Dobrý den,
prosím o kontrolu, všimla jsem si, že můj email rozesílá sám od sebe nějaký spam. Předem děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-02-2020 02
Ran by Kateřina (administrator) on LAPTOP-LMBQQVTN (LENOVO 80R2) (02-02-2020 18:40:23)
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: kcver & Kateřina)
Platform: Microsoft Windows 10 Home Version 1803 17134.885 (X86) Language: Slovenština (Slovensko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(3NOD) [File not signed] C:\Windows\3NOD\Lenovokb.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Kateřina\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Power Software Limited -> Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Realtek Semiconductor Corp -> ) C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [3nodkey] => C:\Windows\3NOD\LenovoKB.exe [6416384 2015-08-12] (3NOD) [File not signed]
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [103528 2015-07-29] (Intel Corporation - pGFX -> Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3173840 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [406664 2016-05-25] (Power Software Limited -> Power Software Ltd)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [266552 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [Easy Disk Drive Repair] => C:\Program Files\Zeatron Software\Easy Disk Drive Repair\EasyDiskDriveRepair.exe [483328 2015-01-17] (Zeatron Software) [File not signed]
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Kateřina\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Kateřina\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\RunOnce: [Uninstall 19.222.1110.0006] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kateřina\AppData\Local\Microsoft\OneDrive\19.222.1110.0006"
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {24C6AD8D-F43B-4846-B9D2-7DD8483291DF} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {302231E7-C058-4190-A0E8-6117E2BAF219} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-07-17] (LENOVO -> Lenovo)
Task: {42A961D9-CEFA-4D98-987A-7339498B7611} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [270272 2015-07-17] (LENOVO -> Lenovo)
Task: {446DB129-8C88-404C-A5D8-D80235E8C7EE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1542536 2019-09-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {659F8A49-4B8D-4807-B1B5-FADF80AA29D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {6CF3372F-88CA-4AA4-BF9D-EB3FAF42E2B6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1439104 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DCD6F2A-5C33-4871-B76D-E0CF6A2E2F72} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9403328 2015-07-17] (LENOVO -> )
Task: {6F3AF377-953E-43AE-B0C2-A9CF668F586B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3250056 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {8CB5701B-E1B0-4329-88B8-C5E728D936DD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {90AA0BCA-EE84-4A3B-BF39-7BAA0100F20B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9B94587F-53A2-4D48-8CC2-DD9B7D67BD36} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [18932504 2020-01-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {A821710D-C0CD-4F7B-A122-1CEE3BBED03A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB224C74-AD57-49BB-8DE5-36F634B12460} - System32\Tasks\UninstallMonitor => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [18937944 2018-10-16] (Innovative Solutions Grup SRL -> Innovative Solutions GRUP SRL)
Task: {B2198A60-F972-4207-AD76-690EDFC0180E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9403328 2015-07-17] (LENOVO -> )
Task: {B35AA63A-7209-41CB-B513-F938283BEE73} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1376144 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {C07FACDF-34F1-4123-9903-54A72E56B111} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [18932504 2020-01-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {C2BC506F-6DB7-45F3-B626-513FA4CBC091} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1320384 2015-07-17] (LENOVO -> Lenovo)
Task: {CB5461D8-35B3-44DC-BD82-68D7EFCE8E99} - System32\Tasks\AupAvUpdate => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe
Task: {DF54C431-3984-458E-B279-D978C1A353C0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1376144 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA1D29B8-3DBB-4871-9E26-06CF696438C0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {F39046F2-71AB-404E-AD34-11E1EF8AD3E8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {F39046F2-71AB-404E-AD34-11E1EF8AD3E8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3793012919-2705438960-3369879477-1004" /ENABLE
Task: {F39046F2-71AB-404E-AD34-11E1EF8AD3E8} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {FE5E4B86-FA9B-4514-93A0-A4D3DD5BB21D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{0536420d-6f45-4c03-9f00-769e7f69022c}: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{49ca41ff-aac6-4d4b-96eb-37e9914a09f3}: [DhcpNameServer] 169.254.73.172
Internet Explorer:
==================
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\Kateřina\Downloads
Edge Notifications: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004 -> hxxps://www.facebook.com; hxxps://www.arome.cz; hxxps://www.hamty.cz
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-09-10] (Adobe Inc. -> Adobe Systems)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5106064 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [859096 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [147160 2015-07-16] (Realtek Semiconductor Corp -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7278352 2020-01-07] (Microsoft Corporation -> Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [299488 2016-11-28] (Intel(R) pGFX -> Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [108648 2015-07-29] (Intel Corporation - pGFX -> Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [105576 2015-07-29] (Intel Corporation - pGFX -> Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [115816 2015-07-29] (Intel Corporation - pGFX -> Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [292832 2016-11-28] (Intel(R) pGFX -> Intel Corporation)
S3 InnovativeSolutions_monitor; C:\Program Files\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065560 2018-10-16] (Innovative Solutions Grup SRL -> )
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-07-17] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3183440 2018-12-10] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [91776 2018-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35512 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [174712 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [224008 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [169408 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [59368 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15792 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [211088 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41200 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [136752 2019-11-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [95168 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [73312 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [691528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [394856 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [176760 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [277408 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera32.sys [697360 2015-07-09] (WDKTestCert viedifw,130729818588344082 -> Intel(R) Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [88584 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [55816 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [59392 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [85000 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [203264 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [467968 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [129248 2019-01-23] (Malwarebytes Corporation -> Malwarebytes)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [34176 2015-06-10] (WDKTestCert sys_dpebuild,130676845367974970 -> Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [27496 2015-06-10] (WDKTestCert sys_dpebuild,130676845367974970 -> Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [57360 2015-06-18] (WDKTestCert sys_dpebuild,130676858587893502 -> Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [98560 2015-06-10] (WDKTestCert sys_dpebuild,130676858587893502 -> Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel(R) Wireless Display -> Intel Corporation)
R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [47104 2015-07-01] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [277264 2015-11-11] (WDKTestCert sys_dpebuild,130676845285008007 -> Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel(R) Wireless Display -> Intel Corporation)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [106144 2018-12-10] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63760 2018-12-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [230120 2020-01-31] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [93416 2018-12-12] (Malwarebytes Corporation -> Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [33792 2015-06-16] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [77424 2015-06-16] (WDKTestCert sys_dpebuild,130674149657513416 -> Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [208624 2015-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [557312 2015-07-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\System32\drivers\rtwlans.sys [6555136 2018-04-11] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [1943808 2016-10-13] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [123968 2016-05-25] (Power Software Limited -> Power Software Ltd)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [84520 2015-05-27] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 UrsSynopsys; C:\WINDOWS\System32\drivers\urssynopsys.sys [21920 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [38488 2018-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [266424 2018-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [47800 2018-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [189952 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-06-07 14:05 - 4950-06-07 14:05 - 000178688 ____N (Microsoft Corporation) C:\WINDOWS\yLAe.exe
2099-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Program Files\Common Files\eejei.exe
2099-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____C (Microsoft Corporation) C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
2020-02-02 18:40 - 2020-02-02 18:42 - 000026733 ____C C:\Users\Kateřina\Desktop\FRST.txt
2020-02-02 18:38 - 2020-02-02 18:38 - 002008064 ____C (Farbar) C:\Users\Kateřina\Desktop\FRST.exe
2020-01-30 19:40 - 2020-01-30 19:40 - 000000000 ___HD C:\$GetCurrent
2020-01-09 18:36 - 2020-01-09 18:36 - 000602293 ____C C:\Users\Kateřina\Documents\Prohlášení poplatníka interaktivní formulář_new.pdf
2020-01-09 18:25 - 2020-01-09 18:25 - 000600766 ____C C:\Users\Kateřina\Desktop\Prohlášení poplatníka interaktivní formulář_KCV.pdf
2020-01-09 18:23 - 2020-01-09 18:23 - 000371216 ____C C:\Users\Kateřina\Desktop\Prohlášení poplatníka interaktivní formulář.pdf
2020-01-09 17:54 - 2020-01-09 17:54 - 000596818 ____C C:\Users\Kateřina\Desktop\Prohlášení_poplatníka_2018_interaktivní_formulář_prázdný_02.01.2019.pdf
2020-01-09 16:23 - 2020-01-09 16:23 - 001573393 ____C C:\Users\Kateřina\Desktop\KCV.zip
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-02-02 18:43 - 2018-08-01 12:54 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3793012919-2705438960-3369879477-1004
2020-02-02 18:43 - 2018-08-01 12:54 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-02-02 18:43 - 2018-08-01 12:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-02-02 18:41 - 2018-11-26 17:56 - 000000000 ____D C:\FRST
2020-02-02 18:40 - 2018-04-11 21:31 - 000000000 ____D C:\WINDOWS\INF
2020-02-02 18:29 - 2018-04-11 21:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-02 18:28 - 2018-08-01 12:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-02-02 16:23 - 2018-12-12 17:58 - 000000000 ___DC C:\Users\Kateřina\Desktop\SKŘIVÁNEK
2020-02-02 16:10 - 2019-08-27 09:52 - 000000000 ____D C:\WINDOWS\Panther
2020-02-02 16:07 - 2018-08-01 12:15 - 000002381 ____C C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-02-02 16:07 - 2016-10-13 16:40 - 000000000 ___RD C:\Users\Kateřina\OneDrive
2020-02-02 16:01 - 2016-10-13 16:37 - 000000000 __SHD C:\Users\Kateřina\IntelGraphicsProfiles
2020-01-31 16:54 - 2018-08-01 12:15 - 000000000 ____D C:\Users\Kateřina
2020-01-31 13:33 - 2018-08-01 12:36 - 002322486 _____ C:\WINDOWS\system32\perfh005.dat
2020-01-31 13:33 - 2018-08-01 12:36 - 000664618 _____ C:\WINDOWS\system32\perfc005.dat
2020-01-31 13:33 - 2018-08-01 12:30 - 000005680 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-31 13:33 - 2017-10-22 17:48 - 001104638 _____ C:\WINDOWS\system32\perfh01B.dat
2020-01-31 13:33 - 2017-10-22 17:48 - 000931338 _____ C:\WINDOWS\system32\perfc01B.dat
2020-01-31 13:29 - 2019-12-13 15:12 - 000230120 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-01-31 13:28 - 2018-08-01 12:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-31 10:59 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-30 19:52 - 2018-04-11 21:36 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-30 19:38 - 2019-08-21 10:06 - 000000000 ____D C:\Windows10Upgrade
2020-01-30 19:38 - 2018-01-23 14:41 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník s aktualizací Windows 10.lnk
2020-01-30 19:38 - 2018-01-23 14:41 - 000000802 ____C C:\Users\Kateřina\Desktop\Pomocník s aktualizací Windows 10.lnk
2020-01-28 13:51 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-01-27 16:33 - 2018-04-11 21:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-01-27 16:29 - 2015-11-29 12:20 - 000000000 ____D C:\Program Files\Microsoft Office
2020-01-27 16:27 - 2018-12-17 18:42 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-23 13:23 - 2019-03-19 09:04 - 000000000 ___HD C:\$WINDOWS.~BT
2020-01-22 14:02 - 2018-08-01 13:10 - 000000000 ___DC C:\Users\Kateřina\AppData\Local\PlaceholderTileLogoFolder
2020-01-22 14:02 - 2018-01-26 12:17 - 000000000 ___DC C:\Users\Kateřina\AppData\Local\Packages
2020-01-15 16:33 - 2016-10-14 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-15 16:29 - 2016-10-14 22:19 - 117005720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-09 16:29 - 2016-10-28 22:34 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-01-03 12:52 - 2019-12-06 10:23 - 000000000 ____D C:\Program Files\CUAssistant
==================== Files in the root of some directories ========
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ () C:\Program Files\TNVVPFINSS-DECRYPT.txt
4950-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Program Files\Common Files\eejei.exe
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 ____C () C:\Users\Kateřina\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:46 - 2018-11-26 15:46 - 000008666 ____C () C:\Users\Kateřina\AppData\Roaming\Microsoft\TNVVPFINSS-DECRYPT.txt
4950-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____C (Microsoft Corporation) C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
2018-11-07 22:22 - 2018-11-13 13:10 - 006161408 ____C () C:\Users\Kateřina\AppData\Local\dump007.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000140800 ____C () C:\Users\Kateřina\AppData\Local\installer.dat
2018-10-09 16:24 - 2018-10-09 16:24 - 000000003 ____C () C:\Users\Kateřina\AppData\Local\wbem.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-02-2020 02
Ran by Kateřina (02-02-2020 18:43:59)
Running from C:\Users\Kateřina\Desktop
Microsoft Windows 10 Home Version 1803 17134.885 (X86) (2018-08-01 11:55:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3793012919-2705438960-3369879477-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3793012919-2705438960-3369879477-503 - Limited - Disabled)
Guest (S-1-5-21-3793012919-2705438960-3369879477-501 - Limited - Disabled)
Kateřina (S-1-5-21-3793012919-2705438960-3369879477-1004 - Administrator - Enabled) => C:\Users\Kateřina
kcver (S-1-5-21-3793012919-2705438960-3369879477-1002 - Administrator - Enabled) => C:\Users\kcver
WDAGUtilityAccount (S-1-5-21-3793012919-2705438960-3369879477-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 12 (HKLM\...\AU11_is1) (Version: 12.24.0.100 - Innovative Solutions)
Apple Mobile Device Support (HKLM\...\{ABDE67C4-5876-4CDB-82A9-0CBACECC1C4A}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
AX88772C_772B_772A_772 Windows 8.x Drivers (HKLM\...\{18B9948C-938D-4AED-9ED7-EADE3BD1876A}) (Version: 3.0.1.0 - ASIX Electronics Corporation) Hidden
AX88772C_772B_772A_772 Windows 8.x Drivers (HKLM\...\InstallShield_{18B9948C-938D-4AED-9ED7-EADE3BD1876A}) (Version: 3.0.1.0 - ASIX Electronics Corporation)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Epson Easy Photo Print 2 (HKLM\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Free YouTube Downloader 4.2.754 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.17.5274 - GOM & Company)
iTunes (HKLM\...\{BCE6D6D6-42B5-4ABF-A44F-8EDF41F862D2}) (Version: 12.9.2.6 - Apple Inc.)
Lenovo Keyboard Driver (HKLM\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: 1.0.15.0812 - 3NOD)
Lenovo EasyCamera (HKLM\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Solution Center (HKLM\...\{74C3EF3E-2A0D-470A-9EDC-884D5F85644F}) (Version: 3.0.003.00 - Lenovo)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.12325.20344 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\OneDriveSetup.exe) (Version: 19.232.1124.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 CSY (HKLM\...\{E8BEDB28-151D-465C-9BE0-F6EB930A629C}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Network Stumbler 0.4.0 (remove only) (HKLM\...\Network Stumbler) (Version: - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12325.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.12325.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.12325.20344 - Microsoft Corporation) Hidden
Podpora aplikací Apple (32bitová) (HKLM\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Pomocník s aktualizací Windows 10 (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
PowerISO (HKLM\...\PowerISO) (Version: 6.6 - Power Software Ltd)
REALTEK Bluetooth (HKLM\...\{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - REALTEK Semiconductor Corp.) Hidden
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - Realtek Semiconductor Corp.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.224135 - TeamViewer)
UpdateAssistant (HKLM\...\{A8CB3AA1-4ED7-4E95-BA0A-3DC927739A0E}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
Webshare uploader (HKLM\...\WebshareDLC) (Version: - Webshare)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Packages:
=========
8 Zip Lite - unpack RAR, ZIP, 7z for free -> C:\Program Files\WindowsApps\BooStudioLLC.8ZipLite_1.2.150.0_x86__b6e429xa66pga [2018-06-27] (Finebits OÜ) [MS Ad]
Adobe Photoshop Express: Editor obrazů, úpravy, filtry, efekty, okraje -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.0.316.0_x86__ynb6jyjzte8ga [2019-05-27] (Adobe Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.156.300.0_x86__kgqvnymyfvs32 [2020-01-29] (king.com)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2018-07-30] (Instagram)
Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_196.2292.59195.0_x86__8xx8rvfyw5nnt [2020-01-22] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Průvodce pro telefon -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x86__8wekyb3d8bbwe [2018-02-15] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x86__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad]
Microsoft Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x86__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.20074.0_x86__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x86__8wekyb3d8bbwe [2019-12-20] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.34.20074.0_x86__8wekyb3d8bbwe [2020-01-20] (Microsoft Corporation) [MS Ad]
Photo Watermark - Add Watermark to Photos, Add Timestamps -> C:\Program Files\WindowsApps\12176PicturePerfectApps.PhotoWatermark-AddWatermar_1.1.4.0_x86__e40414p8savay [2019-01-21] (Picture Perfect Apps) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-10] (Twitter Inc.)
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Limited -> Power Software Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2015-11-29 13:05 - 2015-06-09 03:20 - 000045056 _____ () [File not signed] C:\Windows\3NOD\hidhook.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Kateřina\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 09:28 - 2019-01-04 09:07 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.1.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{686A5B0F-72AE-4887-BA1C-7C5538C8EE2E}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{CE4E4021-A8EF-4D73-8D6D-0EDEF241C821}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{9797F135-393E-49F2-8549-E8A23C9BCB19}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{4506DF19-34C4-467F-A305-81241F34E03A}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{B2FB42EF-2792-41CE-BD13-CDAA2FC378AD}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{DC6EC7A9-76AA-4DE7-B37A-99D8BEADE131}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{CFEE2A02-79F0-460A-8D4A-B066C0CBFA58}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{C764E5CB-BE9B-4773-B4EC-0E7F1FA35F36}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{C5E3EA69-45DA-4F21-A67C-8456ED7BB907}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{572802B3-417F-4E13-9657-9CA79E80BFF0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{979F9B6C-558F-46EE-AE0F-5463053A2D36}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{A714F5E9-EE96-446D-AC7C-86590FA12403}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E205A33B-2E3C-403B-8389-D5CE2D53C1EE}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93E1560C-848B-4C14-AAB3-8500AECAAE00}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BF666A0C-FCBB-4354-AF19-ACD86FC71623}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{79BB3168-0940-4AF9-952E-24AAB607905A}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D7247124-9FA0-46AC-B243-13F98BA40EA5}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6704B659-10E2-4E72-B184-60677C1C27A4}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:56.99 GB) (Free:3.23 GB) (6%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/02/2020 06:38:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (02/02/2020 06:38:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (02/02/2020 04:34:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (02/02/2020 04:34:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (02/02/2020 04:34:17 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263
Error: (02/02/2020 04:24:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (02/02/2020 04:24:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (02/02/2020 04:09:34 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Error: (02/02/2020 06:42:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_9b672c byla neočekávaně ukončena. Tento stav nastal již 11krát.
Error: (02/02/2020 06:40:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_9b672c byla neočekávaně ukončena. Tento stav nastal již 10krát.
Error: (02/02/2020 06:38:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_9b672c byla neočekávaně ukončena. Tento stav nastal již 9krát.
Error: (02/02/2020 04:59:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_9b672c byla neočekávaně ukončena. Tento stav nastal již 8krát.
Error: (02/02/2020 04:58:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/02/2020 04:58:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_9b672c byla neočekávaně ukončena. Tento stav nastal již 7krát.
Error: (02/02/2020 04:34:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_9b672c byla neočekávaně ukončena. Tento stav nastal již 6krát.
Error: (02/02/2020 04:33:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_9b672c byla neočekávaně ukončena. Tento stav nastal již 5krát.
Windows Defender:
===================================
Date: 2018-12-11 14:56:04.306
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Program:Win32/Unwaders.C!ml
ID: 242874
Závažnost: Závažná
Kategorie: Potenciálne nežiaduci softvér
Cesta: file:_C:\Users\Kateřina\Favorites\Res.Center.ponse\072344\urlmon.7z; file:_C:\Users\Kateřina\Favorites\Res.Center.ponse\352334\urlmon.7z; file:_C:\Users\Kateřina\Favorites\Res.Center.ponse\502221\urlmon.7z
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-11 11:25:14.922
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Dexphot.A
ID: 2147730490
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\062124\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071214\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071404\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\072314\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\081554\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\121934\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\401741\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\431134\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\022127\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061334\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061714\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061904\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\062054\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\071524\MSE.Engine.dll; file:_C:\Users\Kate
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\Internet Explorer\iexplore.exe
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-11 11:25:14.580
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Dexphot.A
ID: 2147730490
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\062124\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071214\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071404\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\072314\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\081554\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\121934\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\401741\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\431134\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\022127\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061334\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061714\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061904\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\062054\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\071524\MSE.Engine.dll; file:_C:\Users\Kate
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\Internet Explorer\iexplore.exe
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-11 11:25:14.035
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Dexphot.A
ID: 2147730490
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\062124\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071214\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071404\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\072314\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\081554\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\121934\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\401741\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\431134\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\022127\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061334\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061714\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061904\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\062054\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\071524\MSE.Engine.dll; file:_C:\Users\Kate
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\Internet Explorer\iexplore.exe
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-11 11:25:13.615
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Dexphot.A
ID: 2147730490
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\062124\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071214\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071404\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\072314\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\081554\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\121934\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\401741\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\431134\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\022127\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061334\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061714\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061904\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\062054\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\071524\MSE.Engine.dll; file:_C:\Users\Kate
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\Internet Explorer\iexplore.exe
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-09 15:07:25.037
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.132.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240016
Popis chyby :Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.
CodeIntegrity:
===================================
Date: 2020-02-02 16:01:49.784
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-29 19:09:08.550
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-29 14:17:46.190
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-29 13:49:08.718
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-28 15:02:38.301
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-27 16:24:12.214
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-26 15:21:07.605
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-22 13:38:37.603
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO E2CN15WW 09/12/2018
Motherboard: LENOVO Aristotle 11.6
Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 90%
Total physical RAM: 1977.13 MB
Available physical RAM: 194.34 MB
Total Virtual: 5518.38 MB
Available Virtual: 599.57 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:56.99 GB) (Free:3.24 GB) NTFS
\\?\Volume{9c76ee76-6bb3-4f5a-993b-b448b6702264}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.67 GB) NTFS
\\?\Volume{e1359a58-b0db-4cbb-9fd5-0160589ee3ed}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 049CE56E)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu, email rozesílá spam
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118271
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, email rozesílá spam
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu, email rozesílá spam
Bylo vygenerováno několik logů, přikládám:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-19.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-26-2018
# Duration: 00:00:07
# OS: Windows 10 Home
# Cleaned: 152
# Failed: 4
***** [ Services ] *****
Deleted CRMSvc
***** [ Folders ] *****
Deleted C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc
Deleted C:\Users\Kateřina\AppData\Roaming\CRMSvc
Deleted C:\ProgramData\Quoteexs
Deleted C:\ProgramData\Logic Cramble
Deleted C:\Program Files\Microleaves
Deleted C:\Users\Kateřina\AppData\Roaming\Microleaves
Deleted C:\ProgramData\ACFF3714-65E5-0
Deleted C:\ProgramData\ACFF3714-4DB5-1
Deleted C:\ProgramData\68CFF4DA-5D31-1
Deleted C:\ProgramData\68CFF4DA-3037-0
Deleted C:\Program Files\OLBPre
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
Deleted C:\Program Files\DriverToolkit
Deleted C:\Users\Kateřina\AppData\Local\DriverToolkit
Deleted C:\ProgramData\Quoteex
Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\Temp\Smartbar
***** [ Files ] *****
Deleted C:\Users\Kateřina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
Deleted C:\Users\Public\Desktop\Free YouTube Downloader.lnk
Deleted C:\Users\Kateřina\Desktop\DriverToolkitInstaller.exe
Deleted C:\Users\Public\Desktop\DriverToolkit.lnk
Deleted C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml
Deleted C:\Users\Kateřina\appdata\local\installationconfiguration.xml
Deleted C:\Users\Kateřina\AppData\Local\Main.dat
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\System32\findit.xml
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\Tasks\Online Application V2G5.job
Deleted C:\Windows\System32\Tasks\Online Application V2G5
Deleted C:\Windows\Tasks\Online Application V2G4.job
Deleted C:\Windows\System32\Tasks\Online Application V2G4
Deleted C:\Windows\Tasks\Online Application V2G6.job
Deleted C:\Windows\System32\Tasks\Online Application V2G6
Deleted C:\Windows\System32\Tasks\PSV_ZOTZAP
Deleted C:\Windows\System32\Tasks\PSV_QUOTETOUGH
Deleted C:\Windows\System32\Tasks\PSV_LATFAX
Deleted C:\Windows\System32\Tasks\PSV_HOTZIMIT
Deleted C:\Windows\System32\Tasks\PSV_BLACKCORE
Deleted C:\Windows\Tasks\DRIVERTOOLKIT AUTORUN.job
Deleted C:\Windows\System32\Tasks\DRIVERTOOLKIT AUTORUN
Deleted C:\Windows\System32\Tasks_Migrated\DRIVERTOOLKIT AUTORUN
Deleted C:\Windows\Tasks\Online Application V2G2.job
Deleted C:\Windows\System32\Tasks\Online Application V2G2
Deleted C:\Windows\Tasks\Online Application V2G3.job
Deleted C:\Windows\System32\Tasks\Online Application V2G3
Deleted C:\Windows\Tasks\Online Application V2G1.job
Deleted C:\Windows\System32\Tasks\Online Application V2G1
Deleted C:\Windows\Tasks\Updater_Online_Application.job
Deleted C:\Windows\System32\Tasks\Updater_Online_Application
Deleted C:\Windows\System32\Tasks\LaunchPreSignup
***** [ Registry ] *****
Deleted HKLM\Software\CRMSvc
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKLM\Software\mtQuoteex
Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Quoteex\BioDubhold.dll"
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1655C0CA-7AE7-4012-8502-970C8675E5F8
Deleted HKLM\Software\Microleaves
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65AFF8AA-FAE6-4DE2-98F8-153C49CF3378}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65AFF8AA-FAE6-4DE2-98F8-153C49CF3378}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2132D99-61D7-4D45-AABC-3F31A779C69D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2132D99-61D7-4D45-AABC-3F31A779C69D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF0DF147-7DFB-4DB2-AEAB-C134D1741B37}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF0DF147-7DFB-4DB2-AEAB-C134D1741B37}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5FD1B36-0EDF-48F2-89FE-3628E99F624D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5FD1B36-0EDF-48F2-89FE-3628E99F624D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Zotzap
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E31906B-24D5-45F2-BB98-4C77B49670EA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E31906B-24D5-45F2-BB98-4C77B49670EA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Quotetough
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DECA9C65-CDF4-42F9-ADEF-F06D80F3F041}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DECA9C65-CDF4-42F9-ADEF-F06D80F3F041}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Latfax
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90545C51-9C1E-4351-8560-6F6415C0C2C4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90545C51-9C1E-4351-8560-6F6415C0C2C4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Hotzimit
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98CA451A-97E7-46B9-AF5D-EDB0598847E8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98CA451A-97E7-46B9-AF5D-EDB0598847E8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Blackcore
Deleted HKCU\Software\FastDataX
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
Deleted HKCU\Software\DriverToolkit
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{419D4C1B-61B0-48D8-B59D-FE781B5A8772}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVERTOOLKIT AUTORUN
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3AF3A08-2366-4B06-8B6D-33A3F47C7F18}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3AF3A08-2366-4B06-8B6D-33A3F47C7F18}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B112B29-99A9-4A59-988B-A1E24AD55773}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B112B29-99A9-4A59-988B-A1E24AD55773}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5DE1001-2AF3-46F2-8BFB-3ABB5CE497AD}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5DE1001-2AF3-46F2-8BFB-3ABB5CE497AD}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\zpovednice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.srovnanicen.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.levneucebnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ceskaklavesnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srovnanicen.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\levneucebnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ceskaklavesnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\alternativnicentrum.webnode.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\zpovednice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.srovnanicen.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.levneucebnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ceskaklavesnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\srovnanicen.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\levneucebnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ceskaklavesnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\alternativnicentrum.webnode.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBD81CA9-00FD-44AE-8982-6487A2E67A23}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBD81CA9-00FD-44AE-8982-6487A2E67A23}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49B5D7D1-977D-4AA6-8F41-A31922BD138F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49B5D7D1-977D-4AA6-8F41-A31922BD138F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup
Deleted HKCU\Software\One System Care
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-repair.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-flash-drive-data-recovery.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\netstumbler.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easy-disk-drive-repair.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-repair.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-flash-drive-data-recovery.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\netstumbler.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easy-disk-drive-repair.en.softonic.com
Deleted HKLM\Software\Classes\CLSID\{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}
Deleted HKLM\Software\Classes\MailSearch.Helpers.AutoComplete
Deleted HKLM\Software\Classes\MailSearch.MailSearchBandObject
Deleted HKLM\Software\Classes\MailSearch.Installer
Deleted HKLM\Software\Classes\MailSearch.Attributes.BandObjectAttribute
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [21824 octets] - [26/11/2018 18:46:14]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-02-2020
# Duration: 00:00:04
# OS: Windows 10 Home
# Cleaned: 9
# Failed: 4
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Users\Kateřina\AppData\Roaming\Seznam.cz
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\babylonie.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\banggood.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.babylonie.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.banggood.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\babylonie.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\banggood.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.babylonie.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.banggood.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easy-disk-drive-repair.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-flash-drive-data-recovery.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easy-disk-drive-repair.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-flash-drive-data-recovery.en.softonic.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [21824 octets] - [26/11/2018 18:46:14]
AdwCleaner[C00].txt - [19187 octets] - [26/11/2018 18:46:37]
AdwCleaner[S01].txt - [4466 octets] - [02/02/2020 18:59:29]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-19.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-26-2018
# Duration: 00:01:06
# OS: Windows 10 Home
# Scanned: 32104
# Detected: 156
***** [ Services ] *****
Adware.Agent CRMSvc
***** [ Folders ] *****
Adware.Agent C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc
Adware.Agent C:\Users\Kateřina\AppData\Roaming\CRMSvc
Adware.Linkury C:\ProgramData\Quoteexs
Adware.Linkury C:\ProgramData\Logic Cramble
Adware.OnlineIO C:\Program Files\Microleaves
Adware.OnlineIO C:\Users\Kateřina\AppData\Roaming\Microleaves
PUP.Adware.Heuristic C:\ProgramData\ACFF3714-65E5-0
PUP.Adware.Heuristic C:\ProgramData\ACFF3714-4DB5-1
PUP.Adware.Heuristic C:\ProgramData\68CFF4DA-5D31-1
PUP.Adware.Heuristic C:\ProgramData\68CFF4DA-3037-0
PUP.Optional.Legacy C:\Program Files\OLBPre
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
PUP.Optional.Legacy C:\Program Files\DriverToolkit
PUP.Optional.Legacy C:\Users\Kateřina\AppData\Local\DriverToolkit
PUP.Optional.Linkury.ACMB1 C:\ProgramData\Quoteex
PUP.Optional.OnlineIO C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
PUP.Optional.SmartBar C:\Windows\Temp\Smartbar
***** [ Files ] *****
PUP.Optional.BestYouTubeDownloader C:\Users\Kateřina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
PUP.Optional.BestYouTubeDownloader C:\Users\Public\Desktop\Free YouTube Downloader.lnk
PUP.Optional.DriverToolkit C:\Users\Kateřina\Desktop\DriverToolkitInstaller.exe
PUP.Optional.DriverToolkit C:\Users\Public\Desktop\DriverToolkit.lnk
PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml
PUP.Optional.Legacy C:\Users\Kateřina\appdata\local\installationconfiguration.xml
PUP.Optional.Legacy C:\Users\Kateřina\AppData\Local\Main.dat
PUP.Optional.OnlineIO C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
PUP.Optional.YesSearches C:\Windows\System32\findit.xml
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
Adware.OnlineIO C:\Windows\Tasks\Online Application V2G5.job
Adware.OnlineIO C:\Windows\System32\Tasks\Online Application V2G5
Adware.OnlineIO C:\Windows\Tasks\Online Application V2G4.job
Adware.OnlineIO C:\Windows\System32\Tasks\Online Application V2G4
Adware.OnlineIO C:\Windows\Tasks\Online Application V2G6.job
Adware.OnlineIO C:\Windows\System32\Tasks\Online Application V2G6
PUP.Adware.Heuristic C:\Windows\System32\Tasks\PSV_ZOTZAP
PUP.Adware.Heuristic C:\Windows\System32\Tasks\PSV_QUOTETOUGH
PUP.Adware.Heuristic C:\Windows\System32\Tasks\PSV_LATFAX
PUP.Adware.Heuristic C:\Windows\System32\Tasks\PSV_HOTZIMIT
PUP.Adware.Heuristic C:\Windows\System32\Tasks\PSV_BLACKCORE
PUP.Optional.Legacy C:\Windows\Tasks\DRIVERTOOLKIT AUTORUN.job
PUP.Optional.Legacy C:\Windows\System32\Tasks\DRIVERTOOLKIT AUTORUN
PUP.Optional.Legacy C:\Windows\System32\Tasks_Migrated\DRIVERTOOLKIT AUTORUN
PUP.Optional.Legacy C:\Windows\Tasks\Online Application V2G2.job
PUP.Optional.Legacy C:\Windows\System32\Tasks\Online Application V2G2
PUP.Optional.Legacy C:\Windows\Tasks\Online Application V2G3.job
PUP.Optional.Legacy C:\Windows\System32\Tasks\Online Application V2G3
PUP.Optional.Legacy C:\Windows\Tasks\Online Application V2G1.job
PUP.Optional.Legacy C:\Windows\System32\Tasks\Online Application V2G1
PUP.Optional.Microleaves C:\Windows\Tasks\Updater_Online_Application.job
PUP.Optional.Microleaves C:\Windows\System32\Tasks\Updater_Online_Application
PUP.Optional.MyPCBackup C:\Windows\System32\Tasks\LaunchPreSignup
***** [ Registry ] *****
Adware.Agent HKLM\Software\CRMSvc
Adware.Agent HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc
Adware.DNSUnlocker HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Adware.ICLoader HKLM\Software\MICROSOFT\TechnologyDesktopnew
Adware.ICLoader HKLM\SOFTWARE\MICROSOFT\Speedycar
Adware.Linkury HKLM\Software\mtQuoteex
Adware.Linkury HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
Adware.Linkury HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Quoteex\BioDubhold.dll"
Adware.NeoBar HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1655C0CA-7AE7-4012-8502-970C8675E5F8
Adware.OnlineIO HKLM\Software\Microleaves
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65AFF8AA-FAE6-4DE2-98F8-153C49CF3378}
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65AFF8AA-FAE6-4DE2-98F8-153C49CF3378}
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2132D99-61D7-4D45-AABC-3F31A779C69D}
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2132D99-61D7-4D45-AABC-3F31A779C69D}
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF0DF147-7DFB-4DB2-AEAB-C134D1741B37}
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF0DF147-7DFB-4DB2-AEAB-C134D1741B37}
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5FD1B36-0EDF-48F2-89FE-3628E99F624D}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5FD1B36-0EDF-48F2-89FE-3628E99F624D}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Zotzap
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E31906B-24D5-45F2-BB98-4C77B49670EA}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E31906B-24D5-45F2-BB98-4C77B49670EA}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Quotetough
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DECA9C65-CDF4-42F9-ADEF-F06D80F3F041}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DECA9C65-CDF4-42F9-ADEF-F06D80F3F041}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Latfax
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90545C51-9C1E-4351-8560-6F6415C0C2C4}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90545C51-9C1E-4351-8560-6F6415C0C2C4}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Hotzimit
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98CA451A-97E7-46B9-AF5D-EDB0598847E8}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98CA451A-97E7-46B9-AF5D-EDB0598847E8}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Blackcore
PUP.Optional.FastDataX HKCU\Software\FastDataX
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
PUP.Optional.Legacy HKCU\Software\DriverToolkit
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{419D4C1B-61B0-48D8-B59D-FE781B5A8772}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVERTOOLKIT AUTORUN
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3AF3A08-2366-4B06-8B6D-33A3F47C7F18}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3AF3A08-2366-4B06-8B6D-33A3F47C7F18}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B112B29-99A9-4A59-988B-A1E24AD55773}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B112B29-99A9-4A59-988B-A1E24AD55773}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5DE1001-2AF3-46F2-8BFB-3ABB5CE497AD}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5DE1001-2AF3-46F2-8BFB-3ABB5CE497AD}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\zpovednice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.srovnanicen.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.levneucebnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ceskaklavesnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srovnanicen.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\levneucebnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ceskaklavesnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\alternativnicentrum.webnode.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\zpovednice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.srovnanicen.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.levneucebnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ceskaklavesnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\srovnanicen.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\levneucebnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ceskaklavesnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\alternativnicentrum.webnode.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\SearchScopes\ielnksrch
PUP.Optional.Linkury HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
PUP.Optional.Microleaves HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
PUP.Optional.Microleaves HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBD81CA9-00FD-44AE-8982-6487A2E67A23}
PUP.Optional.Microleaves HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBD81CA9-00FD-44AE-8982-6487A2E67A23}
PUP.Optional.Microleaves HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
PUP.Optional.MyPCBackup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49B5D7D1-977D-4AA6-8F41-A31922BD138F}
PUP.Optional.MyPCBackup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49B5D7D1-977D-4AA6-8F41-A31922BD138F}
PUP.Optional.MyPCBackup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup
PUP.Optional.OneSystemCare HKCU\Software\One System Care
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-repair.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-flash-drive-data-recovery.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\netstumbler.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easy-disk-drive-repair.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-repair.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-flash-drive-data-recovery.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\netstumbler.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easy-disk-drive-repair.en.softonic.com
PUP.Optional.WhiteClick HKLM\Software\Classes\CLSID\{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}
PUP.Optional.WhiteClick HKLM\Software\Classes\MailSearch.Helpers.AutoComplete
PUP.Optional.WhiteClick HKLM\Software\Classes\MailSearch.MailSearchBandObject
PUP.Optional.WhiteClick HKLM\Software\Classes\MailSearch.Installer
PUP.Optional.WhiteClick HKLM\Software\Classes\MailSearch.Attributes.BandObjectAttribute
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-02-2020
# Duration: 00:01:11
# OS: Windows 10 Home
# Scanned: 34824
# Detected: 14
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Seznam.cz C:\Users\Kateřina\AppData\Roaming\Seznam.cz
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Babylon HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\babylonie.cz
PUP.Optional.Babylon HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.babylonie.cz
PUP.Optional.Babylon HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\babylonie.cz
PUP.Optional.Babylon HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.babylonie.cz
PUP.Optional.Banggood HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\banggood.com
PUP.Optional.Banggood HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.banggood.com
PUP.Optional.Banggood HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\banggood.com
PUP.Optional.Banggood HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.banggood.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easy-disk-drive-repair.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-flash-drive-data-recovery.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easy-disk-drive-repair.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-flash-drive-data-recovery.en.softonic.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.LenovoSolutionCenter Folder C:\Program Files\LENOVO\LENOVO SOLUTION CENTER
AdwCleaner[S00].txt - [21824 octets] - [26/11/2018 18:46:14]
AdwCleaner[C00].txt - [19187 octets] - [26/11/2018 18:46:37]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-19.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-26-2018
# Duration: 00:00:07
# OS: Windows 10 Home
# Cleaned: 152
# Failed: 4
***** [ Services ] *****
Deleted CRMSvc
***** [ Folders ] *****
Deleted C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc
Deleted C:\Users\Kateřina\AppData\Roaming\CRMSvc
Deleted C:\ProgramData\Quoteexs
Deleted C:\ProgramData\Logic Cramble
Deleted C:\Program Files\Microleaves
Deleted C:\Users\Kateřina\AppData\Roaming\Microleaves
Deleted C:\ProgramData\ACFF3714-65E5-0
Deleted C:\ProgramData\ACFF3714-4DB5-1
Deleted C:\ProgramData\68CFF4DA-5D31-1
Deleted C:\ProgramData\68CFF4DA-3037-0
Deleted C:\Program Files\OLBPre
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
Deleted C:\Program Files\DriverToolkit
Deleted C:\Users\Kateřina\AppData\Local\DriverToolkit
Deleted C:\ProgramData\Quoteex
Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\Temp\Smartbar
***** [ Files ] *****
Deleted C:\Users\Kateřina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
Deleted C:\Users\Public\Desktop\Free YouTube Downloader.lnk
Deleted C:\Users\Kateřina\Desktop\DriverToolkitInstaller.exe
Deleted C:\Users\Public\Desktop\DriverToolkit.lnk
Deleted C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml
Deleted C:\Users\Kateřina\appdata\local\installationconfiguration.xml
Deleted C:\Users\Kateřina\AppData\Local\Main.dat
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\System32\findit.xml
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\Tasks\Online Application V2G5.job
Deleted C:\Windows\System32\Tasks\Online Application V2G5
Deleted C:\Windows\Tasks\Online Application V2G4.job
Deleted C:\Windows\System32\Tasks\Online Application V2G4
Deleted C:\Windows\Tasks\Online Application V2G6.job
Deleted C:\Windows\System32\Tasks\Online Application V2G6
Deleted C:\Windows\System32\Tasks\PSV_ZOTZAP
Deleted C:\Windows\System32\Tasks\PSV_QUOTETOUGH
Deleted C:\Windows\System32\Tasks\PSV_LATFAX
Deleted C:\Windows\System32\Tasks\PSV_HOTZIMIT
Deleted C:\Windows\System32\Tasks\PSV_BLACKCORE
Deleted C:\Windows\Tasks\DRIVERTOOLKIT AUTORUN.job
Deleted C:\Windows\System32\Tasks\DRIVERTOOLKIT AUTORUN
Deleted C:\Windows\System32\Tasks_Migrated\DRIVERTOOLKIT AUTORUN
Deleted C:\Windows\Tasks\Online Application V2G2.job
Deleted C:\Windows\System32\Tasks\Online Application V2G2
Deleted C:\Windows\Tasks\Online Application V2G3.job
Deleted C:\Windows\System32\Tasks\Online Application V2G3
Deleted C:\Windows\Tasks\Online Application V2G1.job
Deleted C:\Windows\System32\Tasks\Online Application V2G1
Deleted C:\Windows\Tasks\Updater_Online_Application.job
Deleted C:\Windows\System32\Tasks\Updater_Online_Application
Deleted C:\Windows\System32\Tasks\LaunchPreSignup
***** [ Registry ] *****
Deleted HKLM\Software\CRMSvc
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKLM\Software\mtQuoteex
Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Quoteex\BioDubhold.dll"
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1655C0CA-7AE7-4012-8502-970C8675E5F8
Deleted HKLM\Software\Microleaves
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65AFF8AA-FAE6-4DE2-98F8-153C49CF3378}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65AFF8AA-FAE6-4DE2-98F8-153C49CF3378}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2132D99-61D7-4D45-AABC-3F31A779C69D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2132D99-61D7-4D45-AABC-3F31A779C69D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF0DF147-7DFB-4DB2-AEAB-C134D1741B37}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF0DF147-7DFB-4DB2-AEAB-C134D1741B37}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5FD1B36-0EDF-48F2-89FE-3628E99F624D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5FD1B36-0EDF-48F2-89FE-3628E99F624D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Zotzap
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E31906B-24D5-45F2-BB98-4C77B49670EA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E31906B-24D5-45F2-BB98-4C77B49670EA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Quotetough
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DECA9C65-CDF4-42F9-ADEF-F06D80F3F041}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DECA9C65-CDF4-42F9-ADEF-F06D80F3F041}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Latfax
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90545C51-9C1E-4351-8560-6F6415C0C2C4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90545C51-9C1E-4351-8560-6F6415C0C2C4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Hotzimit
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98CA451A-97E7-46B9-AF5D-EDB0598847E8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98CA451A-97E7-46B9-AF5D-EDB0598847E8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Blackcore
Deleted HKCU\Software\FastDataX
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
Deleted HKCU\Software\DriverToolkit
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{419D4C1B-61B0-48D8-B59D-FE781B5A8772}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVERTOOLKIT AUTORUN
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3AF3A08-2366-4B06-8B6D-33A3F47C7F18}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3AF3A08-2366-4B06-8B6D-33A3F47C7F18}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B112B29-99A9-4A59-988B-A1E24AD55773}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B112B29-99A9-4A59-988B-A1E24AD55773}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5DE1001-2AF3-46F2-8BFB-3ABB5CE497AD}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5DE1001-2AF3-46F2-8BFB-3ABB5CE497AD}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\zpovednice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.srovnanicen.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.levneucebnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ceskaklavesnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srovnanicen.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\levneucebnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ceskaklavesnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\alternativnicentrum.webnode.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\zpovednice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.srovnanicen.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.levneucebnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ceskaklavesnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\srovnanicen.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\levneucebnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ceskaklavesnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\alternativnicentrum.webnode.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBD81CA9-00FD-44AE-8982-6487A2E67A23}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBD81CA9-00FD-44AE-8982-6487A2E67A23}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49B5D7D1-977D-4AA6-8F41-A31922BD138F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49B5D7D1-977D-4AA6-8F41-A31922BD138F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup
Deleted HKCU\Software\One System Care
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-repair.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-flash-drive-data-recovery.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\netstumbler.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easy-disk-drive-repair.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-repair.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-flash-drive-data-recovery.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\netstumbler.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easy-disk-drive-repair.en.softonic.com
Deleted HKLM\Software\Classes\CLSID\{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}
Deleted HKLM\Software\Classes\MailSearch.Helpers.AutoComplete
Deleted HKLM\Software\Classes\MailSearch.MailSearchBandObject
Deleted HKLM\Software\Classes\MailSearch.Installer
Deleted HKLM\Software\Classes\MailSearch.Attributes.BandObjectAttribute
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [21824 octets] - [26/11/2018 18:46:14]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-02-2020
# Duration: 00:00:04
# OS: Windows 10 Home
# Cleaned: 9
# Failed: 4
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Users\Kateřina\AppData\Roaming\Seznam.cz
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\babylonie.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\banggood.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.babylonie.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.banggood.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\babylonie.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\banggood.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.babylonie.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.banggood.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easy-disk-drive-repair.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-flash-drive-data-recovery.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easy-disk-drive-repair.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-flash-drive-data-recovery.en.softonic.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [21824 octets] - [26/11/2018 18:46:14]
AdwCleaner[C00].txt - [19187 octets] - [26/11/2018 18:46:37]
AdwCleaner[S01].txt - [4466 octets] - [02/02/2020 18:59:29]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-19.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-26-2018
# Duration: 00:01:06
# OS: Windows 10 Home
# Scanned: 32104
# Detected: 156
***** [ Services ] *****
Adware.Agent CRMSvc
***** [ Folders ] *****
Adware.Agent C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc
Adware.Agent C:\Users\Kateřina\AppData\Roaming\CRMSvc
Adware.Linkury C:\ProgramData\Quoteexs
Adware.Linkury C:\ProgramData\Logic Cramble
Adware.OnlineIO C:\Program Files\Microleaves
Adware.OnlineIO C:\Users\Kateřina\AppData\Roaming\Microleaves
PUP.Adware.Heuristic C:\ProgramData\ACFF3714-65E5-0
PUP.Adware.Heuristic C:\ProgramData\ACFF3714-4DB5-1
PUP.Adware.Heuristic C:\ProgramData\68CFF4DA-5D31-1
PUP.Adware.Heuristic C:\ProgramData\68CFF4DA-3037-0
PUP.Optional.Legacy C:\Program Files\OLBPre
PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
PUP.Optional.Legacy C:\Program Files\DriverToolkit
PUP.Optional.Legacy C:\Users\Kateřina\AppData\Local\DriverToolkit
PUP.Optional.Linkury.ACMB1 C:\ProgramData\Quoteex
PUP.Optional.OnlineIO C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
PUP.Optional.SmartBar C:\Windows\Temp\Smartbar
***** [ Files ] *****
PUP.Optional.BestYouTubeDownloader C:\Users\Kateřina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
PUP.Optional.BestYouTubeDownloader C:\Users\Public\Desktop\Free YouTube Downloader.lnk
PUP.Optional.DriverToolkit C:\Users\Kateřina\Desktop\DriverToolkitInstaller.exe
PUP.Optional.DriverToolkit C:\Users\Public\Desktop\DriverToolkit.lnk
PUP.Optional.Legacy C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml
PUP.Optional.Legacy C:\Users\Kateřina\appdata\local\installationconfiguration.xml
PUP.Optional.Legacy C:\Users\Kateřina\AppData\Local\Main.dat
PUP.Optional.OnlineIO C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
PUP.Optional.YesSearches C:\Windows\System32\findit.xml
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
Adware.OnlineIO C:\Windows\Tasks\Online Application V2G5.job
Adware.OnlineIO C:\Windows\System32\Tasks\Online Application V2G5
Adware.OnlineIO C:\Windows\Tasks\Online Application V2G4.job
Adware.OnlineIO C:\Windows\System32\Tasks\Online Application V2G4
Adware.OnlineIO C:\Windows\Tasks\Online Application V2G6.job
Adware.OnlineIO C:\Windows\System32\Tasks\Online Application V2G6
PUP.Adware.Heuristic C:\Windows\System32\Tasks\PSV_ZOTZAP
PUP.Adware.Heuristic C:\Windows\System32\Tasks\PSV_QUOTETOUGH
PUP.Adware.Heuristic C:\Windows\System32\Tasks\PSV_LATFAX
PUP.Adware.Heuristic C:\Windows\System32\Tasks\PSV_HOTZIMIT
PUP.Adware.Heuristic C:\Windows\System32\Tasks\PSV_BLACKCORE
PUP.Optional.Legacy C:\Windows\Tasks\DRIVERTOOLKIT AUTORUN.job
PUP.Optional.Legacy C:\Windows\System32\Tasks\DRIVERTOOLKIT AUTORUN
PUP.Optional.Legacy C:\Windows\System32\Tasks_Migrated\DRIVERTOOLKIT AUTORUN
PUP.Optional.Legacy C:\Windows\Tasks\Online Application V2G2.job
PUP.Optional.Legacy C:\Windows\System32\Tasks\Online Application V2G2
PUP.Optional.Legacy C:\Windows\Tasks\Online Application V2G3.job
PUP.Optional.Legacy C:\Windows\System32\Tasks\Online Application V2G3
PUP.Optional.Legacy C:\Windows\Tasks\Online Application V2G1.job
PUP.Optional.Legacy C:\Windows\System32\Tasks\Online Application V2G1
PUP.Optional.Microleaves C:\Windows\Tasks\Updater_Online_Application.job
PUP.Optional.Microleaves C:\Windows\System32\Tasks\Updater_Online_Application
PUP.Optional.MyPCBackup C:\Windows\System32\Tasks\LaunchPreSignup
***** [ Registry ] *****
Adware.Agent HKLM\Software\CRMSvc
Adware.Agent HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc
Adware.DNSUnlocker HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Adware.ICLoader HKLM\Software\MICROSOFT\TechnologyDesktopnew
Adware.ICLoader HKLM\SOFTWARE\MICROSOFT\Speedycar
Adware.Linkury HKLM\Software\mtQuoteex
Adware.Linkury HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
Adware.Linkury HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Quoteex\BioDubhold.dll"
Adware.NeoBar HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1655C0CA-7AE7-4012-8502-970C8675E5F8
Adware.OnlineIO HKLM\Software\Microleaves
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65AFF8AA-FAE6-4DE2-98F8-153C49CF3378}
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65AFF8AA-FAE6-4DE2-98F8-153C49CF3378}
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2132D99-61D7-4D45-AABC-3F31A779C69D}
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2132D99-61D7-4D45-AABC-3F31A779C69D}
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF0DF147-7DFB-4DB2-AEAB-C134D1741B37}
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF0DF147-7DFB-4DB2-AEAB-C134D1741B37}
Adware.OnlineIO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5FD1B36-0EDF-48F2-89FE-3628E99F624D}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5FD1B36-0EDF-48F2-89FE-3628E99F624D}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Zotzap
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E31906B-24D5-45F2-BB98-4C77B49670EA}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E31906B-24D5-45F2-BB98-4C77B49670EA}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Quotetough
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DECA9C65-CDF4-42F9-ADEF-F06D80F3F041}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DECA9C65-CDF4-42F9-ADEF-F06D80F3F041}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Latfax
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90545C51-9C1E-4351-8560-6F6415C0C2C4}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90545C51-9C1E-4351-8560-6F6415C0C2C4}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Hotzimit
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98CA451A-97E7-46B9-AF5D-EDB0598847E8}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98CA451A-97E7-46B9-AF5D-EDB0598847E8}
PUP.Adware.Heuristic HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Blackcore
PUP.Optional.FastDataX HKCU\Software\FastDataX
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
PUP.Optional.Legacy HKCU\Software\DriverToolkit
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{419D4C1B-61B0-48D8-B59D-FE781B5A8772}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVERTOOLKIT AUTORUN
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3AF3A08-2366-4B06-8B6D-33A3F47C7F18}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3AF3A08-2366-4B06-8B6D-33A3F47C7F18}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B112B29-99A9-4A59-988B-A1E24AD55773}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B112B29-99A9-4A59-988B-A1E24AD55773}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5DE1001-2AF3-46F2-8BFB-3ABB5CE497AD}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5DE1001-2AF3-46F2-8BFB-3ABB5CE497AD}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\zpovednice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.srovnanicen.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.levneucebnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ceskaklavesnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srovnanicen.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\levneucebnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ceskaklavesnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\alternativnicentrum.webnode.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\zpovednice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.srovnanicen.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.levneucebnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ceskaklavesnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\srovnanicen.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\levneucebnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ceskaklavesnice.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\alternativnicentrum.webnode.cz
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\SearchScopes\ielnksrch
PUP.Optional.Linkury HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
PUP.Optional.Microleaves HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
PUP.Optional.Microleaves HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBD81CA9-00FD-44AE-8982-6487A2E67A23}
PUP.Optional.Microleaves HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBD81CA9-00FD-44AE-8982-6487A2E67A23}
PUP.Optional.Microleaves HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
PUP.Optional.MyPCBackup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49B5D7D1-977D-4AA6-8F41-A31922BD138F}
PUP.Optional.MyPCBackup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49B5D7D1-977D-4AA6-8F41-A31922BD138F}
PUP.Optional.MyPCBackup HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup
PUP.Optional.OneSystemCare HKCU\Software\One System Care
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-repair.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-flash-drive-data-recovery.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\netstumbler.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easy-disk-drive-repair.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-repair.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-flash-drive-data-recovery.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\netstumbler.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easy-disk-drive-repair.en.softonic.com
PUP.Optional.WhiteClick HKLM\Software\Classes\CLSID\{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}
PUP.Optional.WhiteClick HKLM\Software\Classes\MailSearch.Helpers.AutoComplete
PUP.Optional.WhiteClick HKLM\Software\Classes\MailSearch.MailSearchBandObject
PUP.Optional.WhiteClick HKLM\Software\Classes\MailSearch.Installer
PUP.Optional.WhiteClick HKLM\Software\Classes\MailSearch.Attributes.BandObjectAttribute
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-02-2020
# Duration: 00:01:11
# OS: Windows 10 Home
# Scanned: 34824
# Detected: 14
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Seznam.cz C:\Users\Kateřina\AppData\Roaming\Seznam.cz
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Babylon HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\babylonie.cz
PUP.Optional.Babylon HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.babylonie.cz
PUP.Optional.Babylon HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\babylonie.cz
PUP.Optional.Babylon HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.babylonie.cz
PUP.Optional.Banggood HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\banggood.com
PUP.Optional.Banggood HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.banggood.com
PUP.Optional.Banggood HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\banggood.com
PUP.Optional.Banggood HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.banggood.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easy-disk-drive-repair.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-flash-drive-data-recovery.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easy-disk-drive-repair.en.softonic.com
PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-flash-drive-data-recovery.en.softonic.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.LenovoSolutionCenter Folder C:\Program Files\LENOVO\LENOVO SOLUTION CENTER
AdwCleaner[S00].txt - [21824 octets] - [26/11/2018 18:46:14]
AdwCleaner[C00].txt - [19187 octets] - [26/11/2018 18:46:37]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118271
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, email rozesílá spam
OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu, email rozesílá spam
Dobrý den,
děkuji a tady jsou logy:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-02-2020 02
Ran by Kateřina (administrator) on LAPTOP-LMBQQVTN (LENOVO 80R2) (03-02-2020 11:10:50)
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: kcver & Kateřina)
Platform: Microsoft Windows 10 Home Version 1803 17134.885 (X86) Language: Slovenština (Slovensko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(3NOD) [File not signed] C:\Windows\3NOD\Lenovokb.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Kateřina\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Power Software Limited -> Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Realtek Semiconductor Corp -> ) C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [3nodkey] => C:\Windows\3NOD\LenovoKB.exe [6416384 2015-08-12] (3NOD) [File not signed]
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [103528 2015-07-29] (Intel Corporation - pGFX -> Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3173840 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [406664 2016-05-25] (Power Software Limited -> Power Software Ltd)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [266552 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [Easy Disk Drive Repair] => C:\Program Files\Zeatron Software\Easy Disk Drive Repair\EasyDiskDriveRepair.exe [483328 2015-01-17] (Zeatron Software) [File not signed]
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {24C6AD8D-F43B-4846-B9D2-7DD8483291DF} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {302231E7-C058-4190-A0E8-6117E2BAF219} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-07-17] (LENOVO -> Lenovo)
Task: {42A961D9-CEFA-4D98-987A-7339498B7611} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [270272 2015-07-17] (LENOVO -> Lenovo)
Task: {446DB129-8C88-404C-A5D8-D80235E8C7EE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1542536 2019-09-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {659F8A49-4B8D-4807-B1B5-FADF80AA29D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {6CF3372F-88CA-4AA4-BF9D-EB3FAF42E2B6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1439104 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DCD6F2A-5C33-4871-B76D-E0CF6A2E2F72} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9403328 2015-07-17] (LENOVO -> )
Task: {6F3AF377-953E-43AE-B0C2-A9CF668F586B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3250056 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {7E3E8B64-6253-4D91-AE61-76AA219AFB2C} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Kateřina\Desktop\AdwCleaner.exe [8356016 2020-02-02] (Malwarebytes Inc -> Malwarebytes)
Task: {8CB5701B-E1B0-4329-88B8-C5E728D936DD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {90AA0BCA-EE84-4A3B-BF39-7BAA0100F20B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9B94587F-53A2-4D48-8CC2-DD9B7D67BD36} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [18932504 2020-01-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {A821710D-C0CD-4F7B-A122-1CEE3BBED03A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB224C74-AD57-49BB-8DE5-36F634B12460} - System32\Tasks\UninstallMonitor => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [18937944 2018-10-16] (Innovative Solutions Grup SRL -> Innovative Solutions GRUP SRL)
Task: {B2198A60-F972-4207-AD76-690EDFC0180E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9403328 2015-07-17] (LENOVO -> )
Task: {B35AA63A-7209-41CB-B513-F938283BEE73} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1376144 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {C07FACDF-34F1-4123-9903-54A72E56B111} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [18932504 2020-01-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {C2BC506F-6DB7-45F3-B626-513FA4CBC091} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1320384 2015-07-17] (LENOVO -> Lenovo)
Task: {CB5461D8-35B3-44DC-BD82-68D7EFCE8E99} - System32\Tasks\AupAvUpdate => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe
Task: {DF54C431-3984-458E-B279-D978C1A353C0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1376144 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA1D29B8-3DBB-4871-9E26-06CF696438C0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {FE5E4B86-FA9B-4514-93A0-A4D3DD5BB21D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{0536420d-6f45-4c03-9f00-769e7f69022c}: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{49ca41ff-aac6-4d4b-96eb-37e9914a09f3}: [DhcpNameServer] 169.254.73.172
Internet Explorer:
==================
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\Kateřina\Downloads
Edge Notifications: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004 -> hxxps://www.facebook.com; hxxps://www.arome.cz; hxxps://www.hamty.cz
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-09-10] (Adobe Inc. -> Adobe Systems)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5106064 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [859096 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [147160 2015-07-16] (Realtek Semiconductor Corp -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7278352 2020-01-07] (Microsoft Corporation -> Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [299488 2016-11-28] (Intel(R) pGFX -> Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [108648 2015-07-29] (Intel Corporation - pGFX -> Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [105576 2015-07-29] (Intel Corporation - pGFX -> Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [115816 2015-07-29] (Intel Corporation - pGFX -> Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [292832 2016-11-28] (Intel(R) pGFX -> Intel Corporation)
S3 InnovativeSolutions_monitor; C:\Program Files\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065560 2018-10-16] (Innovative Solutions Grup SRL -> )
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-07-17] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3183440 2018-12-10] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [91776 2018-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35512 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [174712 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [224008 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [169408 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [59368 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15792 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [211088 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41200 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [136752 2019-11-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [95168 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [73312 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [691528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [394856 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [176760 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [277408 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera32.sys [697360 2015-07-09] (WDKTestCert viedifw,130729818588344082 -> Intel(R) Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [88584 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [55816 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [59392 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [85000 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [203264 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [467968 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [129248 2019-01-23] (Malwarebytes Corporation -> Malwarebytes)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [34176 2015-06-10] (WDKTestCert sys_dpebuild,130676845367974970 -> Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [27496 2015-06-10] (WDKTestCert sys_dpebuild,130676845367974970 -> Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [57360 2015-06-18] (WDKTestCert sys_dpebuild,130676858587893502 -> Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [98560 2015-06-10] (WDKTestCert sys_dpebuild,130676858587893502 -> Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel(R) Wireless Display -> Intel Corporation)
R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [47104 2015-07-01] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [277264 2015-11-11] (WDKTestCert sys_dpebuild,130676845285008007 -> Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel(R) Wireless Display -> Intel Corporation)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [106144 2018-12-10] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63760 2018-12-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [230120 2020-02-02] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [93416 2018-12-12] (Malwarebytes Corporation -> Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [33792 2015-06-16] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [77424 2015-06-16] (WDKTestCert sys_dpebuild,130674149657513416 -> Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [208624 2015-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [557312 2015-07-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\System32\drivers\rtwlans.sys [6555136 2018-04-11] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [1943808 2016-10-13] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [123968 2016-05-25] (Power Software Limited -> Power Software Ltd)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [84520 2015-05-27] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 UrsSynopsys; C:\WINDOWS\System32\drivers\urssynopsys.sys [21920 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [38488 2018-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [266424 2018-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [47800 2018-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [189952 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-06-07 14:05 - 4950-06-07 14:05 - 000178688 ____N (Microsoft Corporation) C:\WINDOWS\yLAe.exe
2099-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Program Files\Common Files\eejei.exe
2099-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____C (Microsoft Corporation) C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
2020-02-02 19:02 - 2020-02-02 19:02 - 000230120 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-02-02 19:01 - 2020-02-02 19:55 - 000002338 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2020-02-02 18:55 - 2020-02-02 18:55 - 008356016 ____C (Malwarebytes) C:\Users\Kateřina\Desktop\AdwCleaner.exe
2020-02-02 18:43 - 2020-02-02 18:53 - 000037018 ____C C:\Users\Kateřina\Desktop\Addition.txt
2020-02-02 18:40 - 2020-02-03 11:12 - 000024377 ____C C:\Users\Kateřina\Desktop\FRST.txt
2020-02-02 18:38 - 2020-02-02 18:38 - 002008064 ____C (Farbar) C:\Users\Kateřina\Desktop\FRST.exe
2020-01-30 19:40 - 2020-01-30 19:40 - 000000000 ___HD C:\$GetCurrent
2020-01-09 18:36 - 2020-01-09 18:36 - 000602293 ____C C:\Users\Kateřina\Documents\Prohlášení poplatníka interaktivní formulář_new.pdf
2020-01-09 18:25 - 2020-01-09 18:25 - 000600766 ____C C:\Users\Kateřina\Desktop\Prohlášení poplatníka interaktivní formulář_KCV.pdf
2020-01-09 18:23 - 2020-01-09 18:23 - 000371216 ____C C:\Users\Kateřina\Desktop\Prohlášení poplatníka interaktivní formulář.pdf
2020-01-09 17:54 - 2020-01-09 17:54 - 000596818 ____C C:\Users\Kateřina\Desktop\Prohlášení_poplatníka_2018_interaktivní_formulář_prázdný_02.01.2019.pdf
2020-01-09 16:23 - 2020-01-09 16:23 - 001573393 ____C C:\Users\Kateřina\Desktop\KCV.zip
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-02-03 11:12 - 2018-11-26 17:56 - 000000000 ____D C:\FRST
2020-02-03 11:09 - 2016-10-13 16:40 - 000000000 ___RD C:\Users\Kateřina\OneDrive
2020-02-03 11:08 - 2016-10-13 16:37 - 000000000 __SHD C:\Users\Kateřina\IntelGraphicsProfiles
2020-02-02 19:55 - 2018-08-01 12:54 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3793012919-2705438960-3369879477-1004
2020-02-02 19:55 - 2018-08-01 12:54 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-02-02 19:55 - 2018-08-01 12:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-02-02 19:39 - 2018-08-01 12:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-02-02 19:22 - 2018-04-11 21:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-02 19:06 - 2018-08-01 12:36 - 002338858 _____ C:\WINDOWS\system32\perfh005.dat
2020-02-02 19:06 - 2018-08-01 12:36 - 000669914 _____ C:\WINDOWS\system32\perfc005.dat
2020-02-02 19:06 - 2018-08-01 12:30 - 000005680 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-02-02 19:06 - 2017-10-22 17:48 - 001110690 _____ C:\WINDOWS\system32\perfh01B.dat
2020-02-02 19:06 - 2017-10-22 17:48 - 000936500 _____ C:\WINDOWS\system32\perfc01B.dat
2020-02-02 19:02 - 2018-08-01 12:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-02-02 19:01 - 2018-04-11 13:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-02-02 18:40 - 2018-04-11 21:31 - 000000000 ____D C:\WINDOWS\INF
2020-02-02 16:23 - 2018-12-12 17:58 - 000000000 ___DC C:\Users\Kateřina\Desktop\SKŘIVÁNEK
2020-02-02 16:10 - 2019-08-27 09:52 - 000000000 ____D C:\WINDOWS\Panther
2020-02-02 16:07 - 2018-08-01 12:15 - 000002381 ____C C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-31 16:54 - 2018-08-01 12:15 - 000000000 ____D C:\Users\Kateřina
2020-01-31 10:59 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-30 19:52 - 2018-04-11 21:36 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-30 19:38 - 2019-08-21 10:06 - 000000000 ____D C:\Windows10Upgrade
2020-01-30 19:38 - 2018-01-23 14:41 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník s aktualizací Windows 10.lnk
2020-01-30 19:38 - 2018-01-23 14:41 - 000000802 ____C C:\Users\Kateřina\Desktop\Pomocník s aktualizací Windows 10.lnk
2020-01-28 13:51 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-01-27 16:33 - 2018-04-11 21:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-01-27 16:29 - 2015-11-29 12:20 - 000000000 ____D C:\Program Files\Microsoft Office
2020-01-27 16:27 - 2018-12-17 18:42 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-23 13:23 - 2019-03-19 09:04 - 000000000 ___HD C:\$WINDOWS.~BT
2020-01-22 14:02 - 2018-08-01 13:10 - 000000000 ___DC C:\Users\Kateřina\AppData\Local\PlaceholderTileLogoFolder
2020-01-22 14:02 - 2018-01-26 12:17 - 000000000 ___DC C:\Users\Kateřina\AppData\Local\Packages
2020-01-15 16:33 - 2016-10-14 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-15 16:29 - 2016-10-14 22:19 - 117005720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-09 16:29 - 2016-10-28 22:34 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories ========
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ () C:\Program Files\TNVVPFINSS-DECRYPT.txt
4950-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Program Files\Common Files\eejei.exe
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 ____C () C:\Users\Kateřina\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:46 - 2018-11-26 15:46 - 000008666 ____C () C:\Users\Kateřina\AppData\Roaming\Microsoft\TNVVPFINSS-DECRYPT.txt
4950-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____C (Microsoft Corporation) C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
2018-11-07 22:22 - 2018-11-13 13:10 - 006161408 ____C () C:\Users\Kateřina\AppData\Local\dump007.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000140800 ____C () C:\Users\Kateřina\AppData\Local\installer.dat
2018-10-09 16:24 - 2018-10-09 16:24 - 000000003 ____C () C:\Users\Kateřina\AppData\Local\wbem.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-02-2020 02
Ran by Kateřina (03-02-2020 11:14:19)
Running from C:\Users\Kateřina\Desktop
Microsoft Windows 10 Home Version 1803 17134.885 (X86) (2018-08-01 11:55:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3793012919-2705438960-3369879477-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3793012919-2705438960-3369879477-503 - Limited - Disabled)
Guest (S-1-5-21-3793012919-2705438960-3369879477-501 - Limited - Disabled)
Kateřina (S-1-5-21-3793012919-2705438960-3369879477-1004 - Administrator - Enabled) => C:\Users\Kateřina
kcver (S-1-5-21-3793012919-2705438960-3369879477-1002 - Administrator - Enabled) => C:\Users\kcver
WDAGUtilityAccount (S-1-5-21-3793012919-2705438960-3369879477-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 12 (HKLM\...\AU11_is1) (Version: 12.24.0.100 - Innovative Solutions)
Apple Mobile Device Support (HKLM\...\{ABDE67C4-5876-4CDB-82A9-0CBACECC1C4A}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
AX88772C_772B_772A_772 Windows 8.x Drivers (HKLM\...\{18B9948C-938D-4AED-9ED7-EADE3BD1876A}) (Version: 3.0.1.0 - ASIX Electronics Corporation) Hidden
AX88772C_772B_772A_772 Windows 8.x Drivers (HKLM\...\InstallShield_{18B9948C-938D-4AED-9ED7-EADE3BD1876A}) (Version: 3.0.1.0 - ASIX Electronics Corporation)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Epson Easy Photo Print 2 (HKLM\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Free YouTube Downloader 4.2.754 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.17.5274 - GOM & Company)
iTunes (HKLM\...\{BCE6D6D6-42B5-4ABF-A44F-8EDF41F862D2}) (Version: 12.9.2.6 - Apple Inc.)
Lenovo Keyboard Driver (HKLM\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: 1.0.15.0812 - 3NOD)
Lenovo EasyCamera (HKLM\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Solution Center (HKLM\...\{74C3EF3E-2A0D-470A-9EDC-884D5F85644F}) (Version: 3.0.003.00 - Lenovo)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.12325.20344 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\OneDriveSetup.exe) (Version: 19.232.1124.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 CSY (HKLM\...\{E8BEDB28-151D-465C-9BE0-F6EB930A629C}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Network Stumbler 0.4.0 (remove only) (HKLM\...\Network Stumbler) (Version: - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12325.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.12325.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.12325.20344 - Microsoft Corporation) Hidden
Podpora aplikací Apple (32bitová) (HKLM\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Pomocník s aktualizací Windows 10 (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
PowerISO (HKLM\...\PowerISO) (Version: 6.6 - Power Software Ltd)
REALTEK Bluetooth (HKLM\...\{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - REALTEK Semiconductor Corp.) Hidden
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - Realtek Semiconductor Corp.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.224135 - TeamViewer)
UpdateAssistant (HKLM\...\{A8CB3AA1-4ED7-4E95-BA0A-3DC927739A0E}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
Webshare uploader (HKLM\...\WebshareDLC) (Version: - Webshare)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Packages:
=========
8 Zip Lite - unpack RAR, ZIP, 7z for free -> C:\Program Files\WindowsApps\BooStudioLLC.8ZipLite_1.2.150.0_x86__b6e429xa66pga [2018-06-27] (Finebits OÜ) [MS Ad]
Adobe Photoshop Express: Editor obrazů, úpravy, filtry, efekty, okraje -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.0.316.0_x86__ynb6jyjzte8ga [2019-05-27] (Adobe Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.156.300.0_x86__kgqvnymyfvs32 [2020-01-29] (king.com)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2018-07-30] (Instagram)
Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_196.2292.59195.0_x86__8xx8rvfyw5nnt [2020-01-22] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Průvodce pro telefon -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x86__8wekyb3d8bbwe [2018-02-15] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x86__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad]
Microsoft Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x86__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.20074.0_x86__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x86__8wekyb3d8bbwe [2019-12-20] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.34.20074.0_x86__8wekyb3d8bbwe [2020-01-20] (Microsoft Corporation) [MS Ad]
Photo Watermark - Add Watermark to Photos, Add Timestamps -> C:\Program Files\WindowsApps\12176PicturePerfectApps.PhotoWatermark-AddWatermar_1.1.4.0_x86__e40414p8savay [2019-01-21] (Picture Perfect Apps) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-10] (Twitter Inc.)
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Limited -> Power Software Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2015-11-29 13:05 - 2015-06-09 03:20 - 000045056 _____ () [File not signed] C:\Windows\3NOD\hidhook.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Kateřina\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 09:28 - 2019-01-04 09:07 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.1.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{686A5B0F-72AE-4887-BA1C-7C5538C8EE2E}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{CE4E4021-A8EF-4D73-8D6D-0EDEF241C821}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{9797F135-393E-49F2-8549-E8A23C9BCB19}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{4506DF19-34C4-467F-A305-81241F34E03A}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{B2FB42EF-2792-41CE-BD13-CDAA2FC378AD}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{DC6EC7A9-76AA-4DE7-B37A-99D8BEADE131}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{CFEE2A02-79F0-460A-8D4A-B066C0CBFA58}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{C764E5CB-BE9B-4773-B4EC-0E7F1FA35F36}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{C5E3EA69-45DA-4F21-A67C-8456ED7BB907}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{572802B3-417F-4E13-9657-9CA79E80BFF0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{979F9B6C-558F-46EE-AE0F-5463053A2D36}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{A714F5E9-EE96-446D-AC7C-86590FA12403}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E205A33B-2E3C-403B-8389-D5CE2D53C1EE}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93E1560C-848B-4C14-AAB3-8500AECAAE00}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BF666A0C-FCBB-4354-AF19-ACD86FC71623}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{79BB3168-0940-4AF9-952E-24AAB607905A}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D7247124-9FA0-46AC-B243-13F98BA40EA5}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6704B659-10E2-4E72-B184-60677C1C27A4}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:56.99 GB) (Free:4.84 GB) (8%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/03/2020 11:14:28 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263
Error: (02/03/2020 11:08:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (02/03/2020 11:08:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (02/02/2020 07:06:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/02/2020 07:06:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/02/2020 07:06:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/02/2020 07:06:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/02/2020 07:05:31 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263
System errors:
=============
Error: (02/03/2020 11:08:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/03/2020 11:08:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/03/2020 11:08:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/02/2020 07:53:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_44b94 byla neočekávaně ukončena. Tento stav nastal již 12krát.
Error: (02/02/2020 07:53:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_44b94 byla neočekávaně ukončena. Tento stav nastal již 11krát.
Error: (02/02/2020 07:52:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_44b94 byla neočekávaně ukončena. Tento stav nastal již 10krát.
Error: (02/02/2020 07:52:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_44b94 byla neočekávaně ukončena. Tento stav nastal již 9krát.
Error: (02/02/2020 07:51:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_44b94 byla neočekávaně ukončena. Tento stav nastal již 8krát.
Windows Defender:
===================================
Date: 2018-12-11 14:56:04.306
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Program:Win32/Unwaders.C!ml
ID: 242874
Závažnost: Závažná
Kategorie: Potenciálne nežiaduci softvér
Cesta: file:_C:\Users\Kateřina\Favorites\Res.Center.ponse\072344\urlmon.7z; file:_C:\Users\Kateřina\Favorites\Res.Center.ponse\352334\urlmon.7z; file:_C:\Users\Kateřina\Favorites\Res.Center.ponse\502221\urlmon.7z
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-11 11:25:14.922
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Dexphot.A
ID: 2147730490
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\062124\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071214\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071404\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\072314\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\081554\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\121934\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\401741\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\431134\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\022127\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061334\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061714\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061904\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\062054\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\071524\MSE.Engine.dll; file:_C:\Users\Kate
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\Internet Explorer\iexplore.exe
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-11 11:25:14.580
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Dexphot.A
ID: 2147730490
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\062124\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071214\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071404\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\072314\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\081554\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\121934\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\401741\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\431134\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\022127\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061334\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061714\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061904\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\062054\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\071524\MSE.Engine.dll; file:_C:\Users\Kate
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\Internet Explorer\iexplore.exe
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-11 11:25:14.035
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Dexphot.A
ID: 2147730490
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\062124\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071214\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071404\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\072314\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\081554\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\121934\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\401741\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\431134\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\022127\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061334\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061714\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061904\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\062054\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\071524\MSE.Engine.dll; file:_C:\Users\Kate
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\Internet Explorer\iexplore.exe
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-11 11:25:13.615
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Dexphot.A
ID: 2147730490
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\062124\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071214\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071404\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\072314\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\081554\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\121934\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\401741\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\431134\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\022127\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061334\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061714\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061904\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\062054\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\071524\MSE.Engine.dll; file:_C:\Users\Kate
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\Internet Explorer\iexplore.exe
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-09 15:07:25.037
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.132.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240016
Popis chyby :Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.
CodeIntegrity:
===================================
Date: 2020-02-03 11:08:55.351
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-02 19:02:53.386
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-02 16:01:49.784
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-29 19:09:08.550
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-29 14:17:46.190
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-29 13:49:08.718
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-28 15:02:38.301
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-27 16:24:12.214
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO E2CN15WW 09/12/2018
Motherboard: LENOVO Aristotle 11.6
Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 90%
Total physical RAM: 1977.13 MB
Available physical RAM: 187.78 MB
Total Virtual: 3954.26 MB
Available Virtual: 606.36 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:56.99 GB) (Free:4.84 GB) NTFS
\\?\Volume{9c76ee76-6bb3-4f5a-993b-b448b6702264}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.67 GB) NTFS
\\?\Volume{e1359a58-b0db-4cbb-9fd5-0160589ee3ed}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 049CE56E)
Partition: GPT.
==================== End of Addition.txt =======================
děkuji a tady jsou logy:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-02-2020 02
Ran by Kateřina (administrator) on LAPTOP-LMBQQVTN (LENOVO 80R2) (03-02-2020 11:10:50)
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: kcver & Kateřina)
Platform: Microsoft Windows 10 Home Version 1803 17134.885 (X86) Language: Slovenština (Slovensko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(3NOD) [File not signed] C:\Windows\3NOD\Lenovokb.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Kateřina\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Power Software Limited -> Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Realtek Semiconductor Corp -> ) C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [3nodkey] => C:\Windows\3NOD\LenovoKB.exe [6416384 2015-08-12] (3NOD) [File not signed]
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [103528 2015-07-29] (Intel Corporation - pGFX -> Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3173840 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [406664 2016-05-25] (Power Software Limited -> Power Software Ltd)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [266552 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [Easy Disk Drive Repair] => C:\Program Files\Zeatron Software\Easy Disk Drive Repair\EasyDiskDriveRepair.exe [483328 2015-01-17] (Zeatron Software) [File not signed]
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {24C6AD8D-F43B-4846-B9D2-7DD8483291DF} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {302231E7-C058-4190-A0E8-6117E2BAF219} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-07-17] (LENOVO -> Lenovo)
Task: {42A961D9-CEFA-4D98-987A-7339498B7611} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [270272 2015-07-17] (LENOVO -> Lenovo)
Task: {446DB129-8C88-404C-A5D8-D80235E8C7EE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1542536 2019-09-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {659F8A49-4B8D-4807-B1B5-FADF80AA29D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {6CF3372F-88CA-4AA4-BF9D-EB3FAF42E2B6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1439104 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DCD6F2A-5C33-4871-B76D-E0CF6A2E2F72} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9403328 2015-07-17] (LENOVO -> )
Task: {6F3AF377-953E-43AE-B0C2-A9CF668F586B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3250056 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {7E3E8B64-6253-4D91-AE61-76AA219AFB2C} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Kateřina\Desktop\AdwCleaner.exe [8356016 2020-02-02] (Malwarebytes Inc -> Malwarebytes)
Task: {8CB5701B-E1B0-4329-88B8-C5E728D936DD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {90AA0BCA-EE84-4A3B-BF39-7BAA0100F20B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9B94587F-53A2-4D48-8CC2-DD9B7D67BD36} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [18932504 2020-01-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {A821710D-C0CD-4F7B-A122-1CEE3BBED03A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB224C74-AD57-49BB-8DE5-36F634B12460} - System32\Tasks\UninstallMonitor => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [18937944 2018-10-16] (Innovative Solutions Grup SRL -> Innovative Solutions GRUP SRL)
Task: {B2198A60-F972-4207-AD76-690EDFC0180E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9403328 2015-07-17] (LENOVO -> )
Task: {B35AA63A-7209-41CB-B513-F938283BEE73} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1376144 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {C07FACDF-34F1-4123-9903-54A72E56B111} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [18932504 2020-01-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {C2BC506F-6DB7-45F3-B626-513FA4CBC091} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1320384 2015-07-17] (LENOVO -> Lenovo)
Task: {CB5461D8-35B3-44DC-BD82-68D7EFCE8E99} - System32\Tasks\AupAvUpdate => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe
Task: {DF54C431-3984-458E-B279-D978C1A353C0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1376144 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA1D29B8-3DBB-4871-9E26-06CF696438C0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {FE5E4B86-FA9B-4514-93A0-A4D3DD5BB21D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{0536420d-6f45-4c03-9f00-769e7f69022c}: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{49ca41ff-aac6-4d4b-96eb-37e9914a09f3}: [DhcpNameServer] 169.254.73.172
Internet Explorer:
==================
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\Kateřina\Downloads
Edge Notifications: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004 -> hxxps://www.facebook.com; hxxps://www.arome.cz; hxxps://www.hamty.cz
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-09-10] (Adobe Inc. -> Adobe Systems)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5106064 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [859096 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [147160 2015-07-16] (Realtek Semiconductor Corp -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7278352 2020-01-07] (Microsoft Corporation -> Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [299488 2016-11-28] (Intel(R) pGFX -> Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [108648 2015-07-29] (Intel Corporation - pGFX -> Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [105576 2015-07-29] (Intel Corporation - pGFX -> Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [115816 2015-07-29] (Intel Corporation - pGFX -> Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [292832 2016-11-28] (Intel(R) pGFX -> Intel Corporation)
S3 InnovativeSolutions_monitor; C:\Program Files\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065560 2018-10-16] (Innovative Solutions Grup SRL -> )
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-07-17] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3183440 2018-12-10] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [91776 2018-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35512 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [174712 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [224008 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [169408 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [59368 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15792 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [211088 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41200 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [136752 2019-11-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [95168 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [73312 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [691528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [394856 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [176760 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [277408 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera32.sys [697360 2015-07-09] (WDKTestCert viedifw,130729818588344082 -> Intel(R) Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [88584 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [55816 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [59392 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [85000 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [203264 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [467968 2015-06-23] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [129248 2019-01-23] (Malwarebytes Corporation -> Malwarebytes)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [34176 2015-06-10] (WDKTestCert sys_dpebuild,130676845367974970 -> Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [27496 2015-06-10] (WDKTestCert sys_dpebuild,130676845367974970 -> Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [57360 2015-06-18] (WDKTestCert sys_dpebuild,130676858587893502 -> Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [98560 2015-06-10] (WDKTestCert sys_dpebuild,130676858587893502 -> Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel(R) Wireless Display -> Intel Corporation)
R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [47104 2015-07-01] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [277264 2015-11-11] (WDKTestCert sys_dpebuild,130676845285008007 -> Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel(R) Wireless Display -> Intel Corporation)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [106144 2018-12-10] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63760 2018-12-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [230120 2020-02-02] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [93416 2018-12-12] (Malwarebytes Corporation -> Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [33792 2015-06-16] (Intel(R) Baytrail Wintablet -> Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [77424 2015-06-16] (WDKTestCert sys_dpebuild,130674149657513416 -> Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [208624 2015-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [557312 2015-07-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\System32\drivers\rtwlans.sys [6555136 2018-04-11] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [1943808 2016-10-13] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [123968 2016-05-25] (Power Software Limited -> Power Software Ltd)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [84520 2015-05-27] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 UrsSynopsys; C:\WINDOWS\System32\drivers\urssynopsys.sys [21920 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [38488 2018-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [266424 2018-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [47800 2018-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [189952 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-06-07 14:05 - 4950-06-07 14:05 - 000178688 ____N (Microsoft Corporation) C:\WINDOWS\yLAe.exe
2099-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Program Files\Common Files\eejei.exe
2099-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____C (Microsoft Corporation) C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
2020-02-02 19:02 - 2020-02-02 19:02 - 000230120 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-02-02 19:01 - 2020-02-02 19:55 - 000002338 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2020-02-02 18:55 - 2020-02-02 18:55 - 008356016 ____C (Malwarebytes) C:\Users\Kateřina\Desktop\AdwCleaner.exe
2020-02-02 18:43 - 2020-02-02 18:53 - 000037018 ____C C:\Users\Kateřina\Desktop\Addition.txt
2020-02-02 18:40 - 2020-02-03 11:12 - 000024377 ____C C:\Users\Kateřina\Desktop\FRST.txt
2020-02-02 18:38 - 2020-02-02 18:38 - 002008064 ____C (Farbar) C:\Users\Kateřina\Desktop\FRST.exe
2020-01-30 19:40 - 2020-01-30 19:40 - 000000000 ___HD C:\$GetCurrent
2020-01-09 18:36 - 2020-01-09 18:36 - 000602293 ____C C:\Users\Kateřina\Documents\Prohlášení poplatníka interaktivní formulář_new.pdf
2020-01-09 18:25 - 2020-01-09 18:25 - 000600766 ____C C:\Users\Kateřina\Desktop\Prohlášení poplatníka interaktivní formulář_KCV.pdf
2020-01-09 18:23 - 2020-01-09 18:23 - 000371216 ____C C:\Users\Kateřina\Desktop\Prohlášení poplatníka interaktivní formulář.pdf
2020-01-09 17:54 - 2020-01-09 17:54 - 000596818 ____C C:\Users\Kateřina\Desktop\Prohlášení_poplatníka_2018_interaktivní_formulář_prázdný_02.01.2019.pdf
2020-01-09 16:23 - 2020-01-09 16:23 - 001573393 ____C C:\Users\Kateřina\Desktop\KCV.zip
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-02-03 11:12 - 2018-11-26 17:56 - 000000000 ____D C:\FRST
2020-02-03 11:09 - 2016-10-13 16:40 - 000000000 ___RD C:\Users\Kateřina\OneDrive
2020-02-03 11:08 - 2016-10-13 16:37 - 000000000 __SHD C:\Users\Kateřina\IntelGraphicsProfiles
2020-02-02 19:55 - 2018-08-01 12:54 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3793012919-2705438960-3369879477-1004
2020-02-02 19:55 - 2018-08-01 12:54 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-02-02 19:55 - 2018-08-01 12:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-02-02 19:39 - 2018-08-01 12:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-02-02 19:22 - 2018-04-11 21:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-02 19:06 - 2018-08-01 12:36 - 002338858 _____ C:\WINDOWS\system32\perfh005.dat
2020-02-02 19:06 - 2018-08-01 12:36 - 000669914 _____ C:\WINDOWS\system32\perfc005.dat
2020-02-02 19:06 - 2018-08-01 12:30 - 000005680 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-02-02 19:06 - 2017-10-22 17:48 - 001110690 _____ C:\WINDOWS\system32\perfh01B.dat
2020-02-02 19:06 - 2017-10-22 17:48 - 000936500 _____ C:\WINDOWS\system32\perfc01B.dat
2020-02-02 19:02 - 2018-08-01 12:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-02-02 19:01 - 2018-04-11 13:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-02-02 18:40 - 2018-04-11 21:31 - 000000000 ____D C:\WINDOWS\INF
2020-02-02 16:23 - 2018-12-12 17:58 - 000000000 ___DC C:\Users\Kateřina\Desktop\SKŘIVÁNEK
2020-02-02 16:10 - 2019-08-27 09:52 - 000000000 ____D C:\WINDOWS\Panther
2020-02-02 16:07 - 2018-08-01 12:15 - 000002381 ____C C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-31 16:54 - 2018-08-01 12:15 - 000000000 ____D C:\Users\Kateřina
2020-01-31 10:59 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-30 19:52 - 2018-04-11 21:36 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-30 19:38 - 2019-08-21 10:06 - 000000000 ____D C:\Windows10Upgrade
2020-01-30 19:38 - 2018-01-23 14:41 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník s aktualizací Windows 10.lnk
2020-01-30 19:38 - 2018-01-23 14:41 - 000000802 ____C C:\Users\Kateřina\Desktop\Pomocník s aktualizací Windows 10.lnk
2020-01-28 13:51 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-01-27 16:33 - 2018-04-11 21:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-01-27 16:29 - 2015-11-29 12:20 - 000000000 ____D C:\Program Files\Microsoft Office
2020-01-27 16:27 - 2018-12-17 18:42 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-23 13:23 - 2019-03-19 09:04 - 000000000 ___HD C:\$WINDOWS.~BT
2020-01-22 14:02 - 2018-08-01 13:10 - 000000000 ___DC C:\Users\Kateřina\AppData\Local\PlaceholderTileLogoFolder
2020-01-22 14:02 - 2018-01-26 12:17 - 000000000 ___DC C:\Users\Kateřina\AppData\Local\Packages
2020-01-15 16:33 - 2016-10-14 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-15 16:29 - 2016-10-14 22:19 - 117005720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-09 16:29 - 2016-10-28 22:34 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories ========
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ () C:\Program Files\TNVVPFINSS-DECRYPT.txt
4950-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Program Files\Common Files\eejei.exe
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 ____C () C:\Users\Kateřina\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:46 - 2018-11-26 15:46 - 000008666 ____C () C:\Users\Kateřina\AppData\Roaming\Microsoft\TNVVPFINSS-DECRYPT.txt
4950-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____C (Microsoft Corporation) C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
2018-11-07 22:22 - 2018-11-13 13:10 - 006161408 ____C () C:\Users\Kateřina\AppData\Local\dump007.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000140800 ____C () C:\Users\Kateřina\AppData\Local\installer.dat
2018-10-09 16:24 - 2018-10-09 16:24 - 000000003 ____C () C:\Users\Kateřina\AppData\Local\wbem.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-02-2020 02
Ran by Kateřina (03-02-2020 11:14:19)
Running from C:\Users\Kateřina\Desktop
Microsoft Windows 10 Home Version 1803 17134.885 (X86) (2018-08-01 11:55:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3793012919-2705438960-3369879477-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3793012919-2705438960-3369879477-503 - Limited - Disabled)
Guest (S-1-5-21-3793012919-2705438960-3369879477-501 - Limited - Disabled)
Kateřina (S-1-5-21-3793012919-2705438960-3369879477-1004 - Administrator - Enabled) => C:\Users\Kateřina
kcver (S-1-5-21-3793012919-2705438960-3369879477-1002 - Administrator - Enabled) => C:\Users\kcver
WDAGUtilityAccount (S-1-5-21-3793012919-2705438960-3369879477-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 12 (HKLM\...\AU11_is1) (Version: 12.24.0.100 - Innovative Solutions)
Apple Mobile Device Support (HKLM\...\{ABDE67C4-5876-4CDB-82A9-0CBACECC1C4A}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
AX88772C_772B_772A_772 Windows 8.x Drivers (HKLM\...\{18B9948C-938D-4AED-9ED7-EADE3BD1876A}) (Version: 3.0.1.0 - ASIX Electronics Corporation) Hidden
AX88772C_772B_772A_772 Windows 8.x Drivers (HKLM\...\InstallShield_{18B9948C-938D-4AED-9ED7-EADE3BD1876A}) (Version: 3.0.1.0 - ASIX Electronics Corporation)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Epson Easy Photo Print 2 (HKLM\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Free YouTube Downloader 4.2.754 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.17.5274 - GOM & Company)
iTunes (HKLM\...\{BCE6D6D6-42B5-4ABF-A44F-8EDF41F862D2}) (Version: 12.9.2.6 - Apple Inc.)
Lenovo Keyboard Driver (HKLM\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: 1.0.15.0812 - 3NOD)
Lenovo EasyCamera (HKLM\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Solution Center (HKLM\...\{74C3EF3E-2A0D-470A-9EDC-884D5F85644F}) (Version: 3.0.003.00 - Lenovo)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.12325.20344 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\OneDriveSetup.exe) (Version: 19.232.1124.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 CSY (HKLM\...\{E8BEDB28-151D-465C-9BE0-F6EB930A629C}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Network Stumbler 0.4.0 (remove only) (HKLM\...\Network Stumbler) (Version: - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12325.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.12325.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.12325.20344 - Microsoft Corporation) Hidden
Podpora aplikací Apple (32bitová) (HKLM\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Pomocník s aktualizací Windows 10 (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
PowerISO (HKLM\...\PowerISO) (Version: 6.6 - Power Software Ltd)
REALTEK Bluetooth (HKLM\...\{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - REALTEK Semiconductor Corp.) Hidden
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - Realtek Semiconductor Corp.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.224135 - TeamViewer)
UpdateAssistant (HKLM\...\{A8CB3AA1-4ED7-4E95-BA0A-3DC927739A0E}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
Webshare uploader (HKLM\...\WebshareDLC) (Version: - Webshare)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Packages:
=========
8 Zip Lite - unpack RAR, ZIP, 7z for free -> C:\Program Files\WindowsApps\BooStudioLLC.8ZipLite_1.2.150.0_x86__b6e429xa66pga [2018-06-27] (Finebits OÜ) [MS Ad]
Adobe Photoshop Express: Editor obrazů, úpravy, filtry, efekty, okraje -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.0.316.0_x86__ynb6jyjzte8ga [2019-05-27] (Adobe Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.156.300.0_x86__kgqvnymyfvs32 [2020-01-29] (king.com)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2018-07-30] (Instagram)
Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_196.2292.59195.0_x86__8xx8rvfyw5nnt [2020-01-22] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Průvodce pro telefon -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x86__8wekyb3d8bbwe [2018-02-15] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x86__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad]
Microsoft Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x86__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.20074.0_x86__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x86__8wekyb3d8bbwe [2019-12-20] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.34.20074.0_x86__8wekyb3d8bbwe [2020-01-20] (Microsoft Corporation) [MS Ad]
Photo Watermark - Add Watermark to Photos, Add Timestamps -> C:\Program Files\WindowsApps\12176PicturePerfectApps.PhotoWatermark-AddWatermar_1.1.4.0_x86__e40414p8savay [2019-01-21] (Picture Perfect Apps) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-10] (Twitter Inc.)
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Limited -> Power Software Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2015-11-29 13:05 - 2015-06-09 03:20 - 000045056 _____ () [File not signed] C:\Windows\3NOD\hidhook.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-01-23 20:52 - 2019-01-23 20:51 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2018-11-27 13:25 - 2019-01-23 20:51 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Kateřina\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 09:28 - 2019-01-04 09:07 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.1.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{686A5B0F-72AE-4887-BA1C-7C5538C8EE2E}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{CE4E4021-A8EF-4D73-8D6D-0EDEF241C821}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{9797F135-393E-49F2-8549-E8A23C9BCB19}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{4506DF19-34C4-467F-A305-81241F34E03A}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{B2FB42EF-2792-41CE-BD13-CDAA2FC378AD}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{DC6EC7A9-76AA-4DE7-B37A-99D8BEADE131}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{CFEE2A02-79F0-460A-8D4A-B066C0CBFA58}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{C764E5CB-BE9B-4773-B4EC-0E7F1FA35F36}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{C5E3EA69-45DA-4F21-A67C-8456ED7BB907}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe (Ghisler Software GmbH -> )
FirewallRules: [{572802B3-417F-4E13-9657-9CA79E80BFF0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{979F9B6C-558F-46EE-AE0F-5463053A2D36}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{A714F5E9-EE96-446D-AC7C-86590FA12403}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E205A33B-2E3C-403B-8389-D5CE2D53C1EE}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93E1560C-848B-4C14-AAB3-8500AECAAE00}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BF666A0C-FCBB-4354-AF19-ACD86FC71623}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{79BB3168-0940-4AF9-952E-24AAB607905A}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D7247124-9FA0-46AC-B243-13F98BA40EA5}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6704B659-10E2-4E72-B184-60677C1C27A4}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:56.99 GB) (Free:4.84 GB) (8%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/03/2020 11:14:28 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263
Error: (02/03/2020 11:08:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (02/03/2020 11:08:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.
Error: (02/02/2020 07:06:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/02/2020 07:06:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/02/2020 07:06:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/02/2020 07:06:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/02/2020 07:05:31 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263
System errors:
=============
Error: (02/03/2020 11:08:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/03/2020 11:08:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/03/2020 11:08:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/02/2020 07:53:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_44b94 byla neočekávaně ukončena. Tento stav nastal již 12krát.
Error: (02/02/2020 07:53:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_44b94 byla neočekávaně ukončena. Tento stav nastal již 11krát.
Error: (02/02/2020 07:52:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_44b94 byla neočekávaně ukončena. Tento stav nastal již 10krát.
Error: (02/02/2020 07:52:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_44b94 byla neočekávaně ukončena. Tento stav nastal již 9krát.
Error: (02/02/2020 07:51:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Používateľská služba zobrazovania oznámení vo Windowse_44b94 byla neočekávaně ukončena. Tento stav nastal již 8krát.
Windows Defender:
===================================
Date: 2018-12-11 14:56:04.306
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Program:Win32/Unwaders.C!ml
ID: 242874
Závažnost: Závažná
Kategorie: Potenciálne nežiaduci softvér
Cesta: file:_C:\Users\Kateřina\Favorites\Res.Center.ponse\072344\urlmon.7z; file:_C:\Users\Kateřina\Favorites\Res.Center.ponse\352334\urlmon.7z; file:_C:\Users\Kateřina\Favorites\Res.Center.ponse\502221\urlmon.7z
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-11 11:25:14.922
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Dexphot.A
ID: 2147730490
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\062124\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071214\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071404\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\072314\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\081554\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\121934\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\401741\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\431134\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\022127\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061334\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061714\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061904\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\062054\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\071524\MSE.Engine.dll; file:_C:\Users\Kate
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\Internet Explorer\iexplore.exe
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-11 11:25:14.580
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Dexphot.A
ID: 2147730490
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\062124\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071214\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071404\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\072314\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\081554\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\121934\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\401741\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\431134\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\022127\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061334\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061714\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061904\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\062054\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\071524\MSE.Engine.dll; file:_C:\Users\Kate
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\Internet Explorer\iexplore.exe
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-11 11:25:14.035
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Dexphot.A
ID: 2147730490
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\062124\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071214\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071404\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\072314\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\081554\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\121934\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\401741\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\431134\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\022127\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061334\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061714\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061904\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\062054\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\071524\MSE.Engine.dll; file:_C:\Users\Kate
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\Internet Explorer\iexplore.exe
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-11 11:25:13.615
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Dexphot.A
ID: 2147730490
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\062124\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071214\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\071404\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\072314\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\081554\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\121934\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\401741\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Doctor Web.Sign\431134\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\022127\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061334\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061714\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\061904\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\062054\MSE.Engine.dll; file:_C:\Users\Kateřina\Favorites\Extended.Web\071524\MSE.Engine.dll; file:_C:\Users\Kate
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\Internet Explorer\iexplore.exe
Verze podpisu: AV: 1.283.303.0, AS: 1.283.303.0, NIS: 1.283.303.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2
Date: 2018-12-09 15:07:25.037
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.283.132.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15500.2
Kód chyby: 0x80240016
Popis chyby :Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.
CodeIntegrity:
===================================
Date: 2020-02-03 11:08:55.351
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-02 19:02:53.386
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-02 16:01:49.784
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-29 19:09:08.550
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-29 14:17:46.190
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-29 13:49:08.718
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-28 15:02:38.301
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-01-27 16:24:12.214
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO E2CN15WW 09/12/2018
Motherboard: LENOVO Aristotle 11.6
Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 90%
Total physical RAM: 1977.13 MB
Available physical RAM: 187.78 MB
Total Virtual: 3954.26 MB
Available Virtual: 606.36 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:56.99 GB) (Free:4.84 GB) NTFS
\\?\Volume{9c76ee76-6bb3-4f5a-993b-b448b6702264}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.67 GB) NTFS
\\?\Volume{e1359a58-b0db-4cbb-9fd5-0160589ee3ed}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 049CE56E)
Partition: GPT.
==================== End of Addition.txt =======================
-
Rudy
- Site Admin
- Příspěvky: 118271
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, email rozesílá spam
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
C:\Program Files\Bonjour
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
C:\WINDOWS\yLAe.exe
C:\Program Files\Common Files\eejei.exe
C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
AlternateDataStreams: C:\Users\Kateřina\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
C:\Users\Kateřina\Favorites\Res.Center.ponse\072344\urlmon.7z
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu, email rozesílá spam
Povedlo se, log přikládám:
Fix result of Farbar Recovery Scan Tool (x86) Version: 02-02-2020 02
Ran by Kateřina (03-02-2020 14:56:40) Run:2
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: kcver & Kateřina)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
C:\Program Files\Bonjour
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
C:\WINDOWS\yLAe.exe
C:\Program Files\Common Files\eejei.exe
C:\Users\Kate�ina\AppData\Local\ddfckuKVYuTeA.exe
AlternateDataStreams: C:\Users\Kate�ina\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
C:\Users\Kate�ina\Favorites\Res.Center.ponse\072344\urlmon.7z
EmptyTemp:
End
*****************
Processes closed successfully.
C:\Program Files\Bonjour => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully.
C:\WINDOWS\yLAe.exe => moved successfully
C:\Program Files\Common Files\eejei.exe => moved successfully
"C:\Users\Kate�ina\AppData\Local\ddfckuKVYuTeA.exe" => not found
"C:\Users\Kate�ina\OneDrive" => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS not found.
"C:\Users\Kate�ina\Favorites\Res.Center.ponse\072344\urlmon.7z" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 15228928 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95021435 B
Java, Flash, Steam htmlcache => 510 B
Windows/system/drivers => 5395272 B
Edge => 73567057 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 585548225 B
LocalService => 585565365 B
NetworkService => 585565365 B
kcver => 585565365 B
Kateřina => 622239227 B
RecycleBin => 3353645128 B
EmptyTemp: => 6.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:57:22 ====
Fix result of Farbar Recovery Scan Tool (x86) Version: 02-02-2020 02
Ran by Kateřina (03-02-2020 14:56:40) Run:2
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: kcver & Kateřina)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
C:\Program Files\Bonjour
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
C:\WINDOWS\yLAe.exe
C:\Program Files\Common Files\eejei.exe
C:\Users\Kate�ina\AppData\Local\ddfckuKVYuTeA.exe
AlternateDataStreams: C:\Users\Kate�ina\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]
C:\Users\Kate�ina\Favorites\Res.Center.ponse\072344\urlmon.7z
EmptyTemp:
End
*****************
Processes closed successfully.
C:\Program Files\Bonjour => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully.
C:\WINDOWS\yLAe.exe => moved successfully
C:\Program Files\Common Files\eejei.exe => moved successfully
"C:\Users\Kate�ina\AppData\Local\ddfckuKVYuTeA.exe" => not found
"C:\Users\Kate�ina\OneDrive" => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS not found.
"C:\Users\Kate�ina\Favorites\Res.Center.ponse\072344\urlmon.7z" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 15228928 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95021435 B
Java, Flash, Steam htmlcache => 510 B
Windows/system/drivers => 5395272 B
Edge => 73567057 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 585548225 B
LocalService => 585565365 B
NetworkService => 585565365 B
kcver => 585565365 B
Kateřina => 622239227 B
RecycleBin => 3353645128 B
EmptyTemp: => 6.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:57:22 ====
-
Rudy
- Site Admin
- Příspěvky: 118271
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, email rozesílá spam
Smazáno, log je již OK. Přesvědčte se, zda se problém vyřešil.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu, email rozesílá spam
Dobře, děkuji moc za pomoc. Notebook se zdá být také rychlejší, tak myslím, že se povedlo. Co to bylo, prosím, za vir?
-
Rudy
- Site Admin
- Příspěvky: 118271
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, email rozesílá spam
Různé AdWary a zbytečnosti. Měl by být rychlejší, odstarnili jsme více než 6GB dočasných souborů. Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu, email rozesílá spam
To je dobře
Děkuji moc a hezký večer přeji.
Děkuji moc a hezký večer přeji.
-
Rudy
- Site Admin
- Příspěvky: 118271
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu, email rozesílá spam
OK. Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?