BRTSvc

[bonapart]

prosim o radu:
C:\Program Files (x86)\BRTSvc
našel jsem a smazal z tohoto umístění, po restartu se již neobjevil.
stačí prosté smazání nebo je ještě někde jinde?
spomalenější PC se po smazání rozeběhlo ale není to ještě ono.
děkuji za odpovědi, Milan

[Conder]

Ahoj

Zrejme sa jedna o bitcoin miner. Poprosim o obidva logy z FRST a uvidime, ci sa este v PC nachadza. Navod: https://forum.viry.cz/viewtopic.php?f=13&t=154679

[bonapart]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2020
Ran by aaa (administrator) on DESKTOP-1JNUR2R (ATComputers COMFOR DIABLO I65) (19-01-2020 22:28:52)
Running from C:\Users\aaa\Desktop
Loaded Profiles: aaa (Available Profiles: defaultuser0 & aaa)
Platform: Windows 10 Pro Version 1903 18362.592 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\macmnsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\masvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\macompatsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mctray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mfemactl.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfehcs.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(OORT inc. -> oh!soft) C:\Program Files (x86)\oCam\oCamTask.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Config.Msi\9f1e102.rbf
(Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\aaa\AppData\Roaming\Telegram Desktop\Telegram.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vicamon.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vmonproc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IMMON] => C:\Program Files (x86)\IM Magician\Vicamon.exe [143360 2010-09-28] (Vimisoft Studio) [File not signed]
HKLM-x32\...\Run: [IMMONSUPPORT] => "C:\Program Files (x86)\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe [532184 2017-06-14] (McAfee, Inc. -> McAfee LLC.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [326680 2019-05-16] (McAfee, Inc. -> McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-08-03] (Nero AG -> Nero AG)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-08] (Google LLC -> Google LLC)
Startup: C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2018-03-19]
ShortcutTarget: Telegram.lnk -> C:\Users\aaa\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3DA5A35D-00DE-469C-A3F5-055E3C9B8AF5} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS.exe
Task: {6D6DC8DE-5295-4E49-B5D6-446344A4EC88} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {71C37E72-5579-4A38-A6E8-566DD5108E9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {7BD8E00E-16CE-45E1-9ABA-33CED54E89D7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {81795AC2-BBFA-40A9-B4C2-C1A162AC9B67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-30] (Google Inc -> Google LLC)
Task: {ADE86D2D-6B1A-4AA7-916E-EC6368E47D48} - System32\Tasks\oCamTask => C:\Program Files (x86)\oCam\oCamTask.exe [148816 2019-09-06] (OORT inc. -> oh!soft)
Task: {C39432B3-5517-49C8-8ACD-F0173769553F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-30] (Google Inc -> Google LLC)
Task: {D0FC1248-F34A-4F28-AAB2-12AB5D5569C4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_314_pepper.exe [1453112 2020-01-18] (Adobe Inc. -> Adobe)
Task: {D704F254-5329-4319-AE34-5A1179F573B9} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {E95EB5B1-F375-4E9B-9765-97A7523519FD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{14b0b5df-90a9-4ebf-9aed-aaa7b8c0f122}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20190923202205.dll [2019-09-23] (McAfee, Inc. -> McAfee, LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20190923202206.dll [2019-09-23] (McAfee, Inc. -> McAfee, LLC)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2019-09-23] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2905597249-1629462600-326273939-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\aaa\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-10-16] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Session Restore: Default -> is enabled.
CHR Notifications: Default -> hxxps://app.cryptokingdom.tech
CHR Profile: C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default [2020-01-19]
CHR DownloadDir: C:\Users\aaa\Desktop
CHR Extension: (Prezentace) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-30]
CHR Extension: (Dokumenty) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-30]
CHR Extension: (Disk Google) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-30]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-08-30]
CHR Extension: (YouTube) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-30]
CHR Extension: (Tabulky) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-30]
CHR Extension: (Chrome Media Router) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [121648 2017-06-14] (McAfee, Inc. -> McAfee LLC.)
R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [64384 2017-06-14] (McAfee, Inc. -> McAfee LLC.)
R3 McAfeeFramework; C:\Program Files\McAfee\Agent\x86\macompatsvc.exe [223376 2017-06-14] (McAfee, Inc. -> McAfee LLC.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [419792 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [320208 2019-05-16] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [376992 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [609920 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [542240 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG -> Nero AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-11-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-11-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2017-06-05] (Sony Mobile Communications AB -> Sony Mobile Communications)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [523336 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R3 mfeaacsk; C:\WINDOWS\System32\drivers\mfeaacsk.sys [64048 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [380976 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [109104 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [86144 2019-09-23] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518192 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R3 mfehck; C:\WINDOWS\System32\drivers\mfehck.sys [91184 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [991792 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [118320 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [126000 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254000 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-11-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [351968 2019-11-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-11-05] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-19 22:28 - 2020-01-19 22:32 - 000020677 _____ C:\Users\aaa\Desktop\FRST.txt
2020-01-19 22:28 - 2020-01-19 22:30 - 000000000 ____D C:\FRST
2020-01-19 22:26 - 2020-01-19 22:26 - 002572800 _____ (Farbar) C:\Users\aaa\Desktop\FRST64.exe
2020-01-19 19:24 - 2020-01-19 22:40 - 1795984729 _____ C:\Users\aaa\Desktop\Lovci pokladů 2.avi.77412918580319272.part
2020-01-19 19:24 - 2020-01-19 22:40 - 1324784756 _____ C:\Users\aaa\Desktop\Lovci pokladů- Kniha tajemství _ National Treasure Book of Secrets (2007) USA Akčni Cz dab.avi.6321737889389407089.part
2020-01-19 19:24 - 2020-01-19 22:40 - 1323461901 _____ C:\Users\aaa\Desktop\Lovci pokladů - Kniha tajemství (2007).mkv.336126829035592183.part
2020-01-17 20:05 - 2020-01-17 20:05 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-17 20:05 - 2020-01-17 20:05 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-01-17 20:05 - 2020-01-17 20:05 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-01-17 20:05 - 2020-01-17 20:05 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-01-17 19:47 - 2020-01-17 19:47 - 000000000 ____D C:\Users\aaa\Documents\NeroVision
2020-01-17 19:14 - 2020-01-17 19:15 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-01-17 19:14 - 2020-01-17 19:15 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-01-16 19:02 - 2020-01-16 19:19 - 000000000 ____D C:\Users\aaa\Desktop\vypovědi
2020-01-13 21:49 - 2020-01-13 21:49 - 000000000 ____D C:\Users\aaa\Desktop\foto 2020
2020-01-13 21:31 - 2020-01-13 21:39 - 000000000 ____D C:\Users\aaa\Desktop\Nová složka
2020-01-12 17:41 - 2020-01-12 20:53 - 1710034809 _____ C:\Users\aaa\Desktop\Láska na vlásku - pohádka (2014).mp4
2020-01-08 21:04 - 2020-01-12 13:28 - 000000000 ____D C:\Users\aaa\Desktop\GP Kurz 2
2020-01-08 20:27 - 2020-01-08 20:27 - 000000010 _____ C:\Users\aaa\Desktop\mike heslo.txt
2020-01-05 22:17 - 2020-01-05 22:17 - 000000000 ____D C:\Users\aaa\Documents\inzeraty foto
2020-01-05 22:16 - 2020-01-05 22:16 - 000000000 ____D C:\Users\aaa\Desktop\inzeraty foto
2020-01-05 22:16 - 2020-01-05 22:16 - 000000000 ____D C:\Users\aaa\Desktop\inventura 2019
2020-01-03 22:03 - 2020-01-03 22:04 - 000000000 ____D C:\Program Files (x86)\YouTube Downloader
2020-01-03 22:03 - 2020-01-03 22:03 - 000001147 _____ C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouTube Downloader.lnk
2019-12-25 23:14 - 2019-12-26 00:48 - 000000000 ____D C:\Users\aaa\Desktop\gott

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-19 22:31 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-19 21:51 - 2018-03-25 11:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-01-19 21:49 - 2018-03-25 11:45 - 000114232 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2020-01-19 21:49 - 2018-03-25 11:44 - 000000000 ____D C:\Program Files (x86)\Java
2020-01-19 21:35 - 2019-09-23 18:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-19 19:23 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-19 19:21 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-19 19:20 - 2019-09-23 19:21 - 000002017 _____ C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk
2020-01-19 19:19 - 2018-02-06 14:10 - 000000000 ____D C:\Users\aaa\AppData\Roaming\Telegram Desktop
2020-01-19 18:44 - 2017-10-06 09:32 - 000000000 ____D C:\Program Files (x86)\VideoViewer
2020-01-19 18:15 - 2019-09-23 18:34 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2905597249-1629462600-326273939-1001
2020-01-19 18:14 - 2019-09-23 18:16 - 000002400 _____ C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-19 18:14 - 2016-12-02 21:53 - 000000000 ___RD C:\Users\aaa\OneDrive
2020-01-18 18:50 - 2017-08-02 12:17 - 000000000 ____D C:\Users\aaa\AppData\Local\Adobe
2020-01-18 18:49 - 2019-09-23 18:34 - 000004662 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-01-18 18:49 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-01-18 18:49 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-01-18 18:48 - 2017-09-12 17:44 - 000000000 ____D C:\Users\aaa\AppData\Roaming\vlc
2020-01-18 18:27 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-17 23:30 - 2019-03-19 05:37 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
2020-01-17 23:29 - 2019-09-23 18:09 - 000442920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-01-17 23:28 - 2019-09-23 18:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-17 23:27 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-17 23:24 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-01-17 23:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-01-17 23:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-01-17 23:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-01-17 20:26 - 2016-12-02 23:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-17 20:13 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-17 20:13 - 2016-12-02 23:25 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-16 19:03 - 2017-09-04 09:22 - 000000000 ____D C:\Users\aaa\Desktop\AA XP
2020-01-12 12:01 - 2019-01-29 05:01 - 000000000 ____D C:\Users\aaa\Downloads\Telegram Desktop
2020-01-09 21:27 - 2019-12-16 20:08 - 000000000 ____D C:\Users\aaa\Desktop\GP Kurz 1
2020-01-08 20:33 - 2019-10-20 19:37 - 000000000 ____D C:\Users\aaa\Desktop\videa z tel
2020-01-08 05:25 - 2019-07-30 22:28 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-07 13:59 - 2017-07-30 16:41 - 000000000 ____D C:\Users\aaa\Desktop\Marie Tatrnová
2020-01-06 10:01 - 2019-01-13 12:17 - 000000000 ____D C:\Users\aaa\AppData\Roaming\ViberPC
2020-01-06 10:00 - 2019-01-13 12:18 - 000000000 ____D C:\Users\aaa\Documents\ViberDownloads
2020-01-05 22:18 - 2017-06-15 08:05 - 000000000 ____D C:\Users\aaa\Desktop\AAA DOKUMENTY
2020-01-05 17:48 - 2018-10-29 20:09 - 000000000 ____D C:\Users\aaa\Desktop\Serialy
2020-01-03 22:03 - 2017-08-11 20:45 - 000000000 ___RD C:\Users\aaa\Desktop\NÁSTROJE
2019-12-30 20:37 - 2019-03-12 17:53 - 000000000 ____D C:\Users\aaa\Desktop\foto 2019
2019-12-27 20:12 - 2019-12-13 21:47 - 000000000 ____D C:\Users\aaa\Desktop\Martin viděno
2019-12-26 13:10 - 2018-04-16 16:47 - 000000000 ____D C:\Users\aaa\Desktop\JÍDELÁK 2018
2019-12-22 18:39 - 2019-05-28 14:44 - 000000000 ___HD C:\Users\aaa\Desktop\Anděl 2018
2019-12-22 18:39 - 2018-08-12 19:45 - 000000000 ____D C:\Users\aaa\Desktop\foto 2018
2019-12-20 21:17 - 2017-08-02 12:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ========

2019-05-28 10:03 - 2019-06-23 18:51 - 000004608 _____ () C:\Users\aaa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-13 20:20 - 2017-09-13 20:20 - 000000017 _____ () C:\Users\aaa\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[bonapart]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2020
Ran by aaa (19-01-2020 22:41:07)
Running from C:\Users\aaa\Desktop
Windows 10 Pro Version 1903 18362.592 (X64) (2019-09-23 17:35:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

aaa (S-1-5-21-2905597249-1629462600-326273939-1001 - Administrator - Enabled) => C:\Users\aaa
Administrator (S-1-5-21-2905597249-1629462600-326273939-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2905597249-1629462600-326273939-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2905597249-1629462600-326273939-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2905597249-1629462600-326273939-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2905597249-1629462600-326273939-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {1006DC03-1FB1-9E52-7C81-F2FAB48962E3}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Admiral Markets MT5 (HKLM\...\Admiral Markets MT5) (Version: 5.00 - MetaQuotes Software Corp.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.314 - Adobe)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation)
Components Setup (HKLM-x32\...\{BDDEE95D-0671-4A38-AAF3-2A7D5801B323}) (Version: 1.00.0000 - Vimicro Corporation) Hidden
Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.9 - Poikosoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
IM Magician (HKLM-x32\...\{A5742726-2180-4253-83A7-53558486A7A2}) (Version: 1.00.0001 - Vimisoft Studio)
IrfanView 4.52 (64-bit) (HKLM\...\IrfanView64) (Version: 4.52 - Irfan Skiljan)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
McAfee Agent (HKLM\...\{80684F9A-6B01-4F3F-A8C7-C4B7BDF072F1}) (Version: 5.0.6.220 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.013000 - McAfee, Inc.)
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1029}) (Version: 8.0.182 - Nero AG)
NQuotes (HKLM-x32\...\NQuotes) (Version: 1.13 - Brainroom Ltd.)
oCam version 490.0 (HKLM-x32\...\oCam_is1) (Version: 490.0 - hxxp://ohsoft.net/)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Slovník Verdict Free (a internetový překladač) (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Verdict Free) (Version: - )
Sonic Foundry Sound Forge 6.0a (HKLM-x32\...\{6CDC68BB-C997-4ADC-9BA0-6293FB88521E}) (Version: 6.0.150 - Sonic Foundry)
Telegram Desktop version 1.9.4 (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.9.4 - Telegram FZ-LLC)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden
Viber (HKLM-x32\...\{BFA8868B-76A2-4B64-ADE2-76CF7E3E882D}) (Version: 9.9.5.12 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\{144a144e-eecc-4102-bd8b-778664ebf53a}) (Version: 9.9.5.12 - Viber Media Inc.)
Video Viewer (HKLM-x32\...\Video Viewer) (Version: 0.1.9.7 - AVTECH Corporation, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VSO Image Resizer 1.3.4d (HKLM-x32\...\VSO Image Resizer_is1) (Version: 1.3.4d - VSO-Software)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}) (Version: 1.0.30 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.0.1.1219 - Xilisoft)
YTD (pepak) (HKLM-x32\...\YTD_Pepak) (Version: - )
Zoom (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\ZoomUMX) (Version: 4.5 - Zoom Video Communications, Inc.)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-01] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
Microsoft Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-15] (Microsoft Corporation) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.105.0_x64__8wekyb3d8bbwe [2019-12-21] (Microsoft Studios)
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-25] (Netflix, Inc.)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2007-08-04] (Nero AG -> Nero AG)
ContextMenuHandlers1: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2019-05-16] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers4: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2019-05-16] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ImageResizer] -> {C6193976-9333-4E73-96BA-7B21CA942187} => C:\Program Files (x86)\VSO\Image Resizer\RSZShell64.dll [2007-01-24] (VSO Software SARL) [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2019-05-16] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.MPG4] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.MP42] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2007-03-13 10:28 - 2007-03-13 10:28 - 000823296 _____ () [File not signed] C:\Program Files (x86)\Common Files\Nero\Lib\log4cxx.dll
2016-12-02 22:00 - 2010-03-15 11:28 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2018-03-25 11:42 - 2014-05-18 20:32 - 000441220 _____ (Java(TM) Native Access (JNA)) [File not signed] C:\Users\aaa\Desktop\NÁSTROJE\FreeRapid-0.9u4\lib\jnidispatch32.dll
2018-01-22 19:50 - 2010-09-26 20:31 - 000073728 ____R (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\exvmuvc.ax
2018-01-22 19:50 - 2010-09-28 12:04 - 000081920 _____ (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\VmicCommonIR.dll
2018-01-22 19:50 - 2010-06-21 15:56 - 000077824 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\FlydCamCtrl.dll
2018-01-22 19:50 - 2010-09-28 13:43 - 000147456 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\Plugins\immirrc.dll
2018-01-22 19:50 - 2010-06-21 15:56 - 000073728 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\TiaDecFac.dll
2018-01-22 19:51 - 2010-06-10 15:10 - 000081920 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydblapl.ax
2018-01-22 19:51 - 2010-05-18 17:23 - 000196608 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydcam.ax
2019-08-15 17:52 - 2007-01-24 09:38 - 000130048 _____ (VSO Software SARL) [File not signed] C:\Program Files (x86)\VSO\Image Resizer\RSZShell64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{429CF2BB-91DC-42B8-9AF9-587823ACC87E}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{A3518309-723E-4FB4-BC64-103B9708AA00}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4F05A4CF-5509-4268-AFB5-EB40A5D085B5}] => (Allow) C:\Program Files\Admiral Markets MT5\metatester64.exe (MetaQuotes Software Corp. -> MetaQuotes Software Corp.)
FirewallRules: [{986693FE-2F3A-468D-83F8-DA4340C6CA29}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
FirewallRules: [{941826A8-CBB8-4E2B-9BBE-C03DD53965D2}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
FirewallRules: [UDP Query User{523EC6D2-0E8A-4FB8-A508-A795F55E382E}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe (AVTECH) [File not signed]
FirewallRules: [TCP Query User{79C32572-946E-48CF-90CA-B64E7CB95191}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe (AVTECH) [File not signed]
FirewallRules: [UDP Query User{FB12E5DD-F9AA-4DE2-93FA-8C265F94DDF3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BB9736D6-BA41-4001-BBDB-81FF6FA7A576}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AFC98497-7732-4BEC-BB8E-B08871DBCA2C}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{28C31ACC-F509-44A6-AC1F-D9B690F335E6}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{0E8A3579-2D1D-4BB9-BA79-BCBB4B828C2B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{29DBEAF4-1771-4F6C-9FD8-77F5F381E08F}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{1D6A71AF-1ADE-46D9-A1F6-FA5F8BF89B33}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{99D1E8FB-AAD8-40F0-8EF9-6EE8BD5CA390}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{8155F672-63A1-49F9-896E-9511CA903A65}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe No File
FirewallRules: [{142A2E18-D95F-4C53-AA9D-2CB997F46C1E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe No File
FirewallRules: [{C9DC3E7B-2870-4617-AB22-AB93F6314765}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe No File
FirewallRules: [{68EF71F6-AF14-41F2-B131-F7B442CBE9E8}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe No File
FirewallRules: [TCP Query User{0390A106-3AF7-4363-A748-3F4455E14EF7}C:\program files (x86)\videoviewer\videoviewer.exe] => (Block) C:\program files (x86)\videoviewer\videoviewer.exe (AVTECH) [File not signed]
FirewallRules: [UDP Query User{6444DB01-25D1-45AD-9905-8D634C3A9362}C:\program files (x86)\videoviewer\videoviewer.exe] => (Block) C:\program files (x86)\videoviewer\videoviewer.exe (AVTECH) [File not signed]
FirewallRules: [TCP Query User{8BF7EB87-E13D-4FE8-8301-564719B0E349}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe No File
FirewallRules: [UDP Query User{FD769A59-594E-41CE-95FA-D0C6B69CC3D3}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe No File
FirewallRules: [{D5D227E6-74EF-4BFF-82F7-F2C70ADF3703}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{CCA0F5E7-7B67-4DD7-A7D5-4FD484BA7A0A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [TCP Query User{B0743B75-93A8-44EA-A969-92311DDD56CD}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe No File
FirewallRules: [UDP Query User{0697B737-5D05-4738-ADFA-2E77ECE3178D}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe No File
FirewallRules: [TCP Query User{807389EF-F73E-498A-8F33-68B9224FB859}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [UDP Query User{BD0A65AF-223E-49BC-9E97-A873F55DE117}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [TCP Query User{FDE4B27C-D078-4CB2-8F86-20447217832D}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe No File
FirewallRules: [UDP Query User{B28E1106-7C65-4998-973D-6B42C576F506}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe No File
FirewallRules: [{41B55316-CCE3-4118-B69F-E04AC94C3D3B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{BF260DAD-8FD3-43DB-B554-170AAA390C3A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{81A37EFA-7493-4F1C-93FC-92A56DCF6789}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe No File
FirewallRules: [UDP Query User{BB0DB695-0B30-443D-B291-451D981C30AA}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe No File
FirewallRules: [TCP Query User{BB908422-74F5-44F8-8CF7-9EF2AC4F363C}C:\users\aaa\appdata\local\temp\keygen.exe] => (Allow) C:\users\aaa\appdata\local\temp\keygen.exe No File
FirewallRules: [UDP Query User{2473CD95-4273-4963-BA81-E010C6FF6C29}C:\users\aaa\appdata\local\temp\keygen.exe] => (Allow) C:\users\aaa\appdata\local\temp\keygen.exe No File
FirewallRules: [{26C8ABBB-C5E4-4EE4-B2DA-5879EA24EA5D}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{43CC3079-FC02-4D11-8496-A0FA0795E7A4}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{917A3821-484C-4B61-8498-B89208B30163}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{8473AAD1-96D9-4CDB-8F8F-BB181A3D29D5}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [TCP Query User{51DD86A4-7A3B-4D5B-9A1C-AFB229613AF8}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [UDP Query User{05388E02-D273-4010-9FEC-47A76A9BFCCF}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [TCP Query User{E032C053-8342-4D02-A5FF-EA1BF4094C92}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe No File
FirewallRules: [UDP Query User{07BE12DB-7DB6-4E76-9076-8713C59F0439}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe No File
FirewallRules: [{DFF9E4D4-826B-4D12-914A-9E47F1031DDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

17-01-2020 19:11:06 Windows Update

==================== Faulty Device Manager Devices ============

Name: Velkokapacitní paměťové zařízení USB
Description: Velkokapacitní paměťové zařízení USB
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Úložiště kompatibilní se sběrnicí USB
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/19/2020 10:13:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7868,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/19/2020 09:40:32 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11896,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/19/2020 07:55:45 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7008,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/19/2020 07:34:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9300,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/19/2020 06:53:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2868,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/19/2020 06:38:45 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10752,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/19/2020 06:31:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2688,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/19/2020 06:20:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3292,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).


System errors:
=============
Error: (01/18/2020 06:31:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1JNUR2R)
Description: Server {F9717507-6651-4EDB-BFF7-AE615179BCCF} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/18/2020 06:31:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1JNUR2R)
Description: Server {F9717507-6651-4EDB-BFF7-AE615179BCCF} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/12/2020 12:28:21 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1JNUR2R)
Description: Server Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/12/2020 12:18:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.

Error: (12/23/2019 11:29:14 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1JNUR2R)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/23/2019 11:29:13 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1JNUR2R)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/23/2019 11:29:13 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1JNUR2R)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/23/2019 11:29:13 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1JNUR2R)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2019-09-23 20:17:58.793
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\CCleaner\CCleaner64.exe provádění změn v paměti.
Čas detekce: 2019-09-23T18:17:58.792Z
Uživatel: (unknown user)
Cesta: \Device\Harddisk1\DR1
Název procesu: C:\Program Files\CCleaner\CCleaner64.exe
Verze bezpečnostních informací: 1.301.2094.0
Verze modulu: 1.1.16300.1
Verze produktu: 4.18.1902.5

Date: 2019-09-23 20:16:56.861
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\CCleaner\CCUpdate.exe provádění změn v paměti.
Čas detekce: 2019-09-23T18:16:56.861Z
Uživatel: NT AUTHORITY\SYSTEM
Cesta: \Device\Harddisk1\DR1
Název procesu: C:\Program Files\CCleaner\CCUpdate.exe
Verze bezpečnostních informací: 1.301.2094.0
Verze modulu: 1.1.16300.1
Verze produktu: 4.18.1902.5

Date: 2019-09-23 19:43:02.700
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\CCleaner\CCleaner64.exe provádění změn v paměti.
Čas detekce: 2019-09-23T17:43:02.699Z
Uživatel: (unknown user)
Cesta: \Device\Harddisk1\DR1
Název procesu: C:\Program Files\CCleaner\CCleaner64.exe
Verze bezpečnostních informací: 1.301.2094.0
Verze modulu: 1.1.16300.1
Verze produktu: 4.18.1902.5

Date: 2019-09-23 19:42:55.547
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\CCleaner\CCUpdate.exe provádění změn v paměti.
Čas detekce: 2019-09-23T17:42:55.547Z
Uživatel: NT AUTHORITY\SYSTEM
Cesta: \Device\Harddisk1\DR1
Název procesu: C:\Program Files\CCleaner\CCUpdate.exe
Verze bezpečnostních informací: 1.301.2094.0
Verze modulu: 1.1.16300.1
Verze produktu: 4.18.1902.5

Date: 2019-10-27 22:54:46.580
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.301.2094.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80070643
Popis chyby: Při instalaci došlo k závažné chybě.

==================== Memory info ===========================

BIOS: Award Software International, Inc. F4 02/06/2012
Motherboard: Gigabyte Technology Co., Ltd. H55M-D2H
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 85%
Total physical RAM: 3767.49 MB
Available physical RAM: 562.14 MB
Total Virtual: 7095.49 MB
Available Virtual: 2869.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.56 GB) (Free:344.36 GB) NTFS
Drive d: () (Fixed) (Total:931.41 GB) (Free:418.6 GB) NTFS

\\?\Volume{f2781714-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{f2781714-0000-0000-0000-80c3e8000000}\ () (Fixed) (Total:0.46 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 00084F14)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F2781714)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=467 MB) - (Type=27)

==================== End of Addition.txt =======================

[bonapart]

Zatím moc děkuji Milan

[Conder]

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

[bonapart]

# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build: 12-17-2019
# Database: 2020-01-15.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-20-2020
# Duration: 00:00:59
# OS: Windows 10 Pro
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\VIDEOVIEWER

***** [ Files ] *****

Deleted C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1393 octets] - [20/01/2020 22:39:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Conder]

Poprosim o obidva nove logy z FRST.

[bonapart]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2020
Ran by aaa (administrator) on DESKTOP-1JNUR2R (ATComputers COMFOR DIABLO I65) (21-01-2020 17:56:25)
Running from C:\Users\aaa\Desktop
Loaded Profiles: aaa (Available Profiles: defaultuser0 & aaa)
Platform: Windows 10 Pro Version 1903 18362.592 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\ANTSvc\ANTSvc.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\macmnsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\masvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\macompatsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mctray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mfemactl.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfehcs.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(OORT inc. -> oh!soft) C:\Program Files (x86)\oCam\oCamTask.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\aaa\AppData\Roaming\Telegram Desktop\Telegram.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vicamon.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vmonproc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IMMON] => C:\Program Files (x86)\IM Magician\Vicamon.exe [143360 2010-09-28] (Vimisoft Studio) [File not signed]
HKLM-x32\...\Run: [IMMONSUPPORT] => "C:\Program Files (x86)\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe [532184 2017-06-14] (McAfee, Inc. -> McAfee LLC.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [326680 2019-05-16] (McAfee, Inc. -> McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-08-03] (Nero AG -> Nero AG)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-08] (Google LLC -> Google LLC)
Startup: C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2018-03-19]
ShortcutTarget: Telegram.lnk -> C:\Users\aaa\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3DA5A35D-00DE-469C-A3F5-055E3C9B8AF5} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS.exe
Task: {47F5E9D8-6DB0-4001-9EC7-AAA7277F8F14} - System32\Tasks\ANTToolsSvc => C:\Program Files (x86)\ANTSvc\ANTSvc.exe [5014528 2020-01-16] () [File not signed]
Task: {5FCEBB97-CE98-49DD-8688-3498F1C20BEB} - System32\Tasks\oCamTask => C:\Program Files (x86)\oCam\oCamTask.exe [148816 2019-09-06] (OORT inc. -> oh!soft)
Task: {6D6DC8DE-5295-4E49-B5D6-446344A4EC88} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {71C37E72-5579-4A38-A6E8-566DD5108E9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-16] (Piriform Software Ltd -> Piriform Ltd)
Task: {7BD8E00E-16CE-45E1-9ABA-33CED54E89D7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {81795AC2-BBFA-40A9-B4C2-C1A162AC9B67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-30] (Google Inc -> Google LLC)
Task: {C39432B3-5517-49C8-8ACD-F0173769553F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-30] (Google Inc -> Google LLC)
Task: {D0FC1248-F34A-4F28-AAB2-12AB5D5569C4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_314_pepper.exe [1453112 2020-01-18] (Adobe Inc. -> Adobe)
Task: {D3541E97-E55B-4C9E-BAF1-5C40AE0348A6} - System32\Tasks\ANTTools => C:\Program Files (x86)\ANTSvc\ANTSvc.exe [5014528 2020-01-16] () [File not signed]
Task: {D704F254-5329-4319-AE34-5A1179F573B9} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {E95EB5B1-F375-4E9B-9765-97A7523519FD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{14b0b5df-90a9-4ebf-9aed-aaa7b8c0f122}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20190923202205.dll [2019-09-23] (McAfee, Inc. -> McAfee, LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20190923202206.dll [2019-09-23] (McAfee, Inc. -> McAfee, LLC)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2019-09-23] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2905597249-1629462600-326273939-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\aaa\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-10-16] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Session Restore: Default -> is enabled.
CHR Notifications: Default -> hxxps://app.cryptokingdom.tech
CHR Profile: C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default [2020-01-21]
CHR DownloadDir: C:\Users\aaa\Desktop
CHR Extension: (Prezentace) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-30]
CHR Extension: (Dokumenty) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-30]
CHR Extension: (Disk Google) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-30]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-08-30]
CHR Extension: (YouTube) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-30]
CHR Extension: (Tabulky) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-30]
CHR Extension: (Chrome Media Router) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [121648 2017-06-14] (McAfee, Inc. -> McAfee LLC.)
R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [64384 2017-06-14] (McAfee, Inc. -> McAfee LLC.)
R3 McAfeeFramework; C:\Program Files\McAfee\Agent\x86\macompatsvc.exe [223376 2017-06-14] (McAfee, Inc. -> McAfee LLC.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [419792 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [320208 2019-05-16] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [376992 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [609920 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [542240 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG -> Nero AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-11-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-11-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2017-06-05] (Sony Mobile Communications AB -> Sony Mobile Communications)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [523336 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R3 mfeaacsk; C:\WINDOWS\System32\drivers\mfeaacsk.sys [64048 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [380976 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [109104 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [86144 2019-09-23] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518192 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R3 mfehck; C:\WINDOWS\System32\drivers\mfehck.sys [91184 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [991792 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [118320 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [126000 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254000 2019-09-23] (McAfee, Inc. -> McAfee, LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-11-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [351968 2019-11-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-11-05] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-21 17:56 - 2020-01-21 17:59 - 000018586 _____ C:\Users\aaa\Desktop\FRST.txt
2020-01-20 22:37 - 2020-01-20 22:41 - 000000000 ____D C:\AdwCleaner
2020-01-20 22:15 - 2020-01-20 22:15 - 008237744 _____ (Malwarebytes) C:\Users\aaa\Desktop\adwcleaner_8.0.1.exe
2020-01-20 22:07 - 2020-01-21 08:56 - 000000000 ____D C:\Users\aaa\Desktop\Harmoniky 2
2020-01-20 20:59 - 2020-01-20 21:02 - 000003016 _____ C:\WINDOWS\system32\Tasks\oCamTask
2020-01-20 20:59 - 2020-01-20 21:02 - 000001020 _____ C:\Users\Public\Desktop\oCam.lnk
2020-01-20 20:59 - 2020-01-20 21:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oCam
2020-01-20 20:58 - 2020-01-20 21:02 - 000000000 ____D C:\Program Files (x86)\oCam
2020-01-20 18:45 - 2020-01-20 18:45 - 000003018 _____ C:\WINDOWS\system32\Tasks\ANTToolsSvc
2020-01-20 18:45 - 2020-01-20 18:45 - 000003018 _____ C:\WINDOWS\system32\Tasks\ANTTools
2020-01-20 18:45 - 2020-01-20 18:45 - 000000000 ____D C:\Program Files (x86)\ANTSvc
2020-01-19 22:28 - 2020-01-21 17:58 - 000000000 ____D C:\FRST
2020-01-19 22:26 - 2020-01-19 22:26 - 002572800 _____ (Farbar) C:\Users\aaa\Desktop\FRST64.exe
2020-01-19 19:24 - 2020-01-19 23:12 - 2292236386 _____ C:\Users\aaa\Desktop\Lovci pokladů 2.avi
2020-01-17 20:05 - 2020-01-17 20:05 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-17 20:05 - 2020-01-17 20:05 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-01-17 20:05 - 2020-01-17 20:05 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-01-17 20:05 - 2020-01-17 20:05 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2020-01-17 20:05 - 2020-01-17 20:05 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2020-01-17 20:04 - 2020-01-17 20:04 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-01-17 20:04 - 2020-01-17 20:04 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-01-17 20:04 - 2020-01-17 20:04 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-01-17 19:47 - 2020-01-17 19:47 - 000000000 ____D C:\Users\aaa\Documents\NeroVision
2020-01-17 19:14 - 2020-01-17 19:15 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-01-17 19:14 - 2020-01-17 19:15 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-01-16 19:02 - 2020-01-16 19:19 - 000000000 ____D C:\Users\aaa\Desktop\vypovědi
2020-01-13 21:49 - 2020-01-13 21:49 - 000000000 ____D C:\Users\aaa\Desktop\foto 2020
2020-01-13 21:31 - 2020-01-13 21:39 - 000000000 ____D C:\Users\aaa\Desktop\Nová složka
2020-01-12 17:41 - 2020-01-12 20:53 - 1710034809 _____ C:\Users\aaa\Desktop\Láska na vlásku - pohádka (2014).mp4
2020-01-08 21:04 - 2020-01-12 13:28 - 000000000 ____D C:\Users\aaa\Desktop\GP Kurz 2
2020-01-08 20:27 - 2020-01-08 20:27 - 000000010 _____ C:\Users\aaa\Desktop\mike heslo.txt
2020-01-05 22:17 - 2020-01-05 22:17 - 000000000 ____D C:\Users\aaa\Documents\inzeraty foto
2020-01-05 22:16 - 2020-01-05 22:16 - 000000000 ____D C:\Users\aaa\Desktop\inzeraty foto
2020-01-05 22:16 - 2020-01-05 22:16 - 000000000 ____D C:\Users\aaa\Desktop\inventura 2019
2020-01-03 22:03 - 2020-01-03 22:04 - 000000000 ____D C:\Program Files (x86)\YouTube Downloader
2020-01-03 22:03 - 2020-01-03 22:03 - 000001147 _____ C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouTube Downloader.lnk
2019-12-25 23:14 - 2019-12-26 00:48 - 000000000 ____D C:\Users\aaa\Desktop\gott

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-21 17:53 - 2019-09-23 18:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-21 17:53 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-21 17:27 - 2019-09-23 19:21 - 000002017 _____ C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee VirusScan Scan Messages.lnk
2020-01-21 17:27 - 2018-02-06 14:10 - 000000000 ____D C:\Users\aaa\AppData\Roaming\Telegram Desktop
2020-01-21 08:55 - 2017-09-12 17:44 - 000000000 ____D C:\Users\aaa\AppData\Roaming\vlc
2020-01-21 08:09 - 2017-07-29 12:22 - 000000000 ____D C:\Users\aaa\Desktop\NAINSTALOVANO
2020-01-20 22:44 - 2019-09-23 18:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-20 22:44 - 2018-03-25 11:44 - 000000000 ____D C:\Program Files (x86)\Java
2020-01-20 22:43 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-19 21:51 - 2018-03-25 11:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-01-19 21:49 - 2018-03-25 11:45 - 000114232 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2020-01-19 19:23 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-19 19:21 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-19 18:15 - 2019-09-23 18:34 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2905597249-1629462600-326273939-1001
2020-01-19 18:14 - 2019-09-23 18:16 - 000002400 _____ C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-19 18:14 - 2016-12-02 21:53 - 000000000 ___RD C:\Users\aaa\OneDrive
2020-01-18 18:50 - 2017-08-02 12:17 - 000000000 ____D C:\Users\aaa\AppData\Local\Adobe
2020-01-18 18:49 - 2019-09-23 18:34 - 000004662 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-01-18 18:49 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-01-18 18:49 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-01-18 18:27 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-17 23:30 - 2019-03-19 05:37 - 000131072 _____ C:\WINDOWS\system32\config\ELAM
2020-01-17 23:29 - 2019-09-23 18:09 - 000442920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-01-17 23:24 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-01-17 23:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-01-17 23:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-01-17 23:24 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-01-17 20:26 - 2016-12-02 23:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-17 20:13 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-17 20:13 - 2016-12-02 23:25 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-16 19:03 - 2017-09-04 09:22 - 000000000 ____D C:\Users\aaa\Desktop\AA XP
2020-01-12 12:01 - 2019-01-29 05:01 - 000000000 ____D C:\Users\aaa\Downloads\Telegram Desktop
2020-01-09 21:27 - 2019-12-16 20:08 - 000000000 ____D C:\Users\aaa\Desktop\GP Kurz 1
2020-01-08 20:33 - 2019-10-20 19:37 - 000000000 ____D C:\Users\aaa\Desktop\videa z tel
2020-01-08 05:25 - 2019-07-30 22:28 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-07 13:59 - 2017-07-30 16:41 - 000000000 ____D C:\Users\aaa\Desktop\Marie Tatrnová
2020-01-06 10:01 - 2019-01-13 12:17 - 000000000 ____D C:\Users\aaa\AppData\Roaming\ViberPC
2020-01-06 10:00 - 2019-01-13 12:18 - 000000000 ____D C:\Users\aaa\Documents\ViberDownloads
2020-01-05 22:18 - 2017-06-15 08:05 - 000000000 ____D C:\Users\aaa\Desktop\AAA DOKUMENTY
2020-01-05 17:48 - 2018-10-29 20:09 - 000000000 ____D C:\Users\aaa\Desktop\Serialy
2020-01-03 22:03 - 2017-08-11 20:45 - 000000000 ___RD C:\Users\aaa\Desktop\NÁSTROJE
2019-12-30 20:37 - 2019-03-12 17:53 - 000000000 ____D C:\Users\aaa\Desktop\foto 2019
2019-12-27 20:12 - 2019-12-13 21:47 - 000000000 ____D C:\Users\aaa\Desktop\Martin viděno
2019-12-26 13:10 - 2018-04-16 16:47 - 000000000 ____D C:\Users\aaa\Desktop\JÍDELÁK 2018
2019-12-22 18:39 - 2019-05-28 14:44 - 000000000 ___HD C:\Users\aaa\Desktop\Anděl 2018
2019-12-22 18:39 - 2018-08-12 19:45 - 000000000 ____D C:\Users\aaa\Desktop\foto 2018

==================== Files in the root of some directories ========

2019-05-28 10:03 - 2019-06-23 18:51 - 000004608 _____ () C:\Users\aaa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-13 20:20 - 2017-09-13 20:20 - 000000017 _____ () C:\Users\aaa\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[bonapart]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2020
Ran by aaa (21-01-2020 18:06:24)
Running from C:\Users\aaa\Desktop
Windows 10 Pro Version 1903 18362.592 (X64) (2019-09-23 17:35:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

aaa (S-1-5-21-2905597249-1629462600-326273939-1001 - Administrator - Enabled) => C:\Users\aaa
Administrator (S-1-5-21-2905597249-1629462600-326273939-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2905597249-1629462600-326273939-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2905597249-1629462600-326273939-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2905597249-1629462600-326273939-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2905597249-1629462600-326273939-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {1006DC03-1FB1-9E52-7C81-F2FAB48962E3}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Admiral Markets MT5 (HKLM\...\Admiral Markets MT5) (Version: 5.00 - MetaQuotes Software Corp.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.314 - Adobe)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
ANTSvc version 1.0.0.0 (HKLM-x32\...\ANTSvc_is1) (Version: 1.0.0.0 - ANTSvc)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation)
Components Setup (HKLM-x32\...\{BDDEE95D-0671-4A38-AAF3-2A7D5801B323}) (Version: 1.00.0000 - Vimicro Corporation) Hidden
Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.9 - Poikosoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
IM Magician (HKLM-x32\...\{A5742726-2180-4253-83A7-53558486A7A2}) (Version: 1.00.0001 - Vimisoft Studio)
IrfanView 4.52 (64-bit) (HKLM\...\IrfanView64) (Version: 4.52 - Irfan Skiljan)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
McAfee Agent (HKLM\...\{80684F9A-6B01-4F3F-A8C7-C4B7BDF072F1}) (Version: 5.0.6.220 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.013000 - McAfee, Inc.)
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1029}) (Version: 8.0.182 - Nero AG)
NQuotes (HKLM-x32\...\NQuotes) (Version: 1.13 - Brainroom Ltd.)
oCam version 495.0 (HKLM-x32\...\oCam_is1) (Version: 495.0 - hxxp://ohsoft.net/)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Slovník Verdict Free (a internetový překladač) (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Verdict Free) (Version: - )
Sonic Foundry Sound Forge 6.0a (HKLM-x32\...\{6CDC68BB-C997-4ADC-9BA0-6293FB88521E}) (Version: 6.0.150 - Sonic Foundry)
Telegram Desktop version 1.9.4 (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.9.4 - Telegram FZ-LLC)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden
Viber (HKLM-x32\...\{BFA8868B-76A2-4B64-ADE2-76CF7E3E882D}) (Version: 9.9.5.12 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\{144a144e-eecc-4102-bd8b-778664ebf53a}) (Version: 9.9.5.12 - Viber Media Inc.)
Video Viewer (HKLM-x32\...\Video Viewer) (Version: 0.1.9.7 - AVTECH Corporation, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VSO Image Resizer 1.3.4d (HKLM-x32\...\VSO Image Resizer_is1) (Version: 1.3.4d - VSO-Software)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}) (Version: 1.0.30 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.0.1.1219 - Xilisoft)
YTD (pepak) (HKLM-x32\...\YTD_Pepak) (Version: - )
Zoom (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\ZoomUMX) (Version: 4.5 - Zoom Video Communications, Inc.)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-01] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
Microsoft Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-15] (Microsoft Corporation) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.105.0_x64__8wekyb3d8bbwe [2019-12-21] (Microsoft Studios)
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-25] (Netflix, Inc.)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2007-08-04] (Nero AG -> Nero AG)
ContextMenuHandlers1: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2019-05-16] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers4: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2019-05-16] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ImageResizer] -> {C6193976-9333-4E73-96BA-7B21CA942187} => C:\Program Files (x86)\VSO\Image Resizer\RSZShell64.dll [2007-01-24] (VSO Software SARL) [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2019-05-16] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.MPG4] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.MP42] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2007-03-13 10:28 - 2007-03-13 10:28 - 000823296 _____ () [File not signed] C:\Program Files (x86)\Common Files\Nero\Lib\log4cxx.dll
2016-12-02 22:00 - 2010-03-15 11:28 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2020-01-20 18:45 - 2018-05-23 21:47 - 002265600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ANTSvc\libeay32.dll
2018-01-22 19:50 - 2010-09-26 20:31 - 000073728 ____R (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\exvmuvc.ax
2018-01-22 19:50 - 2010-09-28 12:04 - 000081920 _____ (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\VmicCommonIR.dll
2018-01-22 19:50 - 2010-06-21 15:56 - 000077824 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\FlydCamCtrl.dll
2018-01-22 19:50 - 2010-09-28 13:43 - 000147456 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\Plugins\immirrc.dll
2018-01-22 19:50 - 2010-06-21 15:56 - 000073728 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\TiaDecFac.dll
2018-01-22 19:51 - 2010-06-10 15:10 - 000081920 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydblapl.ax
2018-01-22 19:51 - 2010-05-18 17:23 - 000196608 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydcam.ax
2019-08-15 17:52 - 2007-01-24 09:38 - 000130048 _____ (VSO Software SARL) [File not signed] C:\Program Files (x86)\VSO\Image Resizer\RSZShell64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{429CF2BB-91DC-42B8-9AF9-587823ACC87E}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{A3518309-723E-4FB4-BC64-103B9708AA00}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4F05A4CF-5509-4268-AFB5-EB40A5D085B5}] => (Allow) C:\Program Files\Admiral Markets MT5\metatester64.exe (MetaQuotes Software Corp. -> MetaQuotes Software Corp.)
FirewallRules: [{986693FE-2F3A-468D-83F8-DA4340C6CA29}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
FirewallRules: [{941826A8-CBB8-4E2B-9BBE-C03DD53965D2}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
FirewallRules: [UDP Query User{523EC6D2-0E8A-4FB8-A508-A795F55E382E}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe No File
FirewallRules: [TCP Query User{79C32572-946E-48CF-90CA-B64E7CB95191}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe No File
FirewallRules: [UDP Query User{FB12E5DD-F9AA-4DE2-93FA-8C265F94DDF3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BB9736D6-BA41-4001-BBDB-81FF6FA7A576}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AFC98497-7732-4BEC-BB8E-B08871DBCA2C}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{28C31ACC-F509-44A6-AC1F-D9B690F335E6}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{0E8A3579-2D1D-4BB9-BA79-BCBB4B828C2B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{29DBEAF4-1771-4F6C-9FD8-77F5F381E08F}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{1D6A71AF-1ADE-46D9-A1F6-FA5F8BF89B33}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{99D1E8FB-AAD8-40F0-8EF9-6EE8BD5CA390}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe No File
FirewallRules: [{8155F672-63A1-49F9-896E-9511CA903A65}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe No File
FirewallRules: [{142A2E18-D95F-4C53-AA9D-2CB997F46C1E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe No File
FirewallRules: [{C9DC3E7B-2870-4617-AB22-AB93F6314765}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe No File
FirewallRules: [{68EF71F6-AF14-41F2-B131-F7B442CBE9E8}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe No File
FirewallRules: [TCP Query User{0390A106-3AF7-4363-A748-3F4455E14EF7}C:\program files (x86)\videoviewer\videoviewer.exe] => (Block) C:\program files (x86)\videoviewer\videoviewer.exe No File
FirewallRules: [UDP Query User{6444DB01-25D1-45AD-9905-8D634C3A9362}C:\program files (x86)\videoviewer\videoviewer.exe] => (Block) C:\program files (x86)\videoviewer\videoviewer.exe No File
FirewallRules: [TCP Query User{8BF7EB87-E13D-4FE8-8301-564719B0E349}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe No File
FirewallRules: [UDP Query User{FD769A59-594E-41CE-95FA-D0C6B69CC3D3}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe No File
FirewallRules: [{D5D227E6-74EF-4BFF-82F7-F2C70ADF3703}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{CCA0F5E7-7B67-4DD7-A7D5-4FD484BA7A0A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [TCP Query User{B0743B75-93A8-44EA-A969-92311DDD56CD}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe No File
FirewallRules: [UDP Query User{0697B737-5D05-4738-ADFA-2E77ECE3178D}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe No File
FirewallRules: [TCP Query User{807389EF-F73E-498A-8F33-68B9224FB859}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [UDP Query User{BD0A65AF-223E-49BC-9E97-A873F55DE117}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [TCP Query User{FDE4B27C-D078-4CB2-8F86-20447217832D}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe No File
FirewallRules: [UDP Query User{B28E1106-7C65-4998-973D-6B42C576F506}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe No File
FirewallRules: [{41B55316-CCE3-4118-B69F-E04AC94C3D3B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{BF260DAD-8FD3-43DB-B554-170AAA390C3A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{81A37EFA-7493-4F1C-93FC-92A56DCF6789}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe No File
FirewallRules: [UDP Query User{BB0DB695-0B30-443D-B291-451D981C30AA}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe No File
FirewallRules: [TCP Query User{BB908422-74F5-44F8-8CF7-9EF2AC4F363C}C:\users\aaa\appdata\local\temp\keygen.exe] => (Allow) C:\users\aaa\appdata\local\temp\keygen.exe No File
FirewallRules: [UDP Query User{2473CD95-4273-4963-BA81-E010C6FF6C29}C:\users\aaa\appdata\local\temp\keygen.exe] => (Allow) C:\users\aaa\appdata\local\temp\keygen.exe No File
FirewallRules: [{26C8ABBB-C5E4-4EE4-B2DA-5879EA24EA5D}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{43CC3079-FC02-4D11-8496-A0FA0795E7A4}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{917A3821-484C-4B61-8498-B89208B30163}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{8473AAD1-96D9-4CDB-8F8F-BB181A3D29D5}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [TCP Query User{51DD86A4-7A3B-4D5B-9A1C-AFB229613AF8}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [UDP Query User{05388E02-D273-4010-9FEC-47A76A9BFCCF}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [TCP Query User{E032C053-8342-4D02-A5FF-EA1BF4094C92}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe No File
FirewallRules: [UDP Query User{07BE12DB-7DB6-4E76-9076-8713C59F0439}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe No File
FirewallRules: [{DFF9E4D4-826B-4D12-914A-9E47F1031DDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{EF6C2B77-156B-48E3-AA55-7B39F06DDBE7}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe
FirewallRules: [UDP Query User{9DED04E5-CBBB-4BE1-92A6-1936398BF5B9}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe

==================== Restore Points =========================

17-01-2020 19:11:06 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/21/2020 05:46:32 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6644,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/21/2020 05:35:53 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3096,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/21/2020 09:01:12 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1864,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/21/2020 08:56:06 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3276,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/21/2020 08:16:36 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2320,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/20/2020 10:55:56 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5800,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/20/2020 10:47:44 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (01/20/2020 10:43:24 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.


System errors:
=============
Error: (01/20/2020 10:43:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Adaptér výkonu rozhraní WMI neuspěla při spuštění v důsledku následující chyby:
Služba nebyla zahájena, protože se nepodařilo přihlásit.

Error: (01/20/2020 10:43:52 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba wmiApSrv se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
Požadavek není podporován.


Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (01/20/2020 10:41:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (01/20/2020 10:41:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NMIndexingService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/20/2020 10:41:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Office Software Protection Platform byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/20/2020 10:41:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bluetooth Driver Management Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/20/2020 10:41:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/20/2020 10:41:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Adaptér výkonu rozhraní WMI byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.


Windows Defender:
===================================
Date: 2019-09-23 20:17:58.793
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\CCleaner\CCleaner64.exe provádění změn v paměti.
Čas detekce: 2019-09-23T18:17:58.792Z
Uživatel: (unknown user)
Cesta: \Device\Harddisk1\DR1
Název procesu: C:\Program Files\CCleaner\CCleaner64.exe
Verze bezpečnostních informací: 1.301.2094.0
Verze modulu: 1.1.16300.1
Verze produktu: 4.18.1902.5

Date: 2019-09-23 20:16:56.861
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\CCleaner\CCUpdate.exe provádění změn v paměti.
Čas detekce: 2019-09-23T18:16:56.861Z
Uživatel: NT AUTHORITY\SYSTEM
Cesta: \Device\Harddisk1\DR1
Název procesu: C:\Program Files\CCleaner\CCUpdate.exe
Verze bezpečnostních informací: 1.301.2094.0
Verze modulu: 1.1.16300.1
Verze produktu: 4.18.1902.5

Date: 2019-09-23 19:43:02.700
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\CCleaner\CCleaner64.exe provádění změn v paměti.
Čas detekce: 2019-09-23T17:43:02.699Z
Uživatel: (unknown user)
Cesta: \Device\Harddisk1\DR1
Název procesu: C:\Program Files\CCleaner\CCleaner64.exe
Verze bezpečnostních informací: 1.301.2094.0
Verze modulu: 1.1.16300.1
Verze produktu: 4.18.1902.5

Date: 2019-09-23 19:42:55.547
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\CCleaner\CCUpdate.exe provádění změn v paměti.
Čas detekce: 2019-09-23T17:42:55.547Z
Uživatel: NT AUTHORITY\SYSTEM
Cesta: \Device\Harddisk1\DR1
Název procesu: C:\Program Files\CCleaner\CCUpdate.exe
Verze bezpečnostních informací: 1.301.2094.0
Verze modulu: 1.1.16300.1
Verze produktu: 4.18.1902.5

Date: 2019-10-27 22:54:46.580
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.301.2094.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80070643
Popis chyby: Při instalaci došlo k závažné chybě.

==================== Memory info ===========================

BIOS: Award Software International, Inc. F4 02/06/2012
Motherboard: Gigabyte Technology Co., Ltd. H55M-D2H
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 57%
Total physical RAM: 3767.49 MB
Available physical RAM: 1616.35 MB
Total Virtual: 7812.77 MB
Available Virtual: 5252.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.56 GB) (Free:344.31 GB) NTFS
Drive d: () (Fixed) (Total:931.41 GB) (Free:416.5 GB) NTFS

\\?\Volume{f2781714-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{f2781714-0000-0000-0000-80c3e8000000}\ () (Fixed) (Total:0.46 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 00084F14)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F2781714)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=467 MB) - (Type=27)

==================== End of Addition.txt =======================

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  Folder: C:\Program Files (x86)\ANTSvc
  Zip: C:\Program Files (x86)\ANTSvc
  File: C:\Program Files (x86)\ANTSvc\ANTSvc.exe
  File: C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe
  File: C:\Users\aaa\AppData\Roaming\Zoom\bin\Zoom.exe
  
  Task: {3DA5A35D-00DE-469C-A3F5-055E3C9B8AF5} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS.exe
  C:\WINDOWS\AutoKMS.exe
  Task: {47F5E9D8-6DB0-4001-9EC7-AAA7277F8F14} - System32\Tasks\ANTToolsSvc => C:\Program Files (x86)\ANTSvc\ANTSvc.exe [5014528 2020-01-16] () [File not signed]
  C:\Program Files (x86)\ANTSvc
  Task: {D3541E97-E55B-4C9E-BAF1-5C40AE0348A6} - System32\Tasks\ANTTools => C:\Program Files (x86)\ANTSvc\ANTSvc.exe [5014528 2020-01-16] () [File not signed]
  Task: {D704F254-5329-4319-AE34-5A1179F573B9} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
  C:\Program Files\KMSpico
  Task: {E95EB5B1-F375-4E9B-9765-97A7523519FD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
  FirewallRules: [{429CF2BB-91DC-42B8-9AF9-587823ACC87E}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe No File
  FirewallRules: [{986693FE-2F3A-468D-83F8-DA4340C6CA29}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
  FirewallRules: [{941826A8-CBB8-4E2B-9BBE-C03DD53965D2}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
  FirewallRules: [{D5D227E6-74EF-4BFF-82F7-F2C70ADF3703}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
  FirewallRules: [{CCA0F5E7-7B67-4DD7-A7D5-4FD484BA7A0A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
  FirewallRules: [TCP Query User{BB908422-74F5-44F8-8CF7-9EF2AC4F363C}C:\users\aaa\appdata\local\temp\keygen.exe] => (Allow) C:\users\aaa\appdata\local\temp\keygen.exe No File
  FirewallRules: [UDP Query User{2473CD95-4273-4963-BA81-E010C6FF6C29}C:\users\aaa\appdata\local\temp\keygen.exe] => (Allow) C:\users\aaa\appdata\local\temp\keygen.exe No File
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Na ploche by sa mal vytvorit ZIP archiv s aktualnym datumom a casom v nazve, posli ho ako priohu k dalsiemu prispevku alebo nahraj ho napr. na leteckaposta.cz (alebo na ine ulozisko) a posli odkaz na stiahnutie.

[bonapart]

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2020 01
Ran by aaa (23-01-2020 08:58:41) Run:1
Running from C:\Users\aaa\Desktop
Loaded Profiles: aaa (Available Profiles: defaultuser0 & aaa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\Program Files (x86)\ANTSvc
Zip: C:\Program Files (x86)\ANTSvc
File: C:\Program Files (x86)\ANTSvc\ANTSvc.exe
File: C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe
File: C:\Users\aaa\AppData\Roaming\Zoom\bin\Zoom.exe

Task: {3DA5A35D-00DE-469C-A3F5-055E3C9B8AF5} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS.exe
C:\WINDOWS\AutoKMS.exe
Task: {47F5E9D8-6DB0-4001-9EC7-AAA7277F8F14} - System32\Tasks\ANTToolsSvc => C:\Program Files (x86)\ANTSvc\ANTSvc.exe [5014528 2020-01-16] () [File not signed]
C:\Program Files (x86)\ANTSvc
Task: {D3541E97-E55B-4C9E-BAF1-5C40AE0348A6} - System32\Tasks\ANTTools => C:\Program Files (x86)\ANTSvc\ANTSvc.exe [5014528 2020-01-16] () [File not signed]
Task: {D704F254-5329-4319-AE34-5A1179F573B9} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
C:\Program Files\KMSpico
Task: {E95EB5B1-F375-4E9B-9765-97A7523519FD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
FirewallRules: [{429CF2BB-91DC-42B8-9AF9-587823ACC87E}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{986693FE-2F3A-468D-83F8-DA4340C6CA29}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
FirewallRules: [{941826A8-CBB8-4E2B-9BBE-C03DD53965D2}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe No File
FirewallRules: [{D5D227E6-74EF-4BFF-82F7-F2C70ADF3703}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [{CCA0F5E7-7B67-4DD7-A7D5-4FD484BA7A0A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe No File
FirewallRules: [TCP Query User{BB908422-74F5-44F8-8CF7-9EF2AC4F363C}C:\users\aaa\appdata\local\temp\keygen.exe] => (Allow) C:\users\aaa\appdata\local\temp\keygen.exe No File
FirewallRules: [UDP Query User{2473CD95-4273-4963-BA81-E010C6FF6C29}C:\users\aaa\appdata\local\temp\keygen.exe] => (Allow) C:\users\aaa\appdata\local\temp\keygen.exe No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 63160
Average :
Sum : 563245204639
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========


========================= Folder: C:\Program Files (x86)\ANTSvc ========================

2020-01-20 18:45 - 2020-01-16 17:39 - 003416576 ____A [5C6AD577C8D12B8D0D471EC14B5E1D44] () C:\Program Files (x86)\ANTSvc\ant.exe
2020-01-20 18:45 - 2020-01-16 17:39 - 003111560 ____A [15C2BC6D49D851956B6CFEFCF6C92A80] (oort - ASProtect 64 (License for a firm or a company)) C:\Program Files (x86)\ANTSvc\ANTSvc.dll
2020-01-20 18:45 - 2020-01-16 17:38 - 005014528 ____A [A52D28E143F5655F088C4994D7FC849F] () C:\Program Files (x86)\ANTSvc\ANTSvc.exe
2020-01-20 18:45 - 2020-01-16 17:39 - 000157304 ____A [F5A97B168C935D9E845B4E20983556F0] (oort - ASProtect 64 (License for a firm or a company)) C:\Program Files (x86)\ANTSvc\ANTSvc.x64
2020-01-20 18:45 - 2020-01-16 17:38 - 000178688 ____A [7637C1311A4AB5A9CDF0D78B60D615A9] () C:\Program Files (x86)\ANTSvc\ANTSvcHelper.dll
2020-01-20 18:45 - 2020-01-16 17:39 - 001196928 ____A [FA95E21212B788091ED357CBE8926063] (oort - ASProtect 64 (License for a firm or a company)) C:\Program Files (x86)\ANTSvc\ANTSvcService.exe
2020-01-20 18:45 - 2018-05-23 21:47 - 002265600 ____A [C6840A177A249A405729F00F5ED00469] (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\ANTSvc\libeay32.dll
2020-01-20 18:45 - 2017-01-26 19:35 - 000385024 ____A [56FC1BBAFF1F8A4A78D643C1B1E6BD0F] (The OpenSSL Project, http://www.openssl.org/) C:\Program Files (x86)\ANTSvc\ssleay32.dll
2020-01-20 18:45 - 2020-01-20 18:45 - 000006899 ____A [4ADF471EA62AD8E4950E229189A00E18] () C:\Program Files (x86)\ANTSvc\unins000.dat
2020-01-20 18:45 - 2020-01-20 18:45 - 002649937 ____A [FFCB78F54BBBB8866664549979B714C8] () C:\Program Files (x86)\ANTSvc\unins000.exe

====== End of Folder: ======

================== Zip: ===================
C:\Program Files (x86)\ANTSvc -> copied successfully to C:\Users\aaa\Desktop\23.01.2020_09.01.35.zip
=========== Zip: End ===========

========================= File: C:\Program Files (x86)\ANTSvc\ANTSvc.exe ========================

C:\Program Files (x86)\ANTSvc\ANTSvc.exe
File not signed
MD5: A52D28E143F5655F088C4994D7FC849F
Creation and modification date: 2020-01-20 18:45 - 2020-01-16 17:38
Size: 005014528
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version: 1.0.0.0
Product Version: 1.0.0.0
Copyright:
VirusTotal: https://www.virustotal.com/file/988ca85 ... 579716800/

====== End of File: ======


========================= File: C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe ========================

"C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe" => not found
====== End of File: ======


========================= File: C:\Users\aaa\AppData\Roaming\Zoom\bin\Zoom.exe ========================

C:\Users\aaa\AppData\Roaming\Zoom\bin\Zoom.exe
File is digitally signed
MD5: 966AEE552377B367DFA1362BF43D1702
Creation and modification date: 2019-10-16 20:20 - 2019-10-16 20:20
Size: 000223064
Attributes: ----A
Company Name: Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.
Internal Name: Zoom Meetings
Original Name: Zoom Meetings
Product: Zoom Meetings
Description: Zoom Meetings
File Version: 4,5,5452,1010
Product Version: 4,5,5452,1010
Copyright: © Zoom Video Communications, Inc. All rights reserved.
VirusTotal: https://www.virustotal.com/file/b28aea3 ... 574022916/

====== End of File: ======

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{3DA5A35D-00DE-469C-A3F5-055E3C9B8AF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DA5A35D-00DE-469C-A3F5-055E3C9B8AF5}" => removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"C:\WINDOWS\AutoKMS.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{47F5E9D8-6DB0-4001-9EC7-AAA7277F8F14}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47F5E9D8-6DB0-4001-9EC7-AAA7277F8F14}" => removed successfully
C:\WINDOWS\System32\Tasks\ANTToolsSvc => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ANTToolsSvc" => removed successfully
C:\Program Files (x86)\ANTSvc => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3541E97-E55B-4C9E-BAF1-5C40AE0348A6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3541E97-E55B-4C9E-BAF1-5C40AE0348A6}" => removed successfully
C:\WINDOWS\System32\Tasks\ANTTools => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ANTTools" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D704F254-5329-4319-AE34-5A1179F573B9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D704F254-5329-4319-AE34-5A1179F573B9}" => removed successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => removed successfully
C:\Program Files\KMSpico => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E95EB5B1-F375-4E9B-9765-97A7523519FD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E95EB5B1-F375-4E9B-9765-97A7523519FD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{429CF2BB-91DC-42B8-9AF9-587823ACC87E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{986693FE-2F3A-468D-83F8-DA4340C6CA29}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{941826A8-CBB8-4E2B-9BBE-C03DD53965D2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5D227E6-74EF-4BFF-82F7-F2C70ADF3703}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCA0F5E7-7B67-4DD7-A7D5-4FD484BA7A0A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BB908422-74F5-44F8-8CF7-9EF2AC4F363C}C:\users\aaa\appdata\local\temp\keygen.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2473CD95-4273-4963-BA81-E010C6FF6C29}C:\users\aaa\appdata\local\temp\keygen.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 808533902 B
Java, Flash, Steam htmlcache => 510 B
Windows/system/drivers => 2304001 B
Edge => 2073787 B
Chrome => 481296673 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 155096 B
NetworkService => 189498 B
defaultuser0 => 189498 B
aaa => 162374589 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:03:32 ====

[bonapart]

zip soubor

[bonapart]

nedaří se mi připojit zip soubor ani do konverzace ani do letecke pošty, do uschovna.cz se uložil

[Conder]

OK, tak poprosim o odkaz na uschovnu. Dalej poprosim o obidva nove logy z FRST na kontrolu.

Ako to momentalne vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?