Spomalene PC. Poprosim o kontrolu FRST.

[brunkowski]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-01-2020
Ran by brunkowski (administrator) on DESKTOP-3QKQD4S (Dell Inc. Inspiron 11 - 3147) (26-01-2020 11:43:20)
Running from C:\Users\brunkowski\Desktop
Loaded Profiles: brunkowski (Available Profiles: brunkowski)
Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(bookingDesktopApp.) [File not signed] C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Western Digital Techologies -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [WDDriveAgent] => C:\Program Files (x86)\Western Digital\WD Drive Agent\WDDriveAgent.exe [2379096 2018-03-26] (Western Digital Techologies -> Western Digital Technologies, Inc.)
HKU\S-1-5-21-2809947898-3707831389-441220471-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-2809947898-3707831389-441220471-1001\...\Run: [MiPhoneManager] => C:\Users\brunkowski\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [157624 2016-03-11] (Xiaomi Technology Inc -> )
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-19] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14936660-F235-4FAC-9A96-E1AFFFE50E73} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {18F80753-0B3E-4AD9-A8CF-923175F1BC81} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {3CC76DE9-7299-4E32-BCAA-963574B67974} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {3F2D9D8C-1A16-4365-9EDB-726C37778464} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4396AA49-E615-43D8-9749-E1AF4047F4B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4D2FD196-1324-485E-9C56-FC90353EA92B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {55193ED3-5782-4EEF-8359-0ADF94F3234F} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {563F875D-FFC3-4E70-8951-0733DAAE3DD4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_pepper.exe [1449472 2018-08-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {57690D8C-8AB0-41A9-BFAB-2C0E7BD89E4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-20] (Google Inc -> Google Inc.)
Task: {6589400F-ED3D-48CF-8B0D-37C7A75CCC62} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {810951DA-A642-4823-8C8D-4BBCA67817B4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {88D41F58-B93D-41B5-9B71-6CADBB06388E} - System32\Tasks\WD Discovery Service Task brunkowski => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [67048 2019-02-05] (Western Digital Technologies, Inc. -> )
Task: {96E872FC-25B4-4197-B82E-ACF7DECCFBC5} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {C0B7C729-BD71-4952-B57E-4154AB84976D} - System32\Tasks\Opera scheduled Autoupdate 1493409860 => C:\Program Files\Opera\launcher.exe [1528344 2019-12-19] (Opera Software AS -> Opera Software)
Task: {D541E0DE-9184-47F2-9B7D-2D16D3574D9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-20] (Google Inc -> Google Inc.)
Task: {E41E5E2C-4AB2-4E30-88C8-C9B6263B809B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3403ee2b-6b47-498a-a1e8-d3360adae0f1}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{449df088-69d8-49f3-8e59-908d3a5ce723}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6c5b98a1-d3be-434f-b562-2ce1e91028ea}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{7e2fd5c4-cb13-4c6e-875b-e2f0223549b8}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{c5f83ec7-8a49-468f-899f-532285a8a24d}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://at.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_17_04&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0AyE0FtAtBzy0FtA0D0AyD0FzytC0CtN0D0Tzu0StCzzyDtBtN1L2XzutAtFtByCtFtBtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzztCtC0B0E0C0BtGtAyEzytBtG0BzztAyDtGyC0C0AyDtG0FzzyCzyyEyC0AyEzztBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzy0ByCzzyC0AtBtGtD0Azz0BtGyEyC0CtDtGzytDtBtAtG0E0CyEzyyD0D0E0A0DyE0AtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBzzyB%26cr%3D10677582%26a%3Dwcg_fremkfs_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2809947898-3707831389-441220471-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://at.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_17_04&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0AyE0FtAtBzy0FtA0D0AyD0FzytC0CtN0D0Tzu0StCzzyDtBtN1L2XzutAtFtByCtFtBtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzztCtC0B0E0C0BtGtAyEzytBtG0BzztAyDtGyC0C0AyDtG0FzzyCzyyEyC0AyEzztBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzy0ByCzzyC0AtBtGtD0Azz0BtGyEyC0CtDtGzytDtBtAtG0E0CyEzyyD0D0E0A0DyE0AtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBzzyB%26cr%3D10677582%26a%3Dwcg_fremkfs_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_17_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0AyE0FtAtBzy0FtA0D0AyD0FzytC0CtN0D0Tzu0StCzzyDtBtN1L2XzutAtFtByCtFtBtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzztCtC0B0E0C0BtGtAyEzytBtG0BzztAyDtGyC0C0AyDtG0FzzyCzyyEyC0AyEzztBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzy0ByCzzyC0AtBtGtD0Azz0BtGyEyC0CtDtGzytDtBtAtG0E0CyEzyyD0D0E0A0DyE0AtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBzzyB%26cr%3D10677582%26a%3Dwcg_fremkfs_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_17_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0AyE0FtAtBzy0FtA0D0AyD0FzytC0CtN0D0Tzu0StCzzyDtBtN1L2XzutAtFtByCtFtBtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzztCtC0B0E0C0BtGtAyEzytBtG0BzztAyDtGyC0C0AyDtG0FzzyCzyyEyC0AyEzztBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzy0ByCzzyC0AtBtGtD0Azz0BtGyEyC0CtDtGzytDtBtAtG0E0CyEzyyD0D0E0A0DyE0AtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBzzyB%26cr%3D10677582%26a%3Dwcg_fremkfs_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_17_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0AyE0FtAtBzy0FtA0D0AyD0FzytC0CtN0D0Tzu0StCzzyDtBtN1L2XzutAtFtByCtFtBtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzztCtC0B0E0C0BtGtAyEzytBtG0BzztAyDtGyC0C0AyDtG0FzzyCzyyEyC0AyEzztBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzy0ByCzzyC0AtBtGtD0Azz0BtGyEyC0CtDtGzytDtBtAtG0E0CyEzyyD0D0E0A0DyE0AtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBzzyB%26cr%3D10677582%26a%3Dwcg_fremkfs_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_17_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0AyE0FtAtBzy0FtA0D0AyD0FzytC0CtN0D0Tzu0StCzzyDtBtN1L2XzutAtFtByCtFtBtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzztCtC0B0E0C0BtGtAyEzytBtG0BzztAyDtGyC0C0AyDtG0FzzyCzyyEyC0AyEzztBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzy0ByCzzyC0AtBtGtD0Azz0BtGyEyC0CtDtGzytDtBtAtG0E0CyEzyyD0D0E0A0DyE0AtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBzzyB%26cr%3D10677582%26a%3Dwcg_fremkfs_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2809947898-3707831389-441220471-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_17_04&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutC0AyE0FtAtBzy0FtA0D0AyD0FzytC0CtN0D0Tzu0StCzzyDtBtN1L2XzutAtFtByCtFtBtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzztCtC0B0E0C0BtGtAyEzytBtG0BzztAyDtGyC0C0AyDtG0FzzyCzyyEyC0AyEzztBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzy0ByCzzyC0AtBtGtD0Azz0BtGyEyC0CtDtGzytDtBtAtG0E0CyEzyyD0D0E0A0DyE0AtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBzzyB%26cr%3D10677582%26a%3Dwcg_fremkfs_17_04%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: No Name -> {4F76702D-3AAF-4BDD-B096-926E9434CBAE}' -> No File

FireFox:
========
FF DefaultProfile: 63q2hn96.default
FF ProfilePath: C:\Users\brunkowski\AppData\Roaming\Mozilla\Firefox\Profiles\63q2hn96.default [2020-01-26]
FF Extension: (Ant Video downloader) - C:\Users\brunkowski\AppData\Roaming\Mozilla\Firefox\Profiles\63q2hn96.default\Extensions\anttoolbar@ant.com.xpi [2017-12-03]
FF Extension: (uBlock Origin) - C:\Users\brunkowski\AppData\Roaming\Mozilla\Firefox\Profiles\63q2hn96.default\Extensions\uBlock0@raymondhill.net.xpi [2017-12-03]
FF Extension: (Avast Online Security) - C:\Users\brunkowski\AppData\Roaming\Mozilla\Firefox\Profiles\63q2hn96.default\Extensions\wrc@avast.com.xpi [2018-08-29]
FF Extension: (DownThemAll!) - C:\Users\brunkowski\AppData\Roaming\Mozilla\Firefox\Profiles\63q2hn96.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2017-02-04] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox => not found
FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=3 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [2019-12-31] (bookingDesktopApp.) [File not signed]
FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=9 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [2019-12-31] (bookingDesktopApp.) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-16] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default [2019-11-29]
CHR Notifications: Default -> hxxps://fastshare.cz; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.google.sk/
CHR StartupUrls: Default -> "hxxp://google.sk/"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (Prezentácie) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-25]
CHR Extension: (Dokumenty) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25]
CHR Extension: (Disk Google) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-20]
CHR Extension: (YouTube) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-20]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-09-27]
CHR Extension: (ABA English - Online English Course) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpnkfkmdhgomemhogjdianppfjkaddcc [2017-01-20]
CHR Extension: (Adobe Acrobat) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-24]
CHR Extension: (Video Downloader professional) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2019-09-27]
CHR Extension: (Tabuľky) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-25]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-09-27]
CHR Extension: (Avast Online Security) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-09-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Adblock Pro) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2017-01-20]
CHR Extension: (Gmail) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\brunkowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-27]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKU\S-1-5-21-2809947898-3707831389-441220471-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]

Opera:
=======
OPR Extension: (SaveFrom.net helper) - C:\Users\brunkowski\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2020-01-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-20] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [417536 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
S2 bookingdesktopapp; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2019-12-31] (bookingDesktopApp.) [File not signed]
S3 bookingdesktopappm; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2019-12-31] (bookingDesktopApp.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel(R) pGFX -> Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [524632 2018-03-26] (Western Digital Techologies -> Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552848 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2019-03-19] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [601616 2016-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [22168 2012-07-13] (STMicroelectronics -> ST Microelectronics)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [83968 2013-11-21] (Microsoft Windows Hardware Compatibility Publisher -> STMicroelectronics)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation - Client Components Group -> Intel Corporation)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel(R) Software -> Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-14] (Microsoft Windows -> Microsoft Corporation)
R1 wdfsconnect2017; C:\WINDOWS\system32\drivers\wdfsconnect2017.sys [468112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-14] (Microsoft Windows -> Microsoft Corporation)
R3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-26 11:43 - 2020-01-26 11:47 - 000025597 _____ C:\Users\brunkowski\Desktop\FRST.txt
2020-01-26 11:41 - 2020-01-26 11:41 - 002581504 _____ (Farbar) C:\Users\brunkowski\Desktop\FRST64.exe
2020-01-26 01:23 - 2019-10-04 18:49 - 000355720 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-01-25 21:16 - 2020-01-26 11:46 - 000000000 ____D C:\FRST
2020-01-24 21:47 - 2020-01-24 22:05 - 1973158406 _____ C:\Users\brunkowski\Downloads\MissaX - Elena Koshka 1080p.mp4
2020-01-24 21:44 - 2020-01-24 21:55 - 518665840 _____ C:\Users\brunkowski\Downloads\MissaX.17.06.23.Natalia.Starr.Solicitation.XXX.SD.MP4-KLEENEX.mp4
2020-01-24 21:38 - 2020-01-24 21:45 - 1295473211 _____ C:\Users\brunkowski\Downloads\FuckStudies - Olivia Westsun 720p.mp4
2020-01-24 21:36 - 2020-01-24 21:53 - 731238022 _____ C:\Users\brunkowski\Downloads\Ava Haze.mp4
2020-01-24 19:06 - 2020-01-24 19:17 - 1353570568 _____ C:\Users\brunkowski\Downloads\Quien a hierro mata (2019) CZ titulky NOVINKA.avi
2020-01-24 18:58 - 2020-01-24 19:15 - 1830924536 _____ C:\Users\brunkowski\Downloads\Přes prsty (2019).avi
2020-01-19 20:42 - 2020-01-19 20:52 - 1426919267 _____ C:\Users\brunkowski\Downloads\Dronningen (2019) 1080p SK.TITULKY.mkv
2020-01-19 20:37 - 2020-01-19 20:58 - 2074554307 _____ C:\Users\brunkowski\Downloads\Anna (2019) CZdabing + forced ,BluRay,1080p,.mkv
2020-01-12 22:34 - 2020-01-12 22:39 - 658003062 _____ C:\Users\brunkowski\Downloads\bu_elena_koshka_cl112917_720p_2600_Self-Love.mp4
2020-01-12 22:33 - 2020-01-12 22:51 - 1157591663 _____ C:\Users\brunkowski\Downloads\MofosBSides - Elena Koshka 1080p.mp4
2020-01-12 22:33 - 2020-01-12 22:43 - 874688134 _____ C:\Users\brunkowski\Downloads\Elena Koshka, Paige Owens, Lily LaBeau, Khloe Kapri.mp4
2020-01-12 22:19 - 2020-01-12 22:26 - 333268248 _____ C:\Users\brunkowski\Downloads\BlackedRaw - Elena Koshka - Last Night In LA.mp4
2020-01-12 22:19 - 2020-01-12 22:24 - 733731313 _____ C:\Users\brunkowski\Downloads\Vixen - Elena Koshka 480p.mp4
2020-01-12 21:57 - 2020-01-12 22:17 - 1474373315 _____ C:\Users\brunkowski\Downloads\40 432__XXX__[NaughtyAmerica] Elena Koshka - Diary of a Nanny (14.04.2018)_Part__03.mp4
2020-01-12 21:56 - 2020-01-12 22:11 - 604576219 _____ C:\Users\brunkowski\Downloads\Elena Koshka (Tonight's Girlfriend).mp4
2020-01-12 21:39 - 2020-01-12 21:55 - 1996163379 _____ C:\Users\brunkowski\Downloads\PureTaboo - Sarah Vandella & Elena Koshka 1080vp
2020-01-12 11:15 - 2020-01-19 23:06 - 000000000 ____D C:\Users\brunkowski\Downloads\Ulozto
2020-01-05 21:55 - 2020-01-05 22:13 - 1763431180 _____ C:\Users\brunkowski\Downloads\ODVÁŽNÁ VAIANA Legenga o konci sv_ta 2016 480p BDRip DD5.1 SK dabing.avi
2020-01-05 19:14 - 2020-01-05 19:25 - 1453412884 _____ C:\Users\brunkowski\Downloads\Ten, kdo tě miloval (2018) cz.film.avi
2020-01-04 20:59 - 2020-01-04 21:05 - 648382116 _____ C:\Users\brunkowski\Downloads\Sorjonen S01E03 CZtit V OBRAZE.avi
2020-01-04 20:19 - 2020-01-26 11:31 - 000000000 ____D C:\Users\brunkowski\AppData\Local\Spotify
2020-01-04 20:19 - 2020-01-04 20:19 - 000001877 _____ C:\Users\brunkowski\Desktop\Spotify.lnk
2020-01-04 20:19 - 2020-01-04 20:19 - 000001863 _____ C:\Users\brunkowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2020-01-04 20:18 - 2020-01-26 11:30 - 000000000 ____D C:\Users\brunkowski\AppData\Roaming\Spotify
2019-12-31 21:54 - 2019-12-31 21:54 - 000003200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.lnk
2019-12-31 21:52 - 2019-12-31 21:54 - 000000000 ____D C:\Program Files (x86)\Booking
2019-12-31 21:50 - 2019-12-31 21:50 - 000000000 ____D C:\WINDOWS\SysWOW64\nllc
2019-12-27 08:24 - 2019-12-27 08:24 - 000139412 _____ C:\Users\brunkowski\Downloads\spusu_kuendigungsschreiben.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-26 11:43 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-26 11:37 - 2017-04-28 21:02 - 000000000 ____D C:\Program Files\Opera
2020-01-26 11:34 - 2019-11-09 12:21 - 000001152 _____ C:\Users\brunkowski\Desktop\Prohlížeč Opera.lnk
2020-01-26 11:34 - 2019-09-28 22:08 - 001606106 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-26 11:34 - 2019-03-19 12:55 - 000673444 _____ C:\WINDOWS\system32\perfh005.dat
2020-01-26 11:34 - 2019-03-19 12:55 - 000137332 _____ C:\WINDOWS\system32\perfc005.dat
2020-01-26 11:34 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-26 11:31 - 2018-08-29 18:29 - 000000000 ____D C:\Users\brunkowski\AppData\Local\AVAST Software
2020-01-26 11:30 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-01-26 11:29 - 2017-01-20 14:37 - 000000000 __SHD C:\Users\brunkowski\IntelGraphicsProfiles
2020-01-26 11:15 - 2019-09-28 22:33 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-26 11:15 - 2019-09-28 22:33 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-01-26 11:10 - 2019-09-28 22:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-26 11:09 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-26 11:07 - 2019-09-28 21:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-26 06:56 - 2019-09-28 21:55 - 000000000 ____D C:\Users\brunkowski
2020-01-26 01:24 - 2019-09-18 19:12 - 000002090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premium Security.lnk
2020-01-26 01:24 - 2019-09-18 19:12 - 000002078 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2020-01-26 01:23 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-01-26 01:08 - 2019-09-28 22:00 - 000000000 ____D C:\WINDOWS\system32\sk
2020-01-26 01:08 - 2019-03-19 12:58 - 000000000 ____D C:\Program Files\Windows Portable Devices
2020-01-26 01:08 - 2019-03-19 12:58 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-01-26 01:08 - 2019-03-19 12:58 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2020-01-26 01:08 - 2019-03-19 12:58 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2020-01-26 01:08 - 2019-03-19 12:58 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-01-26 01:08 - 2019-03-19 12:58 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2020-01-26 01:08 - 2019-03-19 12:56 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2020-01-26 01:08 - 2019-03-19 12:55 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2020-01-26 01:08 - 2019-03-19 12:55 - 000000000 ____D C:\WINDOWS\system32\cs
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\dsc
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\TextInput
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\downlevel
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\DDFs
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\IME
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-01-26 01:08 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\System
2020-01-26 01:08 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\servicing
2020-01-26 01:03 - 2019-10-06 20:28 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2020-01-26 01:03 - 2019-09-16 19:59 - 000000000 ____D C:\Users\brunkowski\AppData\Roaming\doublecmd
2020-01-26 01:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Containers
2020-01-26 00:22 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-26 00:07 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\registration
2020-01-24 20:34 - 2017-01-20 20:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-24 20:26 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-24 19:17 - 2017-04-30 08:01 - 000000000 ____D C:\Program Files (x86)\FastShare
2020-01-24 19:03 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-19 19:03 - 2017-01-20 18:51 - 000002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-19 19:03 - 2017-01-20 18:51 - 000002274 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-12 22:01 - 2019-09-28 22:34 - 000003306 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1493409860
2020-01-12 22:01 - 2019-09-28 22:33 - 000003386 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-01-12 22:01 - 2019-09-28 22:33 - 000003162 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-01-12 22:01 - 2019-09-28 22:33 - 000002218 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-01-12 22:01 - 2019-09-28 22:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2019-12-31 21:54 - 2019-11-23 19:31 - 000000000 ____D C:\Program Files (x86)\bookingDesktopApp
2019-12-31 21:51 - 2018-10-20 12:29 - 000001020 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
2019-12-27 12:02 - 2019-12-23 20:21 - 000000000 ____D C:\Users\brunkowski\Downloads\xXiaomi

==================== Files in the root of some directories ========

2017-01-27 14:07 - 2017-06-02 17:25 - 000000201 _____ () C:\Users\brunkowski\AppData\Roaming\WB.CFG
2018-09-05 19:55 - 2018-09-05 19:55 - 000000017 _____ () C:\Users\brunkowski\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[brunkowski]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2020
Ran by brunkowski (26-01-2020 11:56:35)
Running from C:\Users\brunkowski\Desktop
Windows 10 Home Version 1903 18362.535 (X64) (2019-09-28 21:36:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2809947898-3707831389-441220471-500 - Administrator - Disabled)
brunkowski (S-1-5-21-2809947898-3707831389-441220471-1001 - Administrator - Enabled) => C:\Users\brunkowski
DefaultAccount (S-1-5-21-2809947898-3707831389-441220471-503 - Limited - Disabled)
Guest (S-1-5-21-2809947898-3707831389-441220471-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2809947898-3707831389-441220471-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 19.021.20049 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
AndroidPCDrivers(Qisda-F5) (HKLM-x32\...\{3601BE7F-C30C-400A-96D8-7872EB56C599}) (Version: 1.0.0 - )
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Double Commander 0.9.6 beta (HKLM\...\Double Commander_is1) (Version: - )
FastShare.cz verze 2.3.1 (HKLM-x32\...\FastShare.cz_is1) (Version: 2.3.1 - )
Free Video Cutter Joiner 10.4 (HKLM-x32\...\{8C5A4758-C782-4200-B337-DB3466D33ADD}}_is1) (Version: 10.4 - DVDVideoMedia, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
LibreCAD (HKLM-x32\...\LibreCAD) (Version: 2.1.3 - LibreCAD Team)
Mi PC Suite (HKU\S-1-5-21-2809947898-3707831389-441220471-1001\...\MiPhoneManager) (Version: - Xiaomi Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2809947898-3707831389-441220471-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{4cadd82e-f9f2-4f69-bcfd-a0b929d8e6e2}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{8a225685-3b19-4387-b61b-830061421071}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 sk) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 sk)) (Version: 51.0.1 - Mozilla)
Mozilla Firefox 60.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 60.0.2 (x64 cs)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
OpenOffice 4.1.5 (HKLM-x32\...\{E177AC33-EC9C-4537-8996-37ED331D9227}) (Version: 4.15.9789 - Apache Software Foundation)
OpenOffice 4.1.5 Language Pack (Slovak) (HKLM-x32\...\{9B3D1B02-A24E-4510-9529-456CBCD2784A}) (Version: 4.15.9789 - Apache Software Foundation)
Opera Stable 65.0.3467.78 (HKLM-x32\...\Opera 65.0.3467.78) (Version: 65.0.3467.78 - Opera Software)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 191211 - Kakao Corp.)
ProfiCAD 10.3.6 (HKLM-x32\...\ProfiCAD_is1) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
save2pc 5.48 (HKLM-x32\...\save2pc_is1) (Version: - FDRLab, Inc.)
Spotify (HKU\S-1-5-21-2809947898-3707831389-441220471-1001\...\Spotify) (Version: 1.1.22.633.g1bab253a - Spotify AB)
Ulož.to FileManager verze 2.77 (HKLM-x32\...\{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1) (Version: 2.77 - Uloz.to cloud a.s.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
WD Desktop App 1.5.0.87 (HKLM-x32\...\{2f9f5d2c-2da0-417e-bbff-8787105a70f2}) (Version: 1.5.0.87 - Western Digital Technologies, Inc.) Hidden
WD Desktop App 1.5.0.87 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 1.5.0.87 - Western Digital Technologies, Inc.) Hidden
WD Drive Agent (HKLM-x32\...\{10BD0B99-6C39-4246-85DA-E4AA34B7707E}) (Version: 1.1.0.18 - Western Digital Technologies, Inc.) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-01-26] (Autodesk Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-01-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-15] (Microsoft Studios) [MS Ad]
MSN Počasie -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-22] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-26] (Microsoft Corporation) [MS Ad]
RAR Opener -> C:\Program Files\WindowsApps\DeviceDoctor.RAROpener_1.3.48.0_x64__mkdtfchztkfbm [2020-01-26] (Tiny Opener)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2020-01-26] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2809947898-3707831389-441220471-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
SSODL: WDFSMountNotificator-wdfsconnect2017 - {4F76702D-3AAF-4BDD-B096-926E9434CBAE} - C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {4F76702D-3AAF-4BDD-B096-926E9434CBAE} - C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects: Virtual Storage Mount Notification -> {4F76702D-3AAF-4BDD-B096-926E9434CBAE} => C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {4F76702D-3AAF-4BDD-B096-926E9434CBAE} => C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2018-04-04] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2018-04-04] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2018-04-04] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2018-04-04] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2018-04-04] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2018-04-04] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WDDesktopContextMenu] -> {2f14ea59-b6ad-32d6-b690-1cde278ea7d7} => C:\Program Files\WD Desktop App\kda.DLL [2018-04-04] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [WDDesktopContextMenu] -> {2f14ea59-b6ad-32d6-b690-1cde278ea7d7} => C:\Program Files\WD Desktop App\kda.DLL [2018-04-04] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-12-31 21:54 - 2019-12-31 21:54 - 001743360 ____T (bookingDesktopApp.) [File not signed] C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\bookingDesktopApppdate.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2019-01-04 10:05 - 000000828 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2809947898-3707831389-441220471-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: wuauserv => 3
HKLM\...\StartupApproved\Run32: => "WDDriveAgent"
HKU\S-1-5-21-2809947898-3707831389-441220471-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-2809947898-3707831389-441220471-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2809947898-3707831389-441220471-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2809947898-3707831389-441220471-1001\...\StartupApproved\Run: => "MiPhoneManager"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{38506ECA-4DB6-46A7-9F6B-A52D5BA4973C}C:\users\brunkowski\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\brunkowski\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [TCP Query User{1AEAF8DB-54FB-4B90-B78C-81853383071F}C:\users\brunkowski\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Allow) C:\users\brunkowski\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{46D8CBB3-3952-487A-B081-D1FF1A1D8423}] => (Allow) C:\Users\brunkowski\AppData\Local\MiPhoneManager\main\MiPCSuite.exe (Xiaomi Technology Inc -> Xiaomi.Inc)
FirewallRules: [{DE3E620B-00FD-4770-8405-3CCA08963614}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{32109183-0E1D-40E8-95B0-4AC444E4D2CF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{465C96AD-8FAE-4D70-9CF1-7D67D8F285DA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D6B5AF61-0A4C-43BA-8D0F-F15EF57B1663}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{09AAA453-DF6C-4EE4-9ACA-442EF2641E8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{72B56E89-A420-4C48-A3D5-12394DEB29E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7A899970-C921-47A1-AE69-B5706B4CBE94}] => (Allow) C:\Program Files\Opera\65.0.3467.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{2AEDD176-7DF9-4F3D-9A19-BDB9EDF2C656}] => (Allow) C:\Program Files\Opera\65.0.3467.78\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E35C853F-4AC9-42C0-8108-24AD91349216}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

22-12-2019 04:14:18 Scheduled Checkpoint
24-01-2020 19:40:35 Windows Update
25-01-2020 23:18:53 Operace obnovení

==================== Faulty Device Manager Devices ============

Name: [TV] Samsung 5 Series (32) Stereo
Description: Zdroj Microsoft Bluetooth A2dp
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthA2dp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/26/2020 11:40:51 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3968,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/26/2020 11:34:49 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01b language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/26/2020 01:36:19 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6080,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/26/2020 01:30:12 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4312,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/26/2020 01:18:05 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4856,R,98) SRUJet: Při otevírání souboru protokolu C:\WINDOWS\system32\SRU\SRU00D58.log došlo k chybě -1811 (0xfffff8ed).

Error: (01/25/2020 11:19:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary WinQuic.

System Error:
Zavaděč prostředku nemohl vyhledat soubor MUI.
.

Error: (01/25/2020 10:58:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01b language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/25/2020 10:29:25 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (564,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).


System errors:
=============
Error: (01/25/2020 10:08:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správca stiahnutých máp přestala během spouštění reagovat.

Error: (01/25/2020 09:05:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba bookingDesktopApp Update Service (bookingdesktopapp) byla neočekávaně ukončena. Tento stav nastal již 7krát.

Error: (01/25/2020 09:00:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba bookingDesktopApp Update Service (bookingdesktopapp) byla neočekávaně ukončena. Tento stav nastal již 6krát.

Error: (01/25/2020 08:05:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba bookingDesktopApp Update Service (bookingdesktopapp) byla neočekávaně ukončena. Tento stav nastal již 5krát.

Error: (01/25/2020 08:00:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba bookingDesktopApp Update Service (bookingdesktopapp) byla neočekávaně ukončena. Tento stav nastal již 4krát.

Error: (01/25/2020 07:04:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba bookingDesktopApp Update Service (bookingdesktopapp) byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (01/25/2020 07:00:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba bookingDesktopApp Update Service (bookingdesktopapp) byla neočekávaně ukončena. Tento stav nastal již 2krát.

Error: (01/25/2020 06:59:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba System Guard Runtime Monitor Broker přestala během spouštění reagovat.


Windows Defender:
===================================
Date: 2020-01-25 21:28:23.704
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:VBS/Mutuodo.A
ID: 2147724374
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\brunkowski\AppData\Roaming\Garohutac
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-3QKQD4S\brunkowski
Název procesu: C:\Users\brunkowski\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.307.3019.0, AS: 1.307.3019.0, NIS: 1.307.3019.0
Verze modulu: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-25 21:27:03.009
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:VBS/Mutuodo.A
ID: 2147724374
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\brunkowski\AppData\Roaming\Garohutac
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-3QKQD4S\brunkowski
Název procesu: C:\Users\brunkowski\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.307.3019.0, AS: 1.307.3019.0, NIS: 1.307.3019.0
Verze modulu: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-25 21:26:57.772
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:VBS/Mutuodo.A
ID: 2147724374
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\brunkowski\AppData\Roaming\Garohutac
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-3QKQD4S\brunkowski
Název procesu: C:\Users\brunkowski\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.307.3019.0, AS: 1.307.3019.0, NIS: 1.307.3019.0
Verze modulu: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2019-12-21 20:32:10.430
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {FD2B6333-28B5-4FA7-8D69-DC94E4293111}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-12-21 20:16:35.570
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {5B53442D-F446-478B-AAD6-023E6F59ED64}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-01-26 11:33:39.370
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.307.1571.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16600.7
Kód chyby: 0x80072ee7
Popis chyby: The server name or address could not be resolved

Date: 2020-01-26 11:33:39.369
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.307.1571.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16600.7
Kód chyby: 0x80072ee7
Popis chyby: The server name or address could not be resolved

Date: 2020-01-26 11:33:39.368
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.307.1571.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16600.7
Kód chyby: 0x80072ee7
Popis chyby: The server name or address could not be resolved

Date: 2020-01-26 11:33:39.348
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.307.1571.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16600.7
Kód chyby: 0x80072ee7
Popis chyby: The server name or address could not be resolved

Date: 2020-01-26 11:33:39.347
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.307.1571.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16600.7
Kód chyby: 0x80072ee7
Popis chyby: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-01-26 11:45:58.325
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-01-26 11:44:02.756
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-01-26 11:44:02.714
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-01-26 11:33:52.786
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-01-26 11:33:50.739
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-01-26 11:33:48.696
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-01-26 11:33:46.666
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-01-26 11:33:41.463
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. A08 08/12/2015
Motherboard: Dell Inc. 0V09NX
Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 61%
Total physical RAM: 3979.2 MB
Available physical RAM: 1514.43 MB
Total Virtual: 5451.2 MB
Available Virtual: 3055.26 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.62 GB) (Free:14.78 GB) NTFS
Drive d: () (Removable) (Total:29.52 GB) (Free:29.32 GB) FAT32

\\?\Volume{816d5af8-13e0-4893-8958-0da25b595c05}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS
\\?\Volume{4367d177-b1ba-417b-aea7-d995ffb622ce}\ () (Fixed) (Total:0.55 GB) (Free:0.08 GB) NTFS
\\?\Volume{9bd3829b-a748-4398-b2ea-3e7dfc469ffc}\ (PBR Image) (Fixed) (Total:7.21 GB) (Free:0.73 GB) NTFS
\\?\Volume{72644b95-c0ca-426a-a875-50cb1f2f5880}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7BFE6926)

Partition: GPT.

==========================================================
Disk: 1 (Size: 29.5 GB) (Disk ID: 25B93D46)
Partition 1: (Not Active) - (Size=29.5 GB) - (Type=0C)

==================== End of Addition.txt =======================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[brunkowski]

# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-03-2020
# Duration: 00:01:07
# OS: Windows 10 Home
# Scanned: 34824
# Detected: 14


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.DealPly C:\Users\brunkowski\AppData\Roaming\UpdateTask
PUP.Optional.MarketScore C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge

***** [ Files ] *****

PUP.Optional.RelevantKnowledge C:\Windows\System32\rlls64.dll
Trojan.Agent C:\Windows\SysWOW64\rlls.dll

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP
PUP.Optional.SearchManager HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G
PUP.Optional.SearchManager HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F

***** [ Chromium (and derivatives) ] *****

PUP.Optional.SearchManager Search Manager

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.BrowseToSave SaveFrom.net helper

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

[Rudy]

Dejte nové logy FRST+Addition.