f9e57349e19}) (Version: 10.0.0.32 - Viber Media Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-4) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Your Uninstaller! 2010 (HKLM-x32\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)
Zobrazit uživatelskou příručku (HKLM-x32\...\View User Guide) (Version: 3.60.47.0 - )

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_1.7.1.0_x64__tf1gferkr813w [2018-02-16] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_4.2.2.0_x86__kgqvnymyfvs32 [2018-02-16] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.106.700.0_x86__kgqvnymyfvs32 [2018-02-16] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_2.7.1.4_x86__h6adky7gbf63m [2018-02-16] (Disney Magic Kingdoms)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-10-04] (Doplněk pro Fotky)
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.0.6.0_x86__1sdd7yawvg6ne [2018-09-03] (File-New-Project)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt [2018-02-27] (Facebook Inc)
File Viewer Plus -> C:\Program Files\WindowsApps\SharpenedProductions.FileViewerPlus_3.0.3.0_x86__xkt78gamzntbr [2018-11-22] (Sharpened Productions)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_3.0.0.12_x86__h6adky7gbf63m [2018-02-16] (March of Empires: War of Lords)
Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt [2018-02-27] (Facebook Inc)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe [2018-02-16] (Microsoft Platform Extensions)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe [2018-02-16] (Microsoft Platform Extensions)
Sada pro místní prostředí v češtině -> C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackcs-cz_17134.3.6.0_neutral__8wekyb3d8bbwe [2018-08-14] (Microsoft Corporation)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2018-02-19] (Samsung Electronics Co. Ltd.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.26.95.0_x64__kzf8qxf38zg5c [2018-09-15] (Skype)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\David Záhorský\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\David Záhorský\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\David Záhorský\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64\FileSyncShell64.dll => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxDTCM.dll [2018-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\David Záhorský\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2018-02-19 22:10 - 2010-07-27 23:02 - 000029784 _____ ((: JOBnik! :) [Arthur Aminov, ISRAEL]) [File not signed] C:\Program Files (x86)\RarmaRadio\BASS_FX.dll
2014-09-08 14:32 - 2014-09-08 14:32 - 000050688 _____ () [File not signed] C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrvPS.dll
2018-02-19 22:10 - 2009-12-07 14:05 - 000505771 _____ () [File not signed] C:\Program Files (x86)\RarmaRadio\sqlite3.dll
2014-09-08 14:38 - 2014-09-08 14:38 - 000051200 _____ () [File not signed] C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 149155819 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\App.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000875008 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000630784 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000053760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000081408 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000989696 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000823296 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 006690261 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\JavaScriptCore_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000457728 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\OpenAL_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 061463631 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 001283533 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\pgl_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000038912 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000113664 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000838656 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000360960 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000014862 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 021502193 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WebCore_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 004764445 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WebKit_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 002054893 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WebKitLegacy_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000090112 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000012800 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000755712 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
2018-02-27 16:07 - 2018-02-27 16:08 - 000384000 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000147456 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000093184 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000095232 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2019-05-04 10:19 - 2018-02-21 22:20 - 001739776 _____ () [File not signed] C:\WINDOWS\SysWOW64\winselfprotect.dll
2018-09-03 21:02 - 2018-09-03 21:02 - 000925184 _____ (File-New-Project) [File not signed] C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.0.6.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
2017-08-12 11:23 - 2017-08-12 11:23 - 000163776 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
2017-08-12 11:23 - 2017-08-12 11:23 - 003664320 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-02-19 22:10 - 2008-04-17 13:17 - 000150904 _____ (MaresWEB) [File not signed] C:\Program Files (x86)\RarmaRadio\bass_aac.dll
2018-02-19 22:10 - 2016-10-29 09:55 - 010063360 _____ (Raimersoft) [File not signed] C:\Program Files (x86)\RarmaRadio\RarmaRadio.exe
2016-09-07 07:52 - 2016-09-07 07:52 - 000111616 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Easy Printer Manager\CustomTimer.dll
2016-07-26 12:57 - 2016-07-26 12:57 - 000123904 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll
2018-02-19 22:10 - 2009-06-03 22:42 - 000312320 _____ (Stefan Toengi) [File not signed] C:\Program Files (x86)\RarmaRadio\AudioGenie2.DLL
2018-02-19 22:10 - 2014-12-22 09:54 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\RarmaRadio\BASS.dll
2018-02-19 22:10 - 2008-06-25 14:53 - 000016960 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\RarmaRadio\BASSCD.dll
2018-02-19 22:10 - 2008-03-31 19:35 - 000010808 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\RarmaRadio\BASSENC.dll
2018-02-19 22:10 - 2009-12-09 14:40 - 000025152 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\RarmaRadio\BASSFLAC.dll
2018-02-19 22:10 - 2016-01-20 09:11 - 000006880 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\RarmaRadio\basshls.dll
2018-02-19 22:10 - 2010-09-17 14:28 - 000017472 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\RarmaRadio\BASSWMA.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [176]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2019-01-04 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{66A22FDF-5A45-4834-BE5D-DE757516B0BF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C0EDEC8A-C00E-4032-8DB1-0C9BDCE9E39C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{54D484A6-44AE-43DA-892D-36704F334425}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{C5584DCD-D64F-4806-B07D-D4A5FF2FA6E2}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{AD7DA5CF-F043-4099-AB66-3E7D51A99F70}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [{19B839F3-4CB3-4171-B388-8BE61DD881ED}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [{D67C86D5-9836-4FE2-AC1C-06B16DA2995B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [{5F162970-E85E-4533-BF71-3FD7A91E08BB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [{20463817-9C1B-4D9D-9E65-5970673FC626}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [{E06EC4A7-89D1-4931-B02F-03438C24BF2A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe (ScanProcess) [File not signed]
FirewallRules: [{F3C0CF58-DA0C-486D-B3AC-AA16E694752A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe (Scan2PCNotify) [File not signed]
FirewallRules: [{E517A9DC-3B2F-4B6E-8C7F-E0E3265D30EF}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{200280B9-240C-41AF-A56A-3FAE3C1EE8B7}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{E1635CEA-C8F7-4ABA-9163-96F8335CAC50}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{8FBA77AC-04A5-491A-9FFE-7AB7C8AE0F97}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{462CA5BD-729E-43B6-AF08-24F74B38DA4A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2D5F642D-9235-476B-A5D7-754C6F1C8E2A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{2C10B85A-39E8-4DFD-A94C-75E846223977}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [UDP Query User{830D898F-5906-46BA-A43C-A45B675C52E5}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [TCP Query User{1142B367-8952-4D80-853E-C9428A71109B}C:\users\david záhorský\desktop\trustviewer.exe] => (Allow) C:\users\david záhorský\desktop\trustviewer.exe No File
FirewallRules: [UDP Query User{9198D0B0-8969-4CB5-BF2E-76B7787D50FF}C:\users\david záhorský\desktop\trustviewer.exe] => (Allow) C:\users\david záhorský\desktop\trustviewer.exe No File
FirewallRules: [{1D00FFA0-8207-4747-8576-47F4CB4CC69F}] => (Allow) C:\WINDOWS\SysWOW64\SysUpdService.exe () [File not signed]
FirewallRules: [{45A6032E-B6C7-4828-B0CD-D42649A7E4AC}] => (Allow) C:\WINDOWS\SysWOW64\SysUpdService.exe () [File not signed]
FirewallRules: [TCP Query User{A08EFC70-08D3-442D-9358-2E4B2B500415}C:\users\david záhorský\desktop\ms office 2010 po plus cz sp2 portable\ms office 2010 po plus cz sp2 portable\kmservice.exe] => (Allow) C:\users\david záhorský\desktop\ms office 2010 po plus cz sp2 portable\ms office 2010 po plus cz sp2 portable\kmservice.exe () [File not signed]
FirewallRules: [UDP Query User{B3FDA82B-8A69-4D6F-95C8-FB082D22FEEA}C:\users\david záhorský\desktop\ms office 2010 po plus cz sp2 portable\ms office 2010 po plus cz sp2 portable\kmservice.exe] => (Allow) C:\users\david záhorský\desktop\ms office 2010 po plus cz sp2 portable\ms office 2010 po plus cz sp2 portable\kmservice.exe () [File not signed]
FirewallRules: [{1DBA22BC-6C2D-41C5-A55E-28118A758974}] => (Block) C:\users\david záhorský\desktop\ms office 2010 po plus cz sp2 portable\ms office 2010 po plus cz sp2 portable\kmservice.exe () [File not signed]
FirewallRules: [{E4493B66-AE03-435E-BA97-D4C472DC9AFE}] => (Block) C:\users\david záhorský\desktop\ms office 2010 po plus cz sp2 portable\ms office 2010 po plus cz sp2 portable\kmservice.exe () [File not signed]
FirewallRules: [{F408BC82-8643-4C84-96D5-8C2C5F450863}] => (Allow) C:\WINDOWS\SysWOW64\wget.exe () [File not signed]
FirewallRules: [{A62A6A5F-76C5-443A-BD6F-09D17C517F76}] => (Allow) C:\WINDOWS\SysWOW64\SysConfServ\nheqminer.exe () [File not signed]
FirewallRules: [{11283F2C-8B42-4899-8C6F-6266B0510A2E}] => (Allow) C:\WINDOWS\SysWOW64\SysConfServ\nheqminer.exe () [File not signed]
FirewallRules: [{2038E20E-4D6C-4803-AB95-97A3E58C1828}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{40087861-6DF7-4ED3-8A34-408D3B8D6E60}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0AC90343-4055-48A9-9AC7-9288EE03F399}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

28-04-2019 16:29:33 Before uninstalling CCleaner
04-05-2019 10:14:29 Windows Update
11-05-2019 11:15:35 Naplánovaný kontrolní bod
12-05-2019 16:30:06 Before uninstalling Avast Cleanup Premium

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2019 10:13:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.17763.1, časové razítko: 0xb900eeff
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007ff9419a0358
ID chybujícího procesu: 0xb9c
Čas spuštění chybující aplikace: 0x01d50af556a50e7f
Cesta k chybující aplikaci: C:\WINDOWS\System32\svchost.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 0505dfe2-7168-41e1-a53b-6bcf60a543f2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/15/2019 10:07:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.17763.1, časové razítko: 0xb900eeff
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007ff830680358
ID chybujícího procesu: 0xd70
Čas spuštění chybující aplikace: 0x01d50aae0beacd71
Cesta k chybující aplikaci: C:\WINDOWS\System32\svchost.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 66e7e8ba-58b8-4c28-a0cd-1b3db143c817
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/15/2019 01:37:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.17763.1, časové razítko: 0xb900eeff
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007ffeedd80358
ID chybujícího procesu: 0xd7c
Čas spuštění chybující aplikace: 0x01d504da8c1b9201
Cesta k chybující aplikaci: C:\WINDOWS\System32\svchost.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: adb3cced-f1c1-485a-8412-c3974c531b60
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/15/2019 12:41:18 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu (unknown) na SECURITY_PRODUCT_STATE_ON došlo k chybě.

Error: (05/15/2019 12:41:18 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu (unknown) na SECURITY_PRODUCT_STATE_ON došlo k chybě.

Error: (05/15/2019 12:41:18 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (05/07/2019 01:05:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Notes.exe verze 3.1.46.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 7464

Čas spuštění: 01d504c3926ccbca

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe

ID hlášení: 0fd28150-f6b2-418f-8631-cf28d956520d

Úplný název balíčku s chybou: Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (05/02/2019 10:24:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program WinStore.App.exe verze 11805.1001.49.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 1b54

Čas spuštění: 01d500c02bc0ffc9

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.49.0_x64__8wekyb3d8bbwe\WinStore.App.exe

ID hlášení: de204c4a-ccb2-4392-8ff3-36109c795971

Úplný název balíčku s chybou: Microsoft.WindowsStore_11805.1001.49.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Activation


System errors:
=============
Error: (05/15/2019 11:16:46 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 11:15:26 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 11:11:26 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 11:10:28 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 11:08:47 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 11:00:53 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 10:23:07 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 10:18:29 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-05-01 18:09:04.934
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {1329E3B6-A64D-4DFC-B349-036B007DA62D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-04-18 15:52:15.634
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {A8082EFD-E72B-441B-A3EF-AD418A210E43}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-04-11 14:17:00.375
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {985E43A3-343D-4EC1-8402-02246430D3C2}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-04-02 00:11:46.598
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {69C88165-7B67-451B-BA80-437C5EEC8C4A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-04-01 20:00:51.801
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {56084660-4730-4BE1-840F-9076174F88E7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2019-05-15 10:13:36.173
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\winselfprotect.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-15 10:08:14.944
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-15 10:08:14.941
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-15 10:08:14.933
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-15 10:08:14.930
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-15 10:08:11.842
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\winselfprotect.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-15 01:51:03.465
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\winselfprotect.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-15 01:37:56.550
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0809 07/07/2017
Motherboard: ASUSTeK COMPUTER INC. PRIME B250M-K
Processor: Intel(R) Pentium(R) CPU G4560 @ 3.50GHz
Percentage of memory in use: 42%
Total physical RAM: 8060.12 MB
Available physical RAM: 4618.47 MB
Total Virtual: 9404.12 MB
Available Virtual: 5059.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.5 GB) (Free:134.7 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:849.04 GB) NTFS
Drive f: (ADATA UFD) (Removable) (Total:28.91 GB) (Free:23.16 GB) NTFS

\\?\Volume{af8b88ff-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{af8b88ff-0000-0000-0000-30023a000000}\ () (Fixed) (Total:0.85 GB) (Free:0.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: AF8B88FF)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=870 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: AF8B88E9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=28.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Těžba Bitcoinu

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

filip.z
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 27 pro 2005 00:29

Re: Těžba Bitcoinu

#3 Příspěvek od filip.z »

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-15-2019
# Duration: 00:00:08
# OS: Windows 10 Home
# Scanned: 27335
# Detected: 3


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Conduit HKCU\Software\Conduit
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1383 octets] - [10/01/2019 17:06:34]
AdwCleaner[S01].txt - [1444 octets] - [09/02/2019 13:20:58]
AdwCleaner[S02].txt - [1505 octets] - [15/05/2019 14:26:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Těžba Bitcoinu

#4 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

filip.z
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 27 pro 2005 00:29

Re: Těžba Bitcoinu

#5 Příspěvek od filip.z »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05.2019
Ran by David Záhorský (administrator) on DESKTOP-BQRE00U (15-05-2019 14:53:54)
Running from C:\Users\David Záhorský\Desktop
Loaded Profiles: David Záhorský (Available Profiles: David Záhorský)
Platform: Windows 10 Home Version 1809 17763.475 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.26.95.0_x64__kzf8qxf38zg5c\SkypeHelper.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.21218.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.20211.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(File-New-Project) [File not signed] C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.0.6.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_6facd738cc4484c9\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_6facd738cc4484c9\IntelCpHeciSvc.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.26.95.0_x64__kzf8qxf38zg5c\Skype4Life.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.21365.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.21365.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.49.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Raimersoft) [File not signed] C:\Program Files (x86)\RarmaRadio\RarmaRadio.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163776 2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] (Samsung Electronics CO., LTD. -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.157\Installer\chrmstp.exe [2019-05-15] (Google LLC -> Google Inc.)
AppInit_DLLs: C:\WINDOWS\SysWOW64\winselfprotect.dll => C:\WINDOWS\SysWOW64\winselfprotect.dll [1739776 2018-02-21] () [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04A7BA12-20A0-4CE6-B3C0-18C12CB2F7E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-02-17] (Google Inc -> Google Inc.)
Task: {167CF87C-4C9C-48CD-9FCA-A3894887396D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-02-17] (Google Inc -> Google Inc.)
Task: {23B278E3-521D-45F4-9661-265F7C9B050F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {277A30FB-24BB-4FBA-A76A-4C99966B220F} - System32\Tasks\Opera scheduled Autoupdate 1519069390 => C:\Users\David Záhorský\AppData\Local\Programs\Opera\launcher.exe
Task: {321B2DD6-EA08-4406-9FAD-E2E4F98FC5C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {474139F7-D93A-4D7A-AC1B-8C46E054C9B1} - System32\Tasks\{427AEC9D-7A1C-4B2F-9F84-E45C8F6CA796} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.41.0.101/cs/abandoninstall?page=tsBing
Task: {6FB4D47D-2DD1-4CCC-BD36-37A88C7BD249} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {83968995-9061-44CE-9F5C-225A66DFA78C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {9357A0AC-3B30-489D-84D4-009741FA44FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {97C14C78-9391-4142-B811-B4CF0DEC4C10} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1551520 2015-05-14] (ASUSTeK Computer Inc. -> ) [File not signed]
Task: {9ADA842A-528F-49EB-AD64-9863EA512F32} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C52691D-1FB0-457E-8192-8CB5DE1B46A6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2925960 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {A6E29CD9-F39B-444C-8F42-32CAB027345D} - System32\Tasks\S-1-5-21-3461955402-3671429942-3536090380-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [134144 2019-03-13] (Microsoft Windows -> Microsoft Corporation)
Task: {C84B0A4F-61D7-4D5A-91C6-B8AA1954EF5C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {EEAFD2C3-E124-4AEF-A016-3014142AC115} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\David Záhorský\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{603f877a-28fc-4c39-8054-8d95f8189f7d}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]

FireFox:
========
FF DefaultProfile: 1p5aj6ni.default
FF ProfilePath: C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default [2019-05-15]
FF Homepage: Mozilla\Firefox\Profiles\1p5aj6ni.default -> www.seznam.cz
FF Extension: (Facebook Container) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\@contain-facebook.xpi [2019-03-26]
FF Extension: (Check4Change) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\check4change-owner@mozdev.org.xpi [2018-07-06]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-15]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\sp@avast.com.xpi [2018-12-21] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (uBlock Origin) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\uBlock0@raymondhill.net.xpi [2019-05-13]
FF Extension: (Avast Online Security) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\wrc@avast.com.xpi [2019-04-29]
FF Extension: (Malwarebytes Browser Extension) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2019-04-11]
FF Extension: (Linkification) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi [2016-04-28] [Legacy]
FF Extension: (Firefox B) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\{ac40163c-8804-4dad-90fc-e25ebd6e9a57}.xpi [2019-05-13]
FF Extension: (No Name) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-22]
FF Extension: (Baidu Search Update) - C:\Users\David Záhorský\AppData\Roaming\Mozilla\Firefox\Profiles\1p5aj6ni.default\features\{97bf56af-b63a-4109-8ffe-0347a5b3a4e2}\baidu-code-update@mozillaonline.com.xpi [2019-05-13]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-3461955402-3671429942-3536090380-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-3461955402-3671429942-3536090380-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-3461955402-3671429942-3536090380-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxp://www.seznam.cz/
CHR StartupUrls: Profile 2 -> "hxxps://www.seznam.cz/"
CHR Profile: C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-28]
CHR Profile: C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-05-15]
CHR Extension: (Překladač Google) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-12-26]
CHR Extension: (Prezentace) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-09]
CHR Extension: (Dokumenty) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-09]
CHR Extension: (Disk Google) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Linkify) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bkkgikibkmalecfagnebbhbacnbhckmh [2018-07-09]
CHR Extension: (YouTube) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-20]
CHR Extension: (uBlock Origin) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-05-12]
CHR Extension: (Adobe Acrobat) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-02]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-01-29]
CHR Extension: (Tabulky) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-09]
CHR Extension: (I don't care about cookies) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2019-04-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (AdBlock) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-02]
CHR Extension: (Avast Online Security) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-04-30]
CHR Extension: (Page Refresh) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmooaemjmediafeacjplpbpenjnpcneg [2018-10-24]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2019-04-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-09]
CHR Extension: (AdBlocker Ultimate) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2019-04-28]
CHR Extension: (MindBrella) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oijhdnohbodhpigbapooageplofoehpj [2018-07-09]
CHR Extension: (Gmail) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25]
CHR Profile: C:\Users\David Záhorský\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\45825AA2558EDB94 <==== ATTENTION (Rootkit!)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6660888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [362488 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 SysUpdateService; C:\WINDOWS\SysWOW64\SysUpdService.exe [2974720 2019-04-17] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] (ASUSTeK Computer Inc. -> )
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [254128 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320624 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57888 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-20] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [257832 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1031000 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [476776 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [220640 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385848 2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 MpKsl05ab353d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2828A656-F2AE-40A5-A086-F8F07176BA9C}\MpKsl05ab353d.sys [58120 2019-05-15] (Microsoft Corporation -> Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek Semiconductor Corp. -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-15 14:53 - 2019-05-15 14:53 - 000000000 ____D C:\Users\David Záhorský\Desktop\FRST-OlderVersion
2019-05-15 14:26 - 2019-05-15 14:26 - 007025360 _____ (Malwarebytes) C:\Users\David Záhorský\Desktop\adwcleaner_7.3.exe
2019-05-15 11:18 - 2019-05-15 14:54 - 000028657 _____ C:\Users\David Záhorský\Desktop\FRST.txt
2019-05-15 11:18 - 2019-05-15 14:53 - 000000000 ____D C:\FRST
2019-05-15 11:16 - 2019-05-15 14:53 - 002434048 _____ (Farbar) C:\Users\David Záhorský\Desktop\FRST64.exe
2019-05-15 10:48 - 2019-05-15 10:50 - 188434128 _____ C:\Users\David Záhorský\Desktop\45bip3gh.exe
2019-05-14 20:32 - 2019-05-14 20:32 - 000000175 _____ C:\Users\David Záhorský\Desktop\V síti- Fotky penisů, nabídka trojky, dívky jako masturbační prostředek, říká o chystaném filmu dokumentarista Klusák - Hospodářské noviny (IHNED.cz).url
2019-05-14 16:58 - 2019-05-15 14:03 - 000012150 _____ C:\Users\David Záhorský\Desktop\Sestava.xlsx
2019-05-13 13:27 - 2019-05-13 14:16 - 1464005100 _____ C:\Users\David Záhorský\Desktop\Hra o trůny S08E05 CZTit. (frpli).mkv
2019-05-12 16:27 - 2019-05-12 16:27 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2019-05-11 14:43 - 2019-05-11 14:43 - 000000065 _____ C:\Users\David Záhorský\Desktop\Vila Adria - Moča.url
2019-05-09 14:48 - 2019-05-09 14:48 - 020928468 _____ C:\Users\David Záhorský\Desktop\13.-5.---19.-5.-Mexický-týden-01.pdf
2019-05-09 12:46 - 2019-05-09 12:46 - 000000216 _____ C:\Users\David Záhorský\Desktop\Prodej bytu Nekvasilova 3+kk bez RK - Bezrealitky.url
2019-05-07 15:46 - 2019-05-07 15:47 - 000000000 ____D C:\Users\David Záhorský\Desktop\Jak okamžitě zdvojnásobit rychlost SSD - Agem
2019-05-07 15:30 - 2019-05-15 00:27 - 000000000 ____D C:\Users\David Záhorský\Desktop\chernobyl.s01e01.720p.webrip.x264-tbs-cze
2019-05-04 10:19 - 2018-02-21 22:20 - 001739776 _____ C:\WINDOWS\SysWOW64\winselfprotect.dll
2019-05-04 10:18 - 2019-05-04 10:18 - 000000000 ____D C:\WINDOWS\SysWOW64\SysConfServ
2019-05-04 10:18 - 2018-03-19 23:43 - 001713152 _____ C:\WINDOWS\SysWOW64\winhost.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 026810880 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 023441920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 020815360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 019025408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 009683472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 007645632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 006544256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 003657728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-04 10:16 - 2019-05-04 10:16 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002777224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002720256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-04 10:16 - 2019-05-04 10:16 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002469376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-04 10:16 - 2019-05-04 10:16 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002275888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001697960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-04 10:16 - 2019-05-04 10:16 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001469168 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 001044520 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-04 10:16 - 2019-05-04 10:16 - 000806600 _____ C:\WINDOWS\system32\locale.nls
2019-05-04 10:16 - 2019-05-04 10:16 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000757664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2019-05-04 10:16 - 2019-05-04 10:16 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2019-05-04 10:16 - 2019-05-04 10:16 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-05-04 10:16 - 2019-05-04 10:16 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-05-04 10:16 - 2019-05-04 10:16 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-05-04 10:16 - 2019-05-04 10:16 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000090640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-04 10:16 - 2019-05-04 10:16 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-05-04 10:16 - 2019-05-04 10:16 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-05-03 13:23 - 2019-05-03 13:23 - 000000216 _____ C:\Users\David Záhorský\Desktop\Prodej bytu Argentinská 3+kk bez RK - Bezrealitky.url
2019-05-01 14:27 - 2019-05-01 14:27 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-05-01 14:26 - 2019-05-01 14:26 - 000000000 ____D C:\Users\David Záhorský\Desktop\MS Office 2010 Po Plus CZ SP2 Portable
2019-04-25 10:07 - 2019-04-25 10:07 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-04-22 10:48 - 2019-05-14 18:27 - 000000000 ____D C:\Users\David Záhorský\AppData\Roaming\WhatsApp
2019-04-22 10:48 - 2019-04-22 10:48 - 000002355 _____ C:\Users\David Záhorský\Desktop\WhatsApp.lnk
2019-04-22 10:48 - 2019-04-22 10:48 - 000000000 ____D C:\Users\David Záhorský\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2019-04-22 10:48 - 2019-04-22 10:48 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\WhatsApp
2019-04-22 10:48 - 2019-04-22 10:48 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\SquirrelTemp

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-15 14:54 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-15 14:42 - 2018-02-16 19:16 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\Packages
2019-05-15 13:54 - 2018-02-19 17:44 - 000000000 ____D C:\Users\David Záhorský\AppData\LocalLow\Mozilla
2019-05-15 13:53 - 2018-10-04 09:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-15 12:54 - 2018-07-16 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-05-15 12:54 - 2018-05-16 14:08 - 000001383 _____ C:\Users\Public\Desktop\Skype.lnk
2019-05-15 10:50 - 2018-10-04 09:14 - 000000000 ____D C:\Users\David Záhorský
2019-05-15 10:48 - 2018-02-19 16:24 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\ClassicShell
2019-05-15 10:17 - 2018-10-04 09:27 - 001693636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-15 10:17 - 2018-09-15 19:32 - 000716776 _____ C:\WINDOWS\system32\perfh005.dat
2019-05-15 10:17 - 2018-09-15 19:32 - 000144856 _____ C:\WINDOWS\system32\perfc005.dat
2019-05-15 10:17 - 2018-09-15 09:31 - 000000000 ____D C:\WINDOWS\INF
2019-05-15 10:13 - 2018-10-04 09:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-15 10:13 - 2018-09-15 08:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-15 10:08 - 2018-08-14 12:56 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\D3DSCache
2019-05-15 10:07 - 2018-09-15 09:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-15 10:07 - 2018-02-16 20:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-15 10:05 - 2018-02-16 20:07 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-15 02:54 - 2018-10-04 09:18 - 000003658 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1519069390
2019-05-15 02:54 - 2018-10-04 09:18 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-05-15 02:54 - 2018-10-04 09:18 - 000003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 02:54 - 2018-10-04 09:18 - 000003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-15 02:54 - 2018-10-04 09:18 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-05-15 02:54 - 2018-10-04 09:18 - 000002772 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2019-05-15 02:54 - 2018-10-04 09:18 - 000002244 _____ C:\WINDOWS\System32\Tasks\{427AEC9D-7A1C-4B2F-9F84-E45C8F6CA796}
2019-05-15 02:54 - 2018-10-04 09:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-05-15 01:50 - 2018-02-17 12:35 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-15 01:40 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-15 01:37 - 2018-02-19 18:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-05-15 01:37 - 2018-02-19 17:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-15 00:16 - 2018-02-17 12:36 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-15 00:16 - 2018-02-17 12:36 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-14 18:27 - 2019-02-04 01:50 - 000000000 ____D C:\Users\David Záhorský\AppData\Roaming\ViberPC
2019-05-14 14:57 - 2018-02-20 12:03 - 000000000 ____D C:\Users\David Záhorský\AppData\Roaming\vlc
2019-05-13 23:23 - 2018-09-15 09:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-13 23:23 - 2018-09-15 09:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-13 14:17 - 2019-04-08 17:50 - 000000000 ____D C:\Users\David Záhorský\Desktop\Filmy
2019-05-12 16:30 - 2018-02-19 22:40 - 000000000 ____D C:\ProgramData\TEMP
2019-05-12 16:30 - 2018-02-19 18:18 - 000000000 ____D C:\ProgramData\AVAST Software
2019-05-12 16:28 - 2018-02-19 18:20 - 000000000 ____D C:\Users\David Záhorský\AppData\Roaming\AVAST Software
2019-05-10 10:01 - 2018-02-19 18:13 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-08 18:56 - 2018-02-22 11:36 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\ElevatedDiagnostics
2019-05-07 15:47 - 2019-02-06 15:44 - 000000000 ____D C:\Users\David Záhorský\Desktop\Různé
2019-05-06 15:29 - 2018-02-19 22:38 - 000000000 ____D C:\Users\David Záhorský\Desktop\Ostatní
2019-05-04 10:18 - 2019-03-10 20:26 - 000303616 _____ (Alexander Roshal) C:\WINDOWS\SysWOW64\unrar.exe
2019-05-04 10:18 - 2019-03-10 20:26 - 000090624 _____ () C:\WINDOWS\SysWOW64\wget.exe
2019-05-04 10:18 - 2018-10-04 09:13 - 000446072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-04 10:17 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-04 10:17 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-04 10:17 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-02 16:17 - 2018-02-19 18:50 - 000000000 ____D C:\Texty
2019-05-01 14:31 - 2018-08-24 00:55 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\CrashDumps
2019-05-01 14:30 - 2018-12-20 17:56 - 000000000 ____D C:\Users\David Záhorský\Documents\Poznámkové bloky aplikace OneNote
2019-04-30 13:47 - 2018-02-28 12:59 - 000000000 ____D C:\Users\David Záhorský\Documents\Scan
2019-04-28 16:29 - 2018-02-19 22:03 - 000000000 ____D C:\Program Files\CCleaner
2019-04-25 10:08 - 2019-04-12 19:10 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-04-25 10:08 - 2018-10-04 09:18 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-04-25 10:08 - 2018-08-14 11:12 - 000476776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-04-25 10:08 - 2018-08-14 11:12 - 000385848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-04-25 10:07 - 2019-02-13 11:12 - 000257832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-04-25 10:07 - 2019-01-20 18:50 - 000320624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-04-25 10:07 - 2019-01-20 18:50 - 000254128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-04-25 10:07 - 2019-01-20 18:50 - 000196000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-04-25 10:07 - 2019-01-20 18:50 - 000057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-04-25 10:07 - 2019-01-20 18:50 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-04-25 10:07 - 2018-12-01 13:23 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-04-25 10:07 - 2018-09-15 09:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-25 10:07 - 2018-08-14 11:12 - 001031000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-04-25 10:07 - 2018-08-14 11:12 - 000220640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-04-25 10:07 - 2018-08-14 11:12 - 000205400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-04-25 10:07 - 2018-08-14 11:12 - 000166848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-04-25 10:07 - 2018-08-14 11:12 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-04-25 10:07 - 2018-08-14 11:12 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-04-23 16:59 - 2018-02-19 19:11 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-04-23 15:20 - 2018-03-06 18:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-23 10:13 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-22 19:59 - 2018-08-14 11:35 - 000000000 ____D C:\ProgramData\Packages
2019-04-19 18:13 - 2018-02-16 19:32 - 000000000 ____D C:\Users\David Záhorský\AppData\Local\PlaceholderTileLogoFolder
2019-04-17 22:43 - 2019-02-16 11:55 - 002974720 _____ C:\WINDOWS\SysWOW64\SysUpdService.exe

==================== Files in the root of some directories =======

2018-03-06 02:19 - 2018-03-06 02:19 - 000001304 _____ () C:\Users\David Záhorský\AppData\Local\recently-used.xbel
2018-02-21 01:38 - 2018-02-21 01:38 - 000000017 _____ () C:\Users\David Záhorský\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05.2019
Ran by David Záhorský (15-05-2019 14:54:56)
Running from C:\Users\David Záhorský\Desktop
Windows 10 Home Version 1809 17763.475 (X64) (2018-10-04 07:18:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3461955402-3671429942-3536090380-500 - Administrator - Disabled)
David Záhorský (S-1-5-21-3461955402-3671429942-3536090380-1001 - Administrator - Enabled) => C:\Users\David Záhorský
DefaultAccount (S-1-5-21-3461955402-3671429942-3536090380-503 - Limited - Disabled)
Guest (S-1-5-21-3461955402-3671429942-3536090380-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3461955402-3671429942-3536090380-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.4.2374 - AVAST Software)
Belkin Wireless USB Utility (HKLM-x32\...\{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin) Hidden
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.57.1051 - Webteh, d.o.o.)
CGI PKI .NET Component (HKLM-x32\...\CGIPkcs) (Version: 2.0.1.0 - CGI IT Czech Republic s.r.o.)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Click and Relax 1.0 (HKLM-x32\...\ClickandRelax) (Version: - )
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
EVEREST Ultimate Edition v5.30 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.30 - Lavalys, Inc.)
Faktury 3.2.4 (HKLM-x32\...\%Product_Name% 3.2.4 ) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.157 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6373 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Microlife BPA 3.2 English (HKLM-x32\...\{B52161A2-B3BB-429A-9A57-A74CAB6185C7}) (Version: 3.2.5 - Microlife) Hidden
Microlife BPA 3.2 English (HKLM-x32\...\InstallShield_{B52161A2-B3BB-429A-9A57-A74CAB6185C7}) (Version: 3.2.5 - Microlife)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MozBackup 1.4.7 (HKLM-x32\...\MozBackup_is1) (Version: - Pavel Cvrček)
Mozilla Firefox 66.0.5 (x64 cs) (HKLM\...\Mozilla Firefox 66.0.5 (x64 cs)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.2.1 - Mozilla)
Mozilla Thunderbird 60.6.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.6.1 (x86 cs)) (Version: 60.6.1 - Mozilla)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
RarmaRadio 2.71 (HKLM-x32\...\RarmaRadio_is1) (Version: - RaimerSoft)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.46 (30.10.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.06.00.08(07.09.2016) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.27 (21.07.2017) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden
Skype verze 8.45 (HKLM-x32\...\Skype_is1) (Version: 8.45 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Start-Q v1.2 (HKLM-x32\...\{7B6060AF-A09C-402D-89E2-96BCF60F5763}_is1) (Version: - Duriosoft)
Twitch (HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Types (HKLM\...\Types) (Version: 1.9.3 - Evgeny Strunnikov)
UBitMenu CZ (HKLM-x32\...\{655C54AF-6A47-4a7f-962D-EB57418F94FD}_is1) (Version: 01.04 - UBit Schweiz AG)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{A951B9A0-13C0-4A4B-8E04-3CCF05701086}) (Version: 2.47.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Viber (HKLM-x32\...\{452386AD-F9CF-4958-B52C-1521965F1C80}) (Version: 10.0.0.32 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\...\{bf62c583-7dcb-4b98-bc9f-4f9e57349e19}) (Version: 10.0.0.32 - Viber Media Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-4) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Your Uninstaller! 2010 (HKLM-x32\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)
Zobrazit uživatelskou příručku (HKLM-x32\...\View User Guide) (Version: 3.60.47.0 - )

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_1.7.1.0_x64__tf1gferkr813w [2018-02-27] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_4.2.2.0_x86__kgqvnymyfvs32 [2018-02-27] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.106.700.0_x86__kgqvnymyfvs32 [2018-02-27] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_2.7.1.4_x86__h6adky7gbf63m [2018-02-27] (Gameloft.)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-10-04] (Microsoft Corporation)
EarTrumpet -> C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.0.6.0_x86__1sdd7yawvg6ne [2018-09-03] (File-New-Project)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_140.1268.45465.0_x86__8xx8rvfyw5nnt [2018-02-27] (Facebook Inc)
File Viewer Plus -> C:\Program Files\WindowsApps\SharpenedProductions.FileViewerPlus_3.0.3.0_x86__xkt78gamzntbr [2018-11-22] (Sharpened Productions)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_3.0.0.12_x86__h6adky7gbf63m [2018-02-27] (Gameloft.)
Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt [2018-02-27] (Facebook Inc)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe [2018-02-27] (Microsoft Platform Extensions)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe [2018-02-27] (Microsoft Platform Extensions)
Sada pro místní prostředí v češtině -> C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackcs-cz_17134.3.6.0_neutral__8wekyb3d8bbwe [2018-08-14] (Microsoft Corporation)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2018-02-27] (Samsung Electronics Co. Ltd.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.26.95.0_x64__kzf8qxf38zg5c [2018-10-04] (Skype)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\David Záhorský\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\David Záhorský\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\David Záhorský\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64\FileSyncShell64.dll => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxDTCM.dll [2018-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-04-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2017-08-12] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\David Záhorský\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2018-02-19 22:10 - 2010-07-27 23:02 - 000029784 _____ ((: JOBnik! :) [Arthur Aminov, ISRAEL]) [File not signed] C:\Program Files (x86)\RarmaRadio\BASS_FX.dll
2014-09-08 14:32 - 2014-09-08 14:32 - 000050688 _____ () [File not signed] C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrvPS.dll
2018-02-19 22:10 - 2009-12-07 14:05 - 000505771 _____ () [File not signed] C:\Program Files (x86)\RarmaRadio\sqlite3.dll
2014-10-30 09:02 - 2014-10-30 09:02 - 000537088 _____ () [File not signed] C:\Program Files (x86)\Samsung\Easy Document Creator\EDCAddin.dll
2014-10-30 09:02 - 2014-10-30 09:02 - 000626176 _____ () [File not signed] C:\Program Files (x86)\Samsung\Easy Document Creator\EDCOffice.dll
2014-09-08 14:38 - 2014-09-08 14:38 - 000051200 _____ () [File not signed] C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 149155819 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\App.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000875008 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\c++_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000630784 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\CrossPortability_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000053760 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\EGL_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000081408 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\exif_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000989696 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\ffmpeg_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000823296 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\GLESv2_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 006690261 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\JavaScriptCore_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000457728 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\OpenAL_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 061463631 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 001283533 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\pgl_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000038912 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\pthreadVC_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000113664 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\system_malloc_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000838656 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\System_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000009216 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\SystemPosixSpawnClient.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000360960 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\SystemResources_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000014862 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\unwind_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 021502193 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WebCore_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 004764445 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WebKit_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 002054893 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WebKitLegacy_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000090112 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WinMediaFoundation_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000012800 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WinPhoneBridge_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000755712 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
2018-02-27 16:07 - 2018-02-27 16:08 - 000384000 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WP8MSVCBridge.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000147456 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WP8MSVCCommon.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000093184 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\WRTBridge_osmeta.dll
2018-02-27 16:07 - 2018-02-27 16:08 - 000095232 _____ () [File not signed] C:\Program Files\WindowsApps\Facebook.317180B0BB486_139.1300.61849.0_x86__8xx8rvfyw5nnt\z_osmeta.dll
2019-05-04 10:19 - 2018-02-21 22:20 - 001739776 _____ () [File not signed] C:\WINDOWS\SysWOW64\winselfprotect.dll
2018-09-03 21:02 - 2018-09-03 21:02 - 000925184 _____ (File-New-Project) [File not signed] C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.0.6.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
2017-08-12 11:23 - 2017-08-12 11:23 - 000885696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2017-08-12 11:23 - 2017-08-12 11:23 - 000163776 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
2017-08-12 11:23 - 2017-08-12 11:23 - 003664320 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-02-19 22:10 - 2008-04-17 13:17 - 000150904 _____ (MaresWEB) [File not signed] C:\Program Files (x86)\RarmaRadio\bass_aac.dll
2018-07-16 12:34 - 2019-05-09 21:45 - 015257088 _____ (Node.js) [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\node.dll
2018-02-19 22:10 - 2016-10-29 09:55 - 010063360 _____ (Raimersoft) [File not signed] C:\Program Files (x86)\RarmaRadio\RarmaRadio.exe
2016-09-07 07:52 - 2016-09-07 07:52 - 000111616 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Easy Printer Manager\CustomTimer.dll
2016-07-26 12:57 - 2016-07-26 12:57 - 000123904 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll
2018-02-19 22:10 - 2009-06-03 22:42 - 000312320 _____ (Stefan Toengi) [File not signed] C:\Program Files (x86)\RarmaRadio\AudioGenie2.DLL
2018-02-19 22:10 - 2014-12-22 09:54 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\RarmaRadio\BASS.dll
2018-02-19 22:10 - 2008-06-25 14:53 - 000016960 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\RarmaRadio\BASSCD.dll
2018-02-19 22:10 - 2008-03-31 19:35 - 000010808 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\RarmaRadio\BASSENC.dll
2018-02-19 22:10 - 2009-12-09 14:40 - 000025152 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\RarmaRadio\BASSFLAC.dll
2018-02-19 22:10 - 2016-01-20 09:11 - 000006880 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\RarmaRadio\basshls.dll
2018-02-19 22:10 - 2010-09-17 14:28 - 000017472 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\RarmaRadio\BASSWMA.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [176]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2019-01-04 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{66A22FDF-5A45-4834-BE5D-DE757516B0BF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C0EDEC8A-C00E-4032-8DB1-0C9BDCE9E39C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{54D484A6-44AE-43DA-892D-36704F334425}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{C5584DCD-D64F-4806-B07D-D4A5FF2FA6E2}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{AD7DA5CF-F043-4099-AB66-3E7D51A99F70}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [{19B839F3-4CB3-4171-B388-8BE61DD881ED}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [{D67C86D5-9836-4FE2-AC1C-06B16DA2995B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [{5F162970-E85E-4533-BF71-3FD7A91E08BB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [{20463817-9C1B-4D9D-9E65-5970673FC626}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [{E06EC4A7-89D1-4931-B02F-03438C24BF2A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe (ScanProcess) [File not signed]
FirewallRules: [{F3C0CF58-DA0C-486D-B3AC-AA16E694752A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe (Scan2PCNotify) [File not signed]
FirewallRules: [{E517A9DC-3B2F-4B6E-8C7F-E0E3265D30EF}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{200280B9-240C-41AF-A56A-3FAE3C1EE8B7}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{E1635CEA-C8F7-4ABA-9163-96F8335CAC50}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{8FBA77AC-04A5-491A-9FFE-7AB7C8AE0F97}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{462CA5BD-729E-43B6-AF08-24F74B38DA4A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2D5F642D-9235-476B-A5D7-754C6F1C8E2A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{2C10B85A-39E8-4DFD-A94C-75E846223977}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [UDP Query User{830D898F-5906-46BA-A43C-A45B675C52E5}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe (Samsung Electronics Co., Ltd.) [File not signed]
FirewallRules: [TCP Query User{1142B367-8952-4D80-853E-C9428A71109B}C:\users\david záhorský\desktop\trustviewer.exe] => (Allow) C:\users\david záhorský\desktop\trustviewer.exe No File
FirewallRules: [UDP Query User{9198D0B0-8969-4CB5-BF2E-76B7787D50FF}C:\users\david záhorský\desktop\trustviewer.exe] => (Allow) C:\users\david záhorský\desktop\trustviewer.exe No File
FirewallRules: [{1D00FFA0-8207-4747-8576-47F4CB4CC69F}] => (Allow) C:\WINDOWS\SysWOW64\SysUpdService.exe () [File not signed]
FirewallRules: [{45A6032E-B6C7-4828-B0CD-D42649A7E4AC}] => (Allow) C:\WINDOWS\SysWOW64\SysUpdService.exe () [File not signed]
FirewallRules: [TCP Query User{A08EFC70-08D3-442D-9358-2E4B2B500415}C:\users\david záhorský\desktop\ms office 2010 po plus cz sp2 portable\ms office 2010 po plus cz sp2 portable\kmservice.exe] => (Allow) C:\users\david záhorský\desktop\ms office 2010 po plus cz sp2 portable\ms office 2010 po plus cz sp2 portable\kmservice.exe () [File not signed]
FirewallRules: [UDP Query User{B3FDA82B-8A69-4D6F-95C8-FB082D22FEEA}C:\users\david záhorský\desktop\ms office 2010 po plus cz sp2 portable\ms office 2010 po plus cz sp2 portable\kmservice.exe] => (Allow) C:\users\david záhorský\desktop\ms office 2010 po plus cz sp2 portable\ms office 2010 po plus cz sp2 portable\kmservice.exe () [File not signed]
FirewallRules: [{1DBA22BC-6C2D-41C5-A55E-28118A758974}] => (Block) C:\users\david záhorský\desktop\ms office 2010 po plus cz sp2 portable\ms office 2010 po plus cz sp2 portable\kmservice.exe () [File not signed]
FirewallRules: [{E4493B66-AE03-435E-BA97-D4C472DC9AFE}] => (Block) C:\users\david záhorský\desktop\ms office 2010 po plus cz sp2 portable\ms office 2010 po plus cz sp2 portable\kmservice.exe () [File not signed]
FirewallRules: [{F408BC82-8643-4C84-96D5-8C2C5F450863}] => (Allow) C:\WINDOWS\SysWOW64\wget.exe () [File not signed]
FirewallRules: [{A62A6A5F-76C5-443A-BD6F-09D17C517F76}] => (Allow) C:\WINDOWS\SysWOW64\SysConfServ\nheqminer.exe () [File not signed]
FirewallRules: [{11283F2C-8B42-4899-8C6F-6266B0510A2E}] => (Allow) C:\WINDOWS\SysWOW64\SysConfServ\nheqminer.exe () [File not signed]
FirewallRules: [{0AC90343-4055-48A9-9AC7-9288EE03F399}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{B0863942-FABC-4962-B5E5-06FBEBA1ABEA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC176ED0-0472-46D7-992E-E1A6A5C57BEE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

28-04-2019 16:29:33 Before uninstalling CCleaner
04-05-2019 10:14:29 Windows Update
11-05-2019 11:15:35 Naplánovaný kontrolní bod
12-05-2019 16:30:06 Before uninstalling Avast Cleanup Premium

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2019 10:13:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.17763.1, časové razítko: 0xb900eeff
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007ff9419a0358
ID chybujícího procesu: 0xb9c
Čas spuštění chybující aplikace: 0x01d50af556a50e7f
Cesta k chybující aplikaci: C:\WINDOWS\System32\svchost.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 0505dfe2-7168-41e1-a53b-6bcf60a543f2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/15/2019 10:07:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.17763.1, časové razítko: 0xb900eeff
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007ff830680358
ID chybujícího procesu: 0xd70
Čas spuštění chybující aplikace: 0x01d50aae0beacd71
Cesta k chybující aplikaci: C:\WINDOWS\System32\svchost.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 66e7e8ba-58b8-4c28-a0cd-1b3db143c817
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/15/2019 01:37:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.17763.1, časové razítko: 0xb900eeff
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007ffeedd80358
ID chybujícího procesu: 0xd7c
Čas spuštění chybující aplikace: 0x01d504da8c1b9201
Cesta k chybující aplikaci: C:\WINDOWS\System32\svchost.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: adb3cced-f1c1-485a-8412-c3974c531b60
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/15/2019 12:41:18 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu (unknown) na SECURITY_PRODUCT_STATE_ON došlo k chybě.

Error: (05/15/2019 12:41:18 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu (unknown) na SECURITY_PRODUCT_STATE_ON došlo k chybě.

Error: (05/15/2019 12:41:18 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (05/07/2019 01:05:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Notes.exe verze 3.1.46.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 7464

Čas spuštění: 01d504c3926ccbca

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe

ID hlášení: 0fd28150-f6b2-418f-8631-cf28d956520d

Úplný název balíčku s chybou: Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (05/02/2019 10:24:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program WinStore.App.exe verze 11805.1001.49.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 1b54

Čas spuštění: 01d500c02bc0ffc9

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.49.0_x64__8wekyb3d8bbwe\WinStore.App.exe

ID hlášení: de204c4a-ccb2-4392-8ff3-36109c795971

Úplný název balíčku s chybou: Microsoft.WindowsStore_11805.1001.49.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Activation


System errors:
=============
Error: (05/15/2019 02:43:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 02:42:25 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 02:34:13 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 02:29:20 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 01:54:37 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 01:54:37 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 01:54:37 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/15/2019 01:54:32 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BQRE00U)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-BQRE00U\David Záhorský (SID: S-1-5-21-3461955402-3671429942-3536090380-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-05-01 18:09:04.934
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {1329E3B6-A64D-4DFC-B349-036B007DA62D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-04-18 15:52:15.634
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {A8082EFD-E72B-441B-A3EF-AD418A210E43}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-04-11 14:17:00.375
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {985E43A3-343D-4EC1-8402-02246430D3C2}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-04-02 00:11:46.598
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {69C88165-7B67-451B-BA80-437C5EEC8C4A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-04-01 20:00:51.801
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {56084660-4730-4BE1-840F-9076174F88E7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2019-05-15 10:13:36.173
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\winselfprotect.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-15 10:08:14.944
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-15 10:08:14.941
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-15 10:08:14.933
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-15 10:08:14.930
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-15 10:08:11.842
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\winselfprotect.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-15 01:51:03.465
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\winselfprotect.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-15 01:37:56.550
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0809 07/07/2017
Motherboard: ASUSTeK COMPUTER INC. PRIME B250M-K
Processor: Intel(R) Pentium(R) CPU G4560 @ 3.50GHz
Percentage of memory in use: 53%
Total physical RAM: 8060.12 MB
Available physical RAM: 3769.8 MB
Total Virtual: 9404.12 MB
Available Virtual: 3914.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.5 GB) (Free:134.36 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:849.04 GB) NTFS
Drive f: (ADATA UFD) (Removable) (Total:28.91 GB) (Free:23.16 GB) NTFS

\\?\Volume{af8b88ff-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{af8b88ff-0000-0000-0000-30023a000000}\ () (Fixed) (Total:0.85 GB) (Free:0.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: AF8B88FF)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=870 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: AF8B88E9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=28.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Těžba Bitcoinu

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-3461955402-3671429942-3536090380-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-3461955402-3671429942-3536090380-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-3461955402-3671429942-3536090380-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
HKLM\SYSTEM\CurrentControlSet\Services\45825AA2558EDB94 <==== ATTENTION (Rootkit!)
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\{427AEC9D-7A1C-4B2F-9F84-E45C8F6CA796}
CustomCLSID: HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\David Záhorský\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\David Záhorský\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\David Záhorský\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [176]
FirewallRules: [TCP Query User{1142B367-8952-4D80-853E-C9428A71109B}C:\users\david záhorský\desktop\trustviewer.exe] => (Allow) C:\users\david záhorský\desktop\trustviewer.exe No File
FirewallRules: [UDP Query User{9198D0B0-8969-4CB5-BF2E-76B7787D50FF}C:\users\david záhorský\desktop\trustviewer.exe] => (Allow) C:\users\david záhorský\desktop\trustviewer.exe No File

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

filip.z
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 27 pro 2005 00:29

Re: Těžba Bitcoinu

#7 Příspěvek od filip.z »

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-05.2019
Ran by David Záhorský (15-05-2019 16:05:19) Run:1
Running from C:\Users\David Záhorský\Desktop
Loaded Profiles: David Záhorský (Available Profiles: David Záhorský)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-3461955402-3671429942-3536090380-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-3461955402-3671429942-3536090380-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-3461955402-3671429942-3536090380-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
HKLM\SYSTEM\CurrentControlSet\Services\45825AA2558EDB94 <==== ATTENTION (Rootkit!)
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\{427AEC9D-7A1C-4B2F-9F84-E45C8F6CA796}
CustomCLSID: HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\David Z�horsk�\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\David Z�horsk�\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\David Z�horsk�\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [176]
FirewallRules: [TCP Query User{1142B367-8952-4D80-853E-C9428A71109B}C:\users\david z�horsk�\desktop\trustviewer.exe] => (Allow) C:\users\david z�horsk�\desktop\trustviewer.exe No File
FirewallRules: [UDP Query User{9198D0B0-8969-4CB5-BF2E-76B7787D50FF}C:\users\david z�horsk�\desktop\trustviewer.exe] => (Allow) C:\users\david z�horsk�\desktop\trustviewer.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf => removed successfully
HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf => removed successfully
HKU\.DEFAULT\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf => removed successfully
"C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll" => not found
HKU\.DEFAULT\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf => removed successfully
"C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll" => not found
HKU\.DEFAULT\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf => removed successfully
"C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll" => not found
HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf => removed successfully
"C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll" => not found
HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf => removed successfully
"C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll" => not found
HKU\S-1-5-21-3461955402-3671429942-3536090380-1001\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf => removed successfully
"C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll" => not found
HKLM\SYSTEM\CurrentControlSet\Services\45825AA2558EDB94 <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\System32\Tasks\{427AEC9D-7A1C-4B2F-9F84-E45C8F6CA796} => moved successfully
HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-3461955402-3671429942-3536090380-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1142B367-8952-4D80-853E-C9428A71109B}C:\users\david z�horsk�\desktop\trustviewer.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9198D0B0-8969-4CB5-BF2E-76B7787D50FF}C:\users\david z�horsk�\desktop\trustviewer.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25959701 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 4164538 B
Edge => 7073274 B
Chrome => 449689323 B
Firefox => 247702134 B
Opera => 158722 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4512 B
LocalService => 0 B
NetworkService => 37988 B
NetworkService => 0 B
David Záhorský => 76315784 B

RecycleBin => 1154323 B
EmptyTemp: => 784.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:07:06 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Těžba Bitcoinu

#8 Příspěvek od Rudy »

OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

filip.z
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 27 pro 2005 00:29

Re: Těžba Bitcoinu

#9 Příspěvek od filip.z »

Vytížení paměti je již v pořádku. Avastu se ale stále nelíbí nheqminer.exe na disku C:\Windows\SysWOW64\SysConfServ\nheqminer.exe.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Těžba Bitcoinu

#10 Příspěvek od Rudy »

FRST ho neukázal. Udělejte ještě sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Utilitu stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde. Nakonec restartujte PC.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

filip.z
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 27
Registrován: 27 pro 2005 00:29

Re: Těžba Bitcoinu

#11 Příspěvek od filip.z »

Tak smazáno :) Děkuji Rudy za Váš čas :thumbsup: PC je OK.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Těžba Bitcoinu

#12 Příspěvek od Rudy »

To jsem rád. Nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno