VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Poprosim o preventivku

https://forum.viry.cz:443/viewtopic.php?t=155373

Stránka 1 z 2

Poprosim o preventivku

Napsal: 30 pro 2018 19:29
od Martin.Horacek
Ahoj, prvne dekuju za kontrolu meho prvniho pracovniho kompu. Mel jsem tam brouka a protoze jsem tu samou aplikaci instaloval i na muj druhy rodinny mohl bych vas poprosit o posledni kontrolu. Mozna ze tady toho bude vic, pocitac se pouziva dele a je celkove nejaky zpomaleny, nekdy i zamrzava mys.

log FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.12.2018
Ran by Jitka (administrator) on NUNANEK (30-12-2018 19:25:21)
Running from C:\Users\Jitka\Desktop
Loaded Profiles: Jitka & (Available Profiles: Jitka & Martinek)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\ws.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-23] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1714952 2013-10-16] (CyberLink Corp.)
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [1449472 2018-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {170d3cd0-9a76-11e6-bee7-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {1ed8f561-5439-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f6554-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65ba-d036-11e7-beec-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65c4-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {454f5b82-e938-11e5-bee1-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b79-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b82-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {4a42ff50-48b2-11e5-bed7-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {6257f6bd-bae3-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {7d89cc54-5339-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {94c0bd75-88d4-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {9c7659e8-8f71-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594149-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594151-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6da5d-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6e9fa-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {c4765a1e-d263-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {d1d3b51b-809c-11e6-bee6-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e282bbd9-7e6c-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e5165bad-cd3d-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef32e5d3-5423-11e3-be7c-70188b45893e} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470bda-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470be9-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef471913-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1714952 2013-10-16] (CyberLink Corp.)
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [1449472 2018-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {170d3cd0-9a76-11e6-bee7-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {1ed8f561-5439-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {2a2f6554-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {2a2f65ba-d036-11e7-beec-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {2a2f65c4-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {454f5b82-e938-11e5-bee1-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {486d5b79-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {486d5b82-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {4a42ff50-48b2-11e5-bed7-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {6257f6bd-bae3-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {7d89cc54-5339-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {94c0bd75-88d4-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {9c7659e8-8f71-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {b6594149-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {b6594151-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {b9b6da5d-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {b9b6e9fa-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {c4765a1e-d263-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {d1d3b51b-809c-11e6-bee6-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {e282bbd9-7e6c-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {e5165bad-cd3d-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {ef32e5d3-5423-11e3-be7c-70188b45893e} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {ef470bda-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {ef470be9-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {ef471913-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1714952 2013-10-16] (CyberLink Corp.)
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_152_Plugin.exe -update plugin
HKLM\...\Providers\Internet Print Provider: inetpp.dll
HKLM\...\Providers\LanMan Print Services: win32spl.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Windows Mail\WinMail.exe [2014-10-29] (Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files (x86)\Windows Mail\WinMail.exe [2014-10-29] (Microsoft Corporation)
Startup: C:\Users\Jitka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2017-10-31]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{41A59794-3B20-4939-8067-FD0C09EEAFC0}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{C6CA0B8F-3621-4AA0-8BEB-F501692D4B67}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL =
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL =
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-23] (Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2018-12-18] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2018-09-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-16] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2018-12-18] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2018-09-21] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

FireFox:
========
FF ProfilePath: C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261 [2018-12-30]
FF Session Restore: Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261 -> is enabled.
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261\Extensions\sp@avast.com.xpi [2018-12-20]
FF Extension: (Avast Online Security) - C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261\Extensions\wrc@avast.com.xpi [2018-12-18]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-03-30] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2018-12-19]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-21] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2018-09-21] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-07] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2018-09-21] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-16] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-23] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-23] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522536 2018-12-10] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-07] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [690248 2018-12-18] (McAfee, Inc.)
R3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-11-23] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-11-23] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-11-23] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-11-23] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-11-23] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239840 2018-11-27] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-11-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-11-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-11-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-11-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-11-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-11-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-11-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-11-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-11-23] (AVAST Software)
R3 btUrbFilterDrv; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2018-12-29] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2018-12-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2018-12-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2018-12-29] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2018-12-30] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-07] (Intel Corporation)
R3 mfesapsn; C:\Program Files\McAfee\WebAdvisor\mfesapsn.sys [111976 2018-12-18] (McAfee, Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2015-08-30] (Realtek Semiconductor Corp.)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [418008 2015-08-30] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-07] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-30 19:25 - 2018-12-30 19:26 - 000033394 _____ C:\Users\Jitka\Desktop\FRST.txt
2018-12-30 19:25 - 2018-12-30 19:25 - 000000000 ____D C:\FRST
2018-12-30 19:24 - 2018-12-30 19:24 - 002424320 _____ (Farbar) C:\Users\Jitka\Downloads\FRST64.exe
2018-12-30 19:24 - 2018-12-30 19:24 - 002424320 _____ (Farbar) C:\Users\Jitka\Desktop\FRST64.exe
2018-12-30 19:21 - 2018-12-30 19:21 - 001781760 _____ (Farbar) C:\Users\Jitka\Downloads\FRST.exe
2018-12-29 09:03 - 2018-12-29 09:03 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-12-29 09:03 - 2018-12-29 09:03 - 000000000 ____D C:\Users\Jitka\AppData\Local\mbam
2018-12-29 09:02 - 2018-12-30 19:18 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000000000 ____D C:\Users\Jitka\AppData\Local\mbamtray
2018-12-29 09:01 - 2018-12-29 09:01 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-29 09:01 - 2018-12-29 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-29 09:01 - 2018-12-29 09:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-29 09:01 - 2018-12-29 09:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-29 09:01 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-12-29 08:53 - 2018-12-29 08:53 - 081227760 _____ (Malwarebytes ) C:\Users\Jitka\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-18 16:14 - 2018-12-18 16:14 - 000291252 _____ C:\Users\Jitka\Downloads\formular-k-proplaceni-prispevku-2018-k-vyplneni-na-pc.pdf
2018-12-08 13:32 - 2018-12-22 18:42 - 000000000 ____D C:\Program Files\McAfee
2018-12-05 16:50 - 2018-12-05 16:50 - 000000000 ____D C:\Users\Jitka\AppData\Local\M-Photo_Ltd
2018-12-02 10:57 - 2018-12-28 16:58 - 000003162 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJitka
2018-12-02 10:57 - 2018-12-28 16:58 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJitka.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-30 19:19 - 2014-01-13 19:23 - 000003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB2B1AE9-AB7B-42EC-B9FC-4B8FC7D703C8}
2018-12-28 13:36 - 2016-11-26 09:37 - 000000000 ____D C:\Users\Jitka\AppData\LocalLow\Mozilla
2018-12-28 13:28 - 2018-06-22 11:12 - 000004168 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-12-28 13:26 - 2013-12-03 11:00 - 001931582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-28 13:26 - 2013-09-30 04:56 - 000797830 _____ C:\WINDOWS\system32\perfh005.dat
2018-12-28 13:26 - 2013-09-30 04:56 - 000181446 _____ C:\WINDOWS\system32\perfc005.dat
2018-12-28 13:26 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2018-12-28 13:22 - 2018-06-22 11:15 - 000000000 ____D C:\Users\Jitka\AppData\Local\AVAST Software
2018-12-28 13:19 - 2013-12-03 11:04 - 000000000 ____D C:\Users\Jitka
2018-12-28 13:18 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-24 14:35 - 2013-11-14 21:35 - 000000000 ____D C:\Users\Jitka\AppData\Roaming\vlc
2018-12-22 18:42 - 2016-11-25 20:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-12-22 18:42 - 2013-11-14 21:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-22 18:42 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-12-22 11:18 - 2013-11-13 21:10 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-797450051-102285635-2811792732-1001
2018-12-22 11:07 - 2017-10-31 20:18 - 000003170 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-797450051-102285635-2811792732-1001
2018-12-22 11:07 - 2017-10-30 20:12 - 000002367 _____ C:\Users\Jitka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2018-12-19 10:29 - 2013-11-14 21:15 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-12-18 21:29 - 2018-03-15 17:33 - 000000000 ____D C:\ProgramData\McAfee
2018-12-18 15:07 - 2013-08-22 16:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-18 12:36 - 2013-06-20 09:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-12-17 19:54 - 2014-08-26 18:58 - 000000000 ____D C:\Users\Jitka\AppData\Local\CrashDumps
2018-12-17 15:12 - 2016-12-20 13:27 - 000000000 ____D C:\Users\Jitka\Downloads\Jitka veci
2018-12-17 14:47 - 2014-01-18 01:55 - 001489920 ___SH C:\Users\Jitka\Desktop\Thumbs.db
2018-12-06 16:11 - 2013-11-26 12:28 - 000000000 ____D C:\Users\Jitka\AppData\Local\HPConnectedMusic
2018-12-05 16:31 - 2018-11-23 14:13 - 000000000 ____D C:\CDSM
2018-12-04 21:01 - 2018-11-23 08:51 - 000000000 ____D C:\Users\Jitka\Desktop\foto na kalendar

==================== Files in the root of some directories =======

2018-05-10 09:48 - 2018-05-10 09:48 - 000003584 _____ () C:\Users\Jitka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2013-12-07 16:58 - 2008-10-15 11:42 - 000050432 _____ () C:\Users\Jitka\AppData\Local\Temp\Extract.exe
2014-10-25 10:35 - 2014-10-25 10:35 - 031600456 _____ () C:\Users\Jitka\AppData\Local\Temp\HPConnectedMusicInstaller_100100126.exe
2015-02-20 16:42 - 2015-02-20 16:43 - 031598424 _____ () C:\Users\Jitka\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
2015-12-12 22:24 - 2015-10-22 01:08 - 000595656 _____ (Hewlett-Packard) C:\Users\Jitka\AppData\Local\Temp\HPSFUpdater.exe
2013-12-07 03:38 - 2013-12-07 03:38 - 017983576 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63342.exe
2013-12-07 03:37 - 2013-12-07 03:37 - 005785816 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63343.exe
2013-12-07 03:38 - 2013-12-07 03:38 - 041827440 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63344.exe
2013-12-07 03:37 - 2013-12-07 03:37 - 220937344 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63346.exe
2013-12-07 03:42 - 2013-12-07 03:42 - 154950016 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63353.exe
2015-08-07 20:02 - 2015-08-07 20:02 - 015335288 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63356.exe
2013-12-07 03:41 - 2013-12-07 03:41 - 006268704 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63357.exe
2014-01-31 00:21 - 2014-01-31 00:21 - 007061320 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63599.exe
2013-12-07 04:04 - 2013-12-07 04:04 - 040444056 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP63945.exe
2014-03-08 21:10 - 2014-03-08 21:10 - 044799704 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\sp64126.exe
2013-12-12 04:13 - 2013-12-12 04:13 - 015485512 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP64571.exe
2014-01-24 00:04 - 2014-01-24 00:04 - 144653000 _____ (InstallShield Software Corporation ) C:\Users\Jitka\AppData\Local\Temp\SP64628.exe
2014-01-24 23:24 - 2014-01-24 23:24 - 110879968 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP64740.exe
2014-01-24 22:27 - 2014-01-24 22:27 - 110883336 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP64741.exe
2014-01-17 02:12 - 2014-01-17 02:12 - 041675328 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP64825.exe
2014-01-24 23:21 - 2014-01-24 23:21 - 050543536 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP64854.exe
2014-01-30 04:55 - 2014-01-30 04:55 - 015545672 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP64881.exe
2014-06-21 21:43 - 2014-06-21 21:43 - 118467640 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP65782.exe
2014-05-03 00:02 - 2014-05-03 00:02 - 001684968 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP65792.exe
2014-06-05 22:04 - 2014-06-05 22:04 - 050965928 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP65793.exe
2014-07-04 21:10 - 2014-07-04 21:10 - 002829368 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP66604.exe
2014-06-29 00:56 - 2014-06-29 00:56 - 016320592 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP66867.exe
2017-11-17 10:51 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Jitka\AppData\Local\Temp\TAInstaller.exe
2014-03-08 23:20 - 2015-09-28 09:36 - 000144912 _____ (Hewlett-Packard Company) C:\Users\Jitka\AppData\Local\Temp\UninstallHPSA.exe
2014-03-15 17:24 - 2014-03-15 17:24 - 024677393 _____ () C:\Users\Jitka\AppData\Local\Temp\vlc-2.1.3-win32.exe
2018-02-17 22:03 - 2018-02-17 22:03 - 030950664 _____ () C:\Users\Jitka\AppData\Local\Temp\vlc-2.2.6-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2018-12-28 18:21

==================== End of FRST.txt ============================

Re: Poprosim o preventivku

Napsal: 30 pro 2018 19:29
od Martin.Horacek
Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.12.2018
Ran by Jitka (30-12-2018 19:27:06)
Running from C:\Users\Jitka\Desktop
Windows 8.1 (Update) (X64) (2013-12-03 10:26:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-797450051-102285635-2811792732-500 - Administrator - Disabled)
Guest (S-1-5-21-797450051-102285635-2811792732-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-797450051-102285635-2811792732-1006 - Limited - Enabled)
Jitka (S-1-5-21-797450051-102285635-2811792732-1001 - Administrator - Enabled) => C:\Users\Jitka
Martinek (S-1-5-21-797450051-102285635-2811792732-1004 - Limited - Enabled) => C:\Users\Martinek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDSM Designer (HKLM-x32\...\CDSM_CDSM Designer) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogaléria (HKLM-x32\...\{9093B0D5-EA59-4C9E-A2E3-CC130138DFCD}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (HKLM-x32\...\{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Sound Recorder v10.8.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2016 FreeSoundRecorder Technologies, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP 3D DriveGuard (HKLM\...\{04927A60-31CD-4614-A25C-055B1AD3A8CE}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\...\HPConnectedMusic) (Version: 1.1 (build 77) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F2481209-98FE-4943-8903-90D19E1B7062}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{C001689B-4EAD-4CB4-B5F7-4A85A32785DC}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{79CA8D8A-8371-4146-8920-C1405318E65E}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Java(TM) 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.8.20721 - McAfee, Inc.)
Mediatek Bluetooth (HKLM\...\{A9409290-2A97-8735-93A3-DF710B1F44B0}) (Version: 11.0.742.0 - Mediatek)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.9126.2336 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9EDF46F0-2D4E-4C00-B2B6-0660666E9F60}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A035950F-15BA-41C0-9D8F-165FC0536012}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 64.0 (x64 cs) (HKLM\...\Mozilla Firefox 64.0 (x64 cs)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 64.0.0.6914 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
PowerDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.00.0000 - Název společnosti:) Hidden
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.20 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7010 - Realtek Semiconductor Corp.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Ultimate ZIP Cracker Trial version (HKLM-x32\...\{76F0FEBD-6C17-4D57-0467-BC6FB1881E3C}) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jitka\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-797450051-102285635-2811792732-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jitka\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-01-25] (Cyberlink)
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-01-25] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2014-01-25] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {098B19FE-F2F1-42E1-89B9-FF542408A6F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
Task: {0AFE2162-0C85-41D0-9070-1E42375E4263} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {0C98148A-C710-450C-95B1-1F48A51E7150} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-18] (Microsoft Corporation)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION
Task: {1238D406-17A5-4F99-917B-C62C57F32F90} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-18] (Microsoft Corporation)
Task: {17DE64B5-D005-4F1C-846C-1DE436C5CFCA} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {1E7FD0E3-3ECE-4C88-A3C8-3B61CC5565D9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-18] (Microsoft Corporation)
Task: {360716CE-1A70-4CAF-8208-53A07B692B48} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-07] (Synaptics Incorporated)
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {52FF6AEC-CACD-4D35-8D0D-FB22E7D2C369} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {59DA1E1C-36E3-4434-8194-1447B7A067BA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-17] (CyberLink)
Task: {7C20A9D6-2ADD-4C36-B9FF-D57ADD054CB4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
Task: {812DEB94-39F1-4858-B9DF-E576D65C0FE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
Task: {84E673BF-93A4-423B-A92F-A5F50DF1C887} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {872B3DC3-D281-442C-A1FB-D4E15AF496AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {8CF8C6E9-E4F6-4E42-BCFE-FA3F68EEB6EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
Task: {9043CB27-9BA8-4820-A6BC-AABC7019C551} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-18] (Microsoft Corporation)
Task: {A216000C-66D3-4E66-8A6E-D98AB5762D3C} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [2014-10-29] (Microsoft Corporation)
Task: {A5E9CE25-AA16-4E2A-82EC-3F99038D84EB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-12-18] (AVAST Software)
Task: {B61B9D5B-C53B-49C9-957B-B56465C8A1E2} - System32\Tasks\HPCeeScheduleForJitka => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {CE3BDDC4-0E16-4D9E-B74F-91B2C441CD06} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-23] (AVAST Software)
Task: {D2D48F2A-20D7-4277-A578-979EF7EE4C03} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {D2D48F2A-20D7-4277-A578-979EF7EE4C03} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {DB140562-78A0-4514-BB7D-37040F1C8E22} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-21] (Adobe Systems Incorporated)
Task: {DCD18AA0-838B-4FEE-99AD-EFE3C6DCC19F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-17] ()
Task: {DEBF0B57-802A-4922-A53F-97ECB2046F97} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {DEBF0B57-802A-4922-A53F-97ECB2046F97} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {DEBF0B57-802A-4922-A53F-97ECB2046F97} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {E9E6527C-66B7-4434-8E48-EEF8DE4922E2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {FCE4701E-7A70-4893-BE5F-AF2B997DC92C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-18] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForJitka.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-26 08:58 - 2017-07-26 08:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2013-10-03 23:42 - 2013-10-03 23:42 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-12-29 09:01 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-12-29 09:01 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-01-25 01:17 - 2013-08-05 08:49 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2018-06-22 11:14 - 2018-06-22 11:15 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-23 16:27 - 2018-11-23 16:27 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2013-12-07 16:58 - 2013-12-07 16:58 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2018-11-16 08:08 - 000000829 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program;C:\EDIABAS\Bin;
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jitka\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\Control Panel\Desktop\\Wallpaper -> C:\Users\Jitka\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "BtTray"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\...\StartupApproved\Run: => "Power2GoExpress8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9989C03C-9D85-4E5A-92CD-582D68F0F882}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp.)
FirewallRules: [{EE39D76B-9F85-4421-B2E7-6F1E7647B4FA}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe No File
FirewallRules: [{61F6A81C-E996-40F4-A743-A93BF92B7000}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe No File
FirewallRules: [{0FB004B2-1EEE-40A3-A21B-1ED43D0620CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{C4DC9D39-25A4-46E0-818C-69F6C80F3EBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{4379404F-F8B4-4503-B41C-3C3AEDF38BB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{05392FF0-265C-4593-BE2B-DFA26A77699C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{C71D8C9E-DAD7-4EB0-9D3F-DE89ABBF7E50}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe ()
FirewallRules: [{F2CB17DE-93A4-42E6-9C3B-07A0B04D50D2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe ()
FirewallRules: [{A0A61349-D3A1-467E-B771-1D4CD135ADAA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{62273621-CE08-47B2-A8FC-7F5E0F1F8E2D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{4D2A3D82-E474-4155-A82D-6E557B9A9B73}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{3167D6E4-238B-4004-93DB-BC70E750E7AF}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{A4283898-7FFC-421C-90E3-F5B18C8CB31B}] => (Allow) LPort=1900
FirewallRules: [{80F79B04-DD2A-4957-9926-F271879F65C0}] => (Allow) LPort=2869
FirewallRules: [{12B4B1D8-E636-49CA-83CD-7AB65FD3F298}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
FirewallRules: [{C569F568-1675-47FC-B8B2-0FE8289F2029}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{3799C7CF-AB39-4AF6-8C28-10AA2947DA5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{48C715B9-0B64-4E16-9836-292A211F8A02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{12E1CF8A-11C3-40F3-8318-D7114AB21561}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin (The Document Foundation)
FirewallRules: [UDP Query User{0BC5DE52-0CC7-4ED3-8161-1AAFE1BAEEAD}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin (The Document Foundation)
FirewallRules: [TCP Query User{B6543756-C604-474E-BF46-F69D47D86DA6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [UDP Query User{78D1D10B-657B-4083-A94A-DFD9D4E6AF8F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{748F5C5D-F010-45A0-ABA9-4CD67CB3F1A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{0BD76B8D-F884-4F06-B722-FBC828FB1A2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{E7E6F70F-A95B-40CE-99BE-54294BCF9D8D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{38620546-C658-4851-A8CA-F2F5AE860CC1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{CE17E62E-E380-4057-8E1A-BE601965DB85}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{59808CA4-F84D-4824-A2CC-B6F6F25B450B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{C6AE6720-54D8-49AB-B809-2C1C14A0BF74}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{BE9EF2BA-AAC1-40BA-B901-9E09DE2263B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{D389B404-48D1-4E7C-BF98-E54EB609A08D}] => (Allow) C:\Users\Jitka\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{0A87665E-01BE-4767-BE52-5942E1260C15}] => (Allow) C:\Users\Jitka\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{887A5699-216E-4689-80D6-0F22E2FAAD2C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{40A4B9FB-90CB-4DC6-B717-AC30180988C4}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{5DCAC18A-A845-4E3E-BE2B-2994C3973142}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)

==================== Restore Points =========================

13-12-2018 12:33:48 Naplánovaný kontrolní bod
23-12-2018 14:17:22 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2018 07:14:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6592610

Error: (12/30/2018 07:14:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6592610

Error: (12/30/2018 07:14:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2018 12:57:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80070005).

Error: (12/28/2018 10:09:51 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/28/2018 01:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 206687

Error: (12/28/2018 01:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 206687

Error: (12/28/2018 01:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/28/2018 01:20:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby HPWMISVC bylo dosaženo časového limitu (30000 ms).

Error: (12/28/2018 01:20:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby HPWMISVC bylo dosaženo časového limitu (30000 ms).

Error: (12/28/2018 01:18:21 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: Byl spuštěn systémový časovač sledovacího zařízení.

Error: (12/28/2018 01:18:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (13:13:16, ‎28. ‎12. ‎2018) bylo neočekávané.

Error: (12/28/2018 12:35:49 PM) (Source: DCOM) (EventID: 10010) (User: Nunanek)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/28/2018 12:35:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {752073A1-23F2-4396-85F0-8FDB879ED0ED} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/28/2018 12:33:31 PM) (Source: DCOM) (EventID: 10010) (User: Nunanek)
Description: Server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/23/2018 02:22:45 PM) (Source: DCOM) (EventID: 10010) (User: Nunanek)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 74%
Total physical RAM: 3988.27 MB
Available physical RAM: 1028.38 MB
Total Virtual: 7956.27 MB
Available Virtual: 3985.55 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:445.42 GB) (Free:331.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.23 GB) (Free:1.9 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{ab146baf-c657-4429-8af1-b1e36bdf6788}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.12 GB) NTFS
\\?\Volume{220a2b4e-61a2-4b04-9c46-faf79bfca8a7}\ () (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 819E561E)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Poprosim o preventivku

Napsal: 30 pro 2018 20:07
od Conder
Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj

Re: Poprosim o preventivku

Napsal: 30 pro 2018 20:31
od Martin.Horacek
Ahoj :)

zde to je

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2018-12-21.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-30-2018
# Duration: 00:00:09
# OS: Windows 8.1
# Cleaned: 22
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\csastats
Deleted HKLM\Software\Wow6432Node\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted HKLM\Software\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted HKLM\Software\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted HKLM\Software\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Deleted HKLM\Software\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3533 octets] - [30/12/2018 20:24:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Poprosim o preventivku

Napsal: 30 pro 2018 20:49
od Conder
:arrow: Vytvor a posli nove logy z FRST.

Re: Poprosim o preventivku

Napsal: 30 pro 2018 21:30
od Martin.Horacek
FRST zde

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.12.2018
Ran by Jitka (administrator) on NUNANEK (30-12-2018 21:27:32)
Running from C:\Users\Jitka\Desktop
Loaded Profiles: Jitka (Available Profiles: Jitka & Martinek)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-23] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1714952 2013-10-16] (CyberLink Corp.)
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {170d3cd0-9a76-11e6-bee7-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {1ed8f561-5439-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f6554-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65ba-d036-11e7-beec-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65c4-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {454f5b82-e938-11e5-bee1-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b79-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b82-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {4a42ff50-48b2-11e5-bed7-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {6257f6bd-bae3-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {7d89cc54-5339-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {94c0bd75-88d4-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {9c7659e8-8f71-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594149-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594151-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6da5d-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6e9fa-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {c4765a1e-d263-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {d1d3b51b-809c-11e6-bee6-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e282bbd9-7e6c-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e5165bad-cd3d-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef32e5d3-5423-11e3-be7c-70188b45893e} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470bda-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470be9-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef471913-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Providers\Internet Print Provider: inetpp.dll
HKLM\...\Providers\LanMan Print Services: win32spl.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Windows Mail\WinMail.exe [2014-10-29] (Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files (x86)\Windows Mail\WinMail.exe [2014-10-29] (Microsoft Corporation)
Startup: C:\Users\Jitka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2017-10-31]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{41A59794-3B20-4939-8067-FD0C09EEAFC0}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{C6CA0B8F-3621-4AA0-8BEB-F501692D4B67}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-23] (Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2018-12-18] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2018-09-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-16] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2018-12-18] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2018-09-21] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

FireFox:
========
FF ProfilePath: C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261 [2018-12-30]
FF Session Restore: Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261 -> is enabled.
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261\Extensions\sp@avast.com.xpi [2018-12-20]
FF Extension: (Avast Online Security) - C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261\Extensions\wrc@avast.com.xpi [2018-12-18]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-03-30] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2018-12-19]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-21] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2018-09-21] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-07] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2018-09-21] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-16] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-23] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-23] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522536 2018-12-10] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-07] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [690248 2018-12-18] (McAfee, Inc.)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-11-23] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-11-23] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-11-23] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-11-23] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-11-23] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239840 2018-11-27] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-11-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-11-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-11-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-11-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-11-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-11-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-11-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-11-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-11-23] (AVAST Software)
R3 btUrbFilterDrv; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2018-12-29] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2018-12-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2018-12-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2018-12-30] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2018-12-30] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-07] (Intel Corporation)
R3 mfesapsn; C:\Program Files\McAfee\WebAdvisor\mfesapsn.sys [111976 2018-12-18] (McAfee, Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2015-08-30] (Realtek Semiconductor Corp.)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [418008 2015-08-30] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-07] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-30 20:23 - 2018-12-30 20:25 - 000000000 ____D C:\AdwCleaner
2018-12-30 20:23 - 2018-12-30 20:22 - 007320272 _____ (Malwarebytes) C:\Users\Jitka\Desktop\adwcleaner_7.2.6.0.exe
2018-12-30 20:21 - 2018-12-30 20:22 - 007320272 _____ (Malwarebytes) C:\Users\Jitka\Downloads\adwcleaner_7.2.6.0.exe
2018-12-30 19:25 - 2018-12-30 21:28 - 000025338 _____ C:\Users\Jitka\Desktop\FRST.txt
2018-12-30 19:25 - 2018-12-30 21:27 - 000000000 ____D C:\FRST
2018-12-30 19:24 - 2018-12-30 19:24 - 002424320 _____ (Farbar) C:\Users\Jitka\Downloads\FRST64.exe
2018-12-30 19:24 - 2018-12-30 19:24 - 002424320 _____ (Farbar) C:\Users\Jitka\Desktop\FRST64.exe
2018-12-30 19:21 - 2018-12-30 19:21 - 001781760 _____ (Farbar) C:\Users\Jitka\Downloads\FRST.exe
2018-12-29 09:03 - 2018-12-29 09:03 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-12-29 09:03 - 2018-12-29 09:03 - 000000000 ____D C:\Users\Jitka\AppData\Local\mbam
2018-12-29 09:02 - 2018-12-30 20:28 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-12-29 09:02 - 2018-12-30 19:18 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000000000 ____D C:\Users\Jitka\AppData\Local\mbamtray
2018-12-29 09:01 - 2018-12-29 09:01 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-29 09:01 - 2018-12-29 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-29 09:01 - 2018-12-29 09:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-29 09:01 - 2018-12-29 09:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-29 09:01 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-12-29 08:53 - 2018-12-29 08:53 - 081227760 _____ (Malwarebytes ) C:\Users\Jitka\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-18 16:14 - 2018-12-18 16:14 - 000291252 _____ C:\Users\Jitka\Downloads\formular-k-proplaceni-prispevku-2018-k-vyplneni-na-pc.pdf
2018-12-08 13:32 - 2018-12-22 18:42 - 000000000 ____D C:\Program Files\McAfee
2018-12-05 16:50 - 2018-12-05 16:50 - 000000000 ____D C:\Users\Jitka\AppData\Local\M-Photo_Ltd
2018-12-02 10:57 - 2018-12-30 20:27 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJitka.job
2018-12-02 10:57 - 2018-12-28 16:58 - 000003162 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJitka

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-30 20:44 - 2013-11-13 21:10 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-797450051-102285635-2811792732-1001
2018-12-30 20:35 - 2013-12-03 11:00 - 001931582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-30 20:35 - 2013-09-30 04:56 - 000797830 _____ C:\WINDOWS\system32\perfh005.dat
2018-12-30 20:35 - 2013-09-30 04:56 - 000181446 _____ C:\WINDOWS\system32\perfc005.dat
2018-12-30 20:35 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2018-12-30 20:30 - 2018-06-22 11:15 - 000000000 ____D C:\Users\Jitka\AppData\Local\AVAST Software
2018-12-30 20:28 - 2016-11-26 09:37 - 000000000 ____D C:\Users\Jitka\AppData\LocalLow\Mozilla
2018-12-30 20:27 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-30 20:26 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-12-30 20:25 - 2013-12-03 11:04 - 000000000 ____D C:\Users\Jitka
2018-12-30 19:19 - 2014-01-13 19:23 - 000003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB2B1AE9-AB7B-42EC-B9FC-4B8FC7D703C8}
2018-12-28 13:28 - 2018-06-22 11:12 - 000004168 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-12-24 14:35 - 2013-11-14 21:35 - 000000000 ____D C:\Users\Jitka\AppData\Roaming\vlc
2018-12-22 18:42 - 2016-11-25 20:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-12-22 18:42 - 2013-11-14 21:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-22 11:07 - 2017-10-31 20:18 - 000003170 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-797450051-102285635-2811792732-1001
2018-12-22 11:07 - 2017-10-30 20:12 - 000002367 _____ C:\Users\Jitka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2018-12-19 10:29 - 2013-11-14 21:15 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-12-18 21:29 - 2018-03-15 17:33 - 000000000 ____D C:\ProgramData\McAfee
2018-12-18 15:07 - 2013-08-22 16:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-18 12:36 - 2013-06-20 09:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-12-17 19:54 - 2014-08-26 18:58 - 000000000 ____D C:\Users\Jitka\AppData\Local\CrashDumps
2018-12-17 15:12 - 2016-12-20 13:27 - 000000000 ____D C:\Users\Jitka\Downloads\Jitka veci
2018-12-17 14:47 - 2014-01-18 01:55 - 001489920 ___SH C:\Users\Jitka\Desktop\Thumbs.db
2018-12-06 16:11 - 2013-11-26 12:28 - 000000000 ____D C:\Users\Jitka\AppData\Local\HPConnectedMusic
2018-12-05 16:31 - 2018-11-23 14:13 - 000000000 ____D C:\CDSM
2018-12-04 21:01 - 2018-11-23 08:51 - 000000000 ____D C:\Users\Jitka\Desktop\foto na kalendar

==================== Files in the root of some directories =======

2018-05-10 09:48 - 2018-05-10 09:48 - 000003584 _____ () C:\Users\Jitka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2013-12-07 16:58 - 2008-10-15 11:42 - 000050432 _____ () C:\Users\Jitka\AppData\Local\Temp\Extract.exe
2014-10-25 10:35 - 2014-10-25 10:35 - 031600456 _____ () C:\Users\Jitka\AppData\Local\Temp\HPConnectedMusicInstaller_100100126.exe
2015-02-20 16:42 - 2015-02-20 16:43 - 031598424 _____ () C:\Users\Jitka\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
2015-12-12 22:24 - 2015-10-22 01:08 - 000595656 _____ (Hewlett-Packard) C:\Users\Jitka\AppData\Local\Temp\HPSFUpdater.exe
2013-12-07 03:38 - 2013-12-07 03:38 - 017983576 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63342.exe
2013-12-07 03:37 - 2013-12-07 03:37 - 005785816 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63343.exe
2013-12-07 03:38 - 2013-12-07 03:38 - 041827440 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63344.exe
2013-12-07 03:37 - 2013-12-07 03:37 - 220937344 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63346.exe
2013-12-07 03:42 - 2013-12-07 03:42 - 154950016 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63353.exe
2015-08-07 20:02 - 2015-08-07 20:02 - 015335288 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63356.exe
2013-12-07 03:41 - 2013-12-07 03:41 - 006268704 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63357.exe
2014-01-31 00:21 - 2014-01-31 00:21 - 007061320 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63599.exe
2013-12-07 04:04 - 2013-12-07 04:04 - 040444056 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP63945.exe
2014-03-08 21:10 - 2014-03-08 21:10 - 044799704 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\sp64126.exe
2013-12-12 04:13 - 2013-12-12 04:13 - 015485512 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP64571.exe
2014-01-24 00:04 - 2014-01-24 00:04 - 144653000 _____ (InstallShield Software Corporation ) C:\Users\Jitka\AppData\Local\Temp\SP64628.exe
2014-01-24 23:24 - 2014-01-24 23:24 - 110879968 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP64740.exe
2014-01-24 22:27 - 2014-01-24 22:27 - 110883336 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP64741.exe
2014-01-17 02:12 - 2014-01-17 02:12 - 041675328 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP64825.exe
2014-01-24 23:21 - 2014-01-24 23:21 - 050543536 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP64854.exe
2014-01-30 04:55 - 2014-01-30 04:55 - 015545672 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP64881.exe
2014-06-21 21:43 - 2014-06-21 21:43 - 118467640 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP65782.exe
2014-05-03 00:02 - 2014-05-03 00:02 - 001684968 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP65792.exe
2014-06-05 22:04 - 2014-06-05 22:04 - 050965928 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP65793.exe
2014-07-04 21:10 - 2014-07-04 21:10 - 002829368 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP66604.exe
2014-06-29 00:56 - 2014-06-29 00:56 - 016320592 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP66867.exe
2017-11-17 10:51 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Jitka\AppData\Local\Temp\TAInstaller.exe
2014-03-08 23:20 - 2015-09-28 09:36 - 000144912 _____ (Hewlett-Packard Company) C:\Users\Jitka\AppData\Local\Temp\UninstallHPSA.exe
2014-03-15 17:24 - 2014-03-15 17:24 - 024677393 _____ () C:\Users\Jitka\AppData\Local\Temp\vlc-2.1.3-win32.exe
2018-02-17 22:03 - 2018-02-17 22:03 - 030950664 _____ () C:\Users\Jitka\AppData\Local\Temp\vlc-2.2.6-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2018-12-28 18:21

==================== End of FRST.txt ============================

Re: Poprosim o preventivku

Napsal: 30 pro 2018 21:30
od Martin.Horacek
Additioan zde
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.12.2018
Ran by Jitka (30-12-2018 21:28:54)
Running from C:\Users\Jitka\Desktop
Windows 8.1 (Update) (X64) (2013-12-03 10:26:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-797450051-102285635-2811792732-500 - Administrator - Disabled)
Guest (S-1-5-21-797450051-102285635-2811792732-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-797450051-102285635-2811792732-1006 - Limited - Enabled)
Jitka (S-1-5-21-797450051-102285635-2811792732-1001 - Administrator - Enabled) => C:\Users\Jitka
Martinek (S-1-5-21-797450051-102285635-2811792732-1004 - Limited - Enabled) => C:\Users\Martinek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDSM Designer (HKLM-x32\...\CDSM_CDSM Designer) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogaléria (HKLM-x32\...\{9093B0D5-EA59-4C9E-A2E3-CC130138DFCD}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (HKLM-x32\...\{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Sound Recorder v10.8.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2016 FreeSoundRecorder Technologies, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP 3D DriveGuard (HKLM\...\{04927A60-31CD-4614-A25C-055B1AD3A8CE}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F2481209-98FE-4943-8903-90D19E1B7062}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{C001689B-4EAD-4CB4-B5F7-4A85A32785DC}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{79CA8D8A-8371-4146-8920-C1405318E65E}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Java(TM) 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.8.20721 - McAfee, Inc.)
Mediatek Bluetooth (HKLM\...\{A9409290-2A97-8735-93A3-DF710B1F44B0}) (Version: 11.0.742.0 - Mediatek)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.9126.2336 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9EDF46F0-2D4E-4C00-B2B6-0660666E9F60}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A035950F-15BA-41C0-9D8F-165FC0536012}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 64.0 (x64 cs) (HKLM\...\Mozilla Firefox 64.0 (x64 cs)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 64.0.0.6914 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
PowerDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.00.0000 - Název společnosti:) Hidden
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.20 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7010 - Realtek Semiconductor Corp.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Ultimate ZIP Cracker Trial version (HKLM-x32\...\{76F0FEBD-6C17-4D57-0467-BC6FB1881E3C}) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-797450051-102285635-2811792732-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jitka\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-01-25] (Cyberlink)
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-01-25] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2014-01-25] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {098B19FE-F2F1-42E1-89B9-FF542408A6F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
Task: {0AFE2162-0C85-41D0-9070-1E42375E4263} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {0C98148A-C710-450C-95B1-1F48A51E7150} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-18] (Microsoft Corporation)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION
Task: {1238D406-17A5-4F99-917B-C62C57F32F90} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-18] (Microsoft Corporation)
Task: {17DE64B5-D005-4F1C-846C-1DE436C5CFCA} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {1E7FD0E3-3ECE-4C88-A3C8-3B61CC5565D9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-18] (Microsoft Corporation)
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {360716CE-1A70-4CAF-8208-53A07B692B48} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-07] (Synaptics Incorporated)
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {52FF6AEC-CACD-4D35-8D0D-FB22E7D2C369} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {59DA1E1C-36E3-4434-8194-1447B7A067BA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-17] (CyberLink)
Task: {7C20A9D6-2ADD-4C36-B9FF-D57ADD054CB4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
Task: {812DEB94-39F1-4858-B9DF-E576D65C0FE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
Task: {84E673BF-93A4-423B-A92F-A5F50DF1C887} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {872B3DC3-D281-442C-A1FB-D4E15AF496AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {8CF8C6E9-E4F6-4E42-BCFE-FA3F68EEB6EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
Task: {9043CB27-9BA8-4820-A6BC-AABC7019C551} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-18] (Microsoft Corporation)
Task: {A216000C-66D3-4E66-8A6E-D98AB5762D3C} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [2014-10-29] (Microsoft Corporation)
Task: {A5E9CE25-AA16-4E2A-82EC-3F99038D84EB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-12-18] (AVAST Software)
Task: {B61B9D5B-C53B-49C9-957B-B56465C8A1E2} - System32\Tasks\HPCeeScheduleForJitka => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {CE3BDDC4-0E16-4D9E-B74F-91B2C441CD06} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-23] (AVAST Software)
Task: {DB140562-78A0-4514-BB7D-37040F1C8E22} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-21] (Adobe Systems Incorporated)
Task: {DCD18AA0-838B-4FEE-99AD-EFE3C6DCC19F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-17] ()
Task: {E9E6527C-66B7-4434-8E48-EEF8DE4922E2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
Task: {EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {FCE4701E-7A70-4893-BE5F-AF2B997DC92C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-18] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForJitka.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-26 08:58 - 2017-07-26 08:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2018-12-29 09:01 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-12-29 09:01 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-10-03 23:42 - 2013-10-03 23:42 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-25 01:17 - 2013-08-05 08:49 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2018-06-22 11:14 - 2018-06-22 11:15 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-23 16:27 - 2018-11-23 16:27 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2013-12-07 16:58 - 2013-12-07 16:58 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2018-11-16 08:08 - 000000829 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program;C:\EDIABAS\Bin;
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jitka\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "BtTray"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\StartupApproved\Run: => "Power2GoExpress8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9989C03C-9D85-4E5A-92CD-582D68F0F882}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp.)
FirewallRules: [{EE39D76B-9F85-4421-B2E7-6F1E7647B4FA}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe No File
FirewallRules: [{61F6A81C-E996-40F4-A743-A93BF92B7000}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe No File
FirewallRules: [{0FB004B2-1EEE-40A3-A21B-1ED43D0620CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{C4DC9D39-25A4-46E0-818C-69F6C80F3EBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{4379404F-F8B4-4503-B41C-3C3AEDF38BB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{05392FF0-265C-4593-BE2B-DFA26A77699C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{C71D8C9E-DAD7-4EB0-9D3F-DE89ABBF7E50}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe ()
FirewallRules: [{F2CB17DE-93A4-42E6-9C3B-07A0B04D50D2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe ()
FirewallRules: [{A0A61349-D3A1-467E-B771-1D4CD135ADAA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{62273621-CE08-47B2-A8FC-7F5E0F1F8E2D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{4D2A3D82-E474-4155-A82D-6E557B9A9B73}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{3167D6E4-238B-4004-93DB-BC70E750E7AF}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{A4283898-7FFC-421C-90E3-F5B18C8CB31B}] => (Allow) LPort=1900
FirewallRules: [{80F79B04-DD2A-4957-9926-F271879F65C0}] => (Allow) LPort=2869
FirewallRules: [{12B4B1D8-E636-49CA-83CD-7AB65FD3F298}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
FirewallRules: [{C569F568-1675-47FC-B8B2-0FE8289F2029}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{3799C7CF-AB39-4AF6-8C28-10AA2947DA5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{48C715B9-0B64-4E16-9836-292A211F8A02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{12E1CF8A-11C3-40F3-8318-D7114AB21561}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin (The Document Foundation)
FirewallRules: [UDP Query User{0BC5DE52-0CC7-4ED3-8161-1AAFE1BAEEAD}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin (The Document Foundation)
FirewallRules: [TCP Query User{B6543756-C604-474E-BF46-F69D47D86DA6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [UDP Query User{78D1D10B-657B-4083-A94A-DFD9D4E6AF8F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{748F5C5D-F010-45A0-ABA9-4CD67CB3F1A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{0BD76B8D-F884-4F06-B722-FBC828FB1A2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{E7E6F70F-A95B-40CE-99BE-54294BCF9D8D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{38620546-C658-4851-A8CA-F2F5AE860CC1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{CE17E62E-E380-4057-8E1A-BE601965DB85}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{59808CA4-F84D-4824-A2CC-B6F6F25B450B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{C6AE6720-54D8-49AB-B809-2C1C14A0BF74}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{BE9EF2BA-AAC1-40BA-B901-9E09DE2263B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{D389B404-48D1-4E7C-BF98-E54EB609A08D}] => (Allow) C:\Users\Jitka\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{0A87665E-01BE-4767-BE52-5942E1260C15}] => (Allow) C:\Users\Jitka\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{887A5699-216E-4689-80D6-0F22E2FAAD2C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{40A4B9FB-90CB-4DC6-B717-AC30180988C4}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{5DCAC18A-A845-4E3E-BE2B-2994C3973142}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)

==================== Restore Points =========================

13-12-2018 12:33:48 Naplánovaný kontrolní bod
23-12-2018 14:17:22 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2018 07:28:36 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/30/2018 07:14:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6592610

Error: (12/30/2018 07:14:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6592610

Error: (12/30/2018 07:14:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2018 12:57:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80070005).

Error: (12/28/2018 10:09:51 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/28/2018 01:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 206687

Error: (12/28/2018 01:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 206687


System errors:
=============
Error: (12/30/2018 08:25:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PDF Architect 4 Manager byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/30/2018 08:25:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (12/30/2018 08:25:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HuaweiHiSuiteService64.exe byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/30/2018 08:25:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba McAfee WebAdvisor byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1 milisekund: Restartovat službu.

Error: (12/30/2018 08:25:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PDF Architect 4 Creator byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/30/2018 08:25:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HPWMISVC byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/30/2018 08:25:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Software Framework Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/30/2018 08:25:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Touchpoint Analytics byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 58%
Total physical RAM: 3988.27 MB
Available physical RAM: 1662.14 MB
Total Virtual: 7956.27 MB
Available Virtual: 5553.69 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:445.42 GB) (Free:331.14 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.23 GB) (Free:1.9 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{ab146baf-c657-4429-8af1-b1e36bdf6788}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.12 GB) NTFS
\\?\Volume{220a2b4e-61a2-4b04-9c46-faf79bfca8a7}\ () (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 819E561E)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Poprosim o preventivku

Napsal: 31 pro 2018 01:46
od Conder
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File: C:\Program Files\Intel\iCLS Client\HeciServer.exe
File: C:\Windows\System32\Drivers\BtAudioBus.sys
File: C:\Windows\System32\Drivers\BtL2caScoIf.sys

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {170d3cd0-9a76-11e6-bee7-70188b45893e} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {1ed8f561-5439-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f6554-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65ba-d036-11e7-beec-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65c4-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {454f5b82-e938-11e5-bee1-70188b45893e} - "H:\autorun.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b79-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b82-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {4a42ff50-48b2-11e5-bed7-70188b45893e} - "H:\autorun.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {6257f6bd-bae3-11e5-bee0-70188b45893e} - "F:\autorun.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {7d89cc54-5339-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {94c0bd75-88d4-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {9c7659e8-8f71-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594149-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594151-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6da5d-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6e9fa-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {c4765a1e-d263-11e5-bee0-70188b45893e} - "F:\autorun.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {d1d3b51b-809c-11e6-bee6-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e282bbd9-7e6c-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e5165bad-cd3d-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef32e5d3-5423-11e3-be7c-70188b45893e} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470bda-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470be9-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef471913-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = 
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\EX64.SYS [X]
CustomCLSID: HKU\S-1-5-21-797450051-102285635-2811792732-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jitka\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)

Hosts:
EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: Poprosim o preventivku

Napsal: 31 pro 2018 13:42
od Martin.Horacek
Ahoj, pardon za pozdni odpoved, makal jsem jak das.

zde je fixlist log
Fix result of Farbar Recovery Scan Tool (x64) Version: 29.12.2018
Ran by Jitka (31-12-2018 13:26:55) Run:1
Running from C:\Users\Jitka\Desktop
Loaded Profiles: Jitka (Available Profiles: Jitka & Martinek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File: C:\Program Files\Intel\iCLS Client\HeciServer.exe
File: C:\Windows\System32\Drivers\BtAudioBus.sys
File: C:\Windows\System32\Drivers\BtL2caScoIf.sys

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {170d3cd0-9a76-11e6-bee7-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {1ed8f561-5439-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f6554-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65ba-d036-11e7-beec-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65c4-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {454f5b82-e938-11e5-bee1-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b79-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b82-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {4a42ff50-48b2-11e5-bed7-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {6257f6bd-bae3-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {7d89cc54-5339-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {94c0bd75-88d4-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {9c7659e8-8f71-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594149-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594151-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6da5d-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6e9fa-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {c4765a1e-d263-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {d1d3b51b-809c-11e6-bee6-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e282bbd9-7e6c-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e5165bad-cd3d-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef32e5d3-5423-11e3-be7c-70188b45893e} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470bda-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470be9-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef471913-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL =
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\EX64.SYS [X]
CustomCLSID: HKU\S-1-5-21-797450051-102285635-2811792732-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jitka\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========


========= End of Powershell: =========


========================= File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe ========================

C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File not signed
MD5: E548929868BDFD3FC13B46D99605B764
Creation and modification date: 2017-07-26 08:58 - 2017-07-26 08:58
Size: 000192200
Attributes: ----A
Company Name:
Internal Name: DCSHOST
Original Name: HuaweiHiSuiteService.EXE
Product: HuaweiHiSuiteService
Description: HuaweiHiSuiteService
File Version: 2, 0, 0, 42
Product Version: 2, 0, 0, 42
Copyright: Copyright (C) 2008
VirusTotal: https://www.virustotal.com/file/737c8a1 ... 538649226/

====== End of File: ======


========================= File: C:\Program Files\Intel\iCLS Client\HeciServer.exe ========================

C:\Program Files\Intel\iCLS Client\HeciServer.exe
File not signed
MD5: 0DB1E3F6189C628675F855C0EB510419
Creation and modification date: 2013-05-11 17:45 - 2013-05-11 17:45
Size: 000733696
Attributes: ----A
Company Name: Intel(R) Corporation
Internal Name: HeciServer
Original Name: HeciServer.exe
Product: Intel(R) Capability Licensing Service Interface
Description: Intel(R) Capability Licensing Service Interface
File Version: 1.28.487.1 sys_sysscbld
Product Version: 1,28,487,1
Copyright: (C) Copyright Intel(R) Corporation
VirusTotal: https://www.virustotal.com/file/989f539 ... 543809741/

====== End of File: ======


========================= File: C:\Windows\System32\Drivers\BtAudioBus.sys ========================

"C:\Windows\System32\Drivers\BtAudioBus.sys" => not found
====== End of File: ======


========================= File: C:\Windows\System32\Drivers\BtL2caScoIf.sys ========================

"C:\Windows\System32\Drivers\BtL2caScoIf.sys" => not found
====== End of File: ======

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => removed successfully
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{170d3cd0-9a76-11e6-bee7-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{170d3cd0-9a76-11e6-bee7-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed8f561-5439-11e8-beef-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{1ed8f561-5439-11e8-beef-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a2f6554-d036-11e7-beec-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{2a2f6554-d036-11e7-beec-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a2f65ba-d036-11e7-beec-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{2a2f65ba-d036-11e7-beec-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a2f65c4-d036-11e7-beec-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{2a2f65c4-d036-11e7-beec-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454f5b82-e938-11e5-bee1-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{454f5b82-e938-11e5-bee1-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{486d5b79-d3a7-11e8-bef8-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{486d5b79-d3a7-11e8-bef8-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{486d5b82-d3a7-11e8-bef8-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{486d5b82-d3a7-11e8-bef8-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a42ff50-48b2-11e5-bed7-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{4a42ff50-48b2-11e5-bed7-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6257f6bd-bae3-11e5-bee0-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{6257f6bd-bae3-11e5-bee0-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d89cc54-5339-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{7d89cc54-5339-11e7-beea-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94c0bd75-88d4-11e8-bef1-e2d383dbce61} => removed successfully
HKLM\Software\Classes\CLSID\{94c0bd75-88d4-11e8-bef1-e2d383dbce61} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c7659e8-8f71-11e8-bef1-e2d383dbce61} => removed successfully
HKLM\Software\Classes\CLSID\{9c7659e8-8f71-11e8-bef1-e2d383dbce61} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6594149-4bbf-11e8-beef-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{b6594149-4bbf-11e8-beef-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6594151-4bbf-11e8-beef-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{b6594151-4bbf-11e8-beef-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9b6da5d-1a26-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{b9b6da5d-1a26-11e7-beea-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9b6e9fa-1a26-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{b9b6e9fa-1a26-11e7-beea-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4765a1e-d263-11e5-bee0-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{c4765a1e-d263-11e5-bee0-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1d3b51b-809c-11e6-bee6-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{d1d3b51b-809c-11e6-bee6-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e282bbd9-7e6c-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{e282bbd9-7e6c-11e7-beea-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5165bad-cd3d-11e8-bef8-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{e5165bad-cd3d-11e8-bef8-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef32e5d3-5423-11e3-be7c-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{ef32e5d3-5423-11e3-be7c-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef470bda-8ef1-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{ef470bda-8ef1-11e7-beea-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef470be9-8ef1-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{ef470be9-8ef1-11e7-beea-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef471913-8ef1-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{ef471913-8ef1-11e7-beea-70188b45893e} => not found
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9DD2AA4-C547-444A-83E9-3ABFF20765EE} => removed successfully
HKLM\Software\Classes\CLSID\{C9DD2AA4-C547-444A-83E9-3ABFF20765EE} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => path removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\System\CurrentControlSet\Services\BtAudioBusSrv => removed successfully
BtAudioBusSrv => service removed successfully
HKLM\System\CurrentControlSet\Services\BthL2caScoIfSrv => removed successfully
BthL2caScoIfSrv => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => removed successfully
NAVENG => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVEX15 => removed successfully
NAVEX15 => service removed successfully
HKU\S-1-5-21-797450051-102285635-2811792732-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21784ECA-C0C5-43A5-B099-045DD1B307E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21784ECA-C0C5-43A5-B099-045DD1B307E8}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21784ECA-C0C5-43A5-B099-045DD1B307E8}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21784ECA-C0C5-43A5-B099-045DD1B307E8}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C46E480-050E-4D82-91BD-BA22EDA30E1E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C46E480-050E-4D82-91BD-BA22EDA30E1E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C46E480-050E-4D82-91BD-BA22EDA30E1E}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6D05DA7-915B-42D5-8DE9-30B753C58046}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6D05DA7-915B-42D5-8DE9-30B753C58046}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6D05DA7-915B-42D5-8DE9-30B753C58046}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62874108 B
Java, Flash, Steam htmlcache => 1154 B
Windows/system/drivers => 1928993533 B
Edge => 0 B
Chrome => 0 B
Firefox => 1109687135 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 3838137 B
LocalService => 6760829 B
NetworkService => 1706036 B
Jitka => 3828210491 B
Martinek => 12874 B

RecycleBin => 175213857 B
EmptyTemp: => 6.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:35:52 ====

Re: Poprosim o preventivku

Napsal: 31 pro 2018 18:33
od Conder
:arrow: Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?

:arrow: Program "McAfee WebAdvisor" odporucam odinstalovat, ak ho nepotrebujes/nepouzivas.

:arrow: Odporucam doinstalovat vsetky dolezite aktualizacie cez Windows Update.

Re: Poprosim o preventivku

Napsal: 01 led 2019 13:48
od Martin.Horacek
Ahoj, vse nejlepsi v novem roce preji! Dekuju za rady. Pocitac bezi tk nejak normalne. je porad pomalejsi ale to muze byt avastem, ze kontroluje kazdou akci?

mcafee odinstaluju a dam urcite win update

muzu se jen zeptat byly tam nejak zasadni potvory? trojani nebo neco zkrytyjo co mohlo nekam posilat informace? neco co by melo spolecneho s occamy.c nebo zpevdo.a trojanama?

Jeste jenou diky.
M.

Re: Poprosim o preventivku

Napsal: 02 led 2019 00:04
od Conder
Dik, takisto prajem vsetko dobre do noveho roku :)

Podla logov PC vyzera cisty, malware som tam nevidel. Precistili sme v podstate iba zbytocnosti.

Tazko povedat, co konkretne spomaluje PC, kazdopadne malwarom by to nemalo byt. Mozme este skusit dalsi sken. V PC je nainstalovany aj Malwarebytes, predpokladam, ze s nim si uz tiez preskenoval PC, ci?

:arrow: Stiahni a uloz na plochu ESET Online Scanner: ceska verzia | slovenska verzia
  • Odsuhlas licencne podmienky
  • Vyber moznost Zapnut detekciu potencialne nechcenych aplikacii
  • Otvor rozsirene nastavenia
  • Zaskrtni prvu moznost Zapnut detekciu potenciale zneuzitelnych aplikacii
  • Klikni na Kontrola alebo Spustit
  • Pockaj na dokoncenie - tento sken moze trvat aj niekolko hodin (zavisi od velkosti a rychlosti diskov)
  • V pripade nalezov:
    • Klikni na Ulozit do textoveho suboru
    • Napis nazov napr. "eset" a uloz log na plochu
    • Obsah tohto logu sem skopiruj

Re: Poprosim o preventivku

Napsal: 02 led 2019 14:54
od Martin.Horacek
Ahoj,

mcafee je pryc, Win updates vsechny nainstalovane. Jak koukam do task manageru tk mi to opravdu pripadne, ze avast kontroluje jakoukoliv akci a co zpomaluje PC je hlavne vytizenost disku.

Zkusim ten Eset jak prijdu domu, jan malinky dotaz, kdyz jsme skenovali PC nemohl behem scanu do toho vseho nejak kecat ten avast a treba nejakou hrozbu 'schovat'? (jestli ted placam blbosti, tk pardon:))

diky ozvu se jak dopadl ten eset scan.
Martin

p.s. malwarebytes jsem spustil predtim a naslo to ty hrozby ohledne occamy.c a zpevdo.a trojanu a hned je dal do karanteny.

Re: Poprosim o preventivku

Napsal: 02 led 2019 20:48
od Conder
:arrow: V Malwarebytes v casti Spravy by mal byt z toho log, exportuj ho a posli aj ten.

:arrow: Avast ako antivirus by hrozby nemal schovavat (to robia prave rootkity), ale naopak odstranit ich a zobrazit upozornenie.

:arrow: Pockame teda este na vysledok u ESETu.

Re: Poprosim o preventivku

Napsal: 05 led 2019 22:28
od Martin.Horacek
Ahoj, omlouvam se ya poydni odpoved ale nebzl jsem ted doma.

zde je log z esetu
5. 1. 2019 22:22:05
Zkontrolováno souborů: 371456
Infikovaných souborů: 2
Vyléčeno hrozeb: 2
Celkový čas kontroly 02:24:51
Stav kontroly: Dokončeno
C:\Program Files (x86)\Free Sound Recorder\goup.exe varianta infiltrace Win32/Meikehuayi.A potenciálně nechtěná aplikace vyléčen smazáním
C:\ProgramData\PDF Architect 4\Installation\PDFArchitect4Installer.exe varianta infiltrace Win32/LuluSoftware.A potenciálně nechtěná aplikace vyléčen smazáním


a zde z MWB


Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 29.12.18
Čas skenování: 9:05
Logovací soubor: 779ca6c8-0b40-11e9-8c8d-70188b45893e.json

-Informace o softwaru-
Verze: 3.6.1.2711
Verze komponentů: 1.0.508
Aktualizovat verzi balíku komponent: 1.0.8543
Licence: Zkušební

-Systémová informace-
OS: Windows 8.1
CPU: x64
Systém souborů: NTFS
Uživatel: Nunanek\Jitka

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 297663
Zjištěné hrozby: 5
Hrozby umístěné do karantény: 5
Uplynulý čas: 11 min, 7 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 1
PUP.Optional.InstallCore, HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\CSASTATS\ic, V karanténě, [414], [586068],1.0.8543

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 4
PUP.Optional.Monetizer, C:\USERS\JITKA\APPDATA\LOCAL\TEMP\IS-IGQO0.TMP\CBSTUB.EXE, V karanténě, [8083], [140604],1.0.8543
PUP.Optional.PerformerSoft, C:\USERS\JITKA\APPDATA\LOCAL\TEMP\СODEC PERFORMER.EXE, V karanténě, [527], [301146],1.0.8543
Generic.Malware/Suspicious, C:\USERS\JITKA\DESKTOP\INPA.lnk, V karanténě, [0], [392686],1.0.8543
Generic.Malware/Suspicious, C:\EC-APPS\INPA\INPA.EXE, V karanténě, [0], [392686],1.0.8543

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Diky dik.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz