Neustale vyskakuji reklamni okna

[sLim01]

Hezky den,
prosim o pomoc s temer nepouzitelnym pocitacem. Kaydych 5s vyskakuji reklamni okna.
Mockrat dekuju

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018
Ran by fidrmucova (administrator) on DRUHATRIDA (28-08-2018 21:43:42)
Running from C:\Users\fidrmucova\Desktop
Loaded Profiles: fidrmucova (Available Profiles: fidrmucova)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Promethean) C:\Program Files\Activ Software\ActivDriver\activcontrolsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osa.exe
() C:\Program Files\Activ Software\ActivRelay\activRelay.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MpCmdRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files (x86)\Artal\5042487.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
( ) C:\Users\fidrmucova\AppData\Roaming\5nug1mymk1a\s0f0qulztf1.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
( ) C:\Users\fidrmucova\AppData\Roaming\sqhrq21jncq\flphnsru3no.exe
(KUI5%ZSL) C:\Program Files\RENYK9R2FV\KXTGB10SL.exe
() C:\Users\fidrmucova\AppData\Local\Temp\is-14VI3.tmp\flphnsru3no.tmp
() C:\Users\fidrmucova\AppData\Local\Temp\is-6LHJ8.tmp\s0f0qulztf1.tmp
(Lowest ) C:\Users\fidrmucova\AppData\Roaming\oce3kvtyp2h\ovztsancrvh.exe
() C:\Users\fidrmucova\AppData\Local\Temp\is-6G9SQ.tmp\ovztsancrvh.tmp
(KUI5%ZSL) C:\Program Files\RCHGOFT8UH\RCHGOFT8U.exe
(Lowest ) C:\Users\fidrmucova\AppData\Roaming\fyckbmo1iml\h30fmhxoumk.exe
() C:\Users\fidrmucova\AppData\Local\Temp\is-NVJQ3.tmp\h30fmhxoumk.tmp
(JGI01@7) C:\Program Files\ZOSLLM1N9S\ZOSLLM1N9.exe
(Hang ) C:\Users\fidrmucova\AppData\Roaming\ixc2nw25ff0\mrc0iwvam3v.exe
() C:\Users\fidrmucova\AppData\Local\Temp\is-5OE6I.tmp\mrc0iwvam3v.tmp
(8DD4UWHV) C:\Program Files\K4K4F3L5CS\K4K4F3L5C.exe
(Hang ) C:\Users\fidrmucova\AppData\Roaming\dvihzizgxvx\bvg11mj0c3u.exe
() C:\Users\fidrmucova\AppData\Local\Temp\is-QM1SU.tmp\bvg11mj0c3u.tmp
(IEB) C:\Program Files\ZXIBFS92HI\PBW5VRL4F.exe
(Hang ) C:\Users\fidrmucova\AppData\Roaming\so4yeel0sj3\zdgo4l41njz.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Users\fidrmucova\AppData\Local\Temp\is-FN6B1.tmp\zdgo4l41njz.tmp
(BAGP) C:\Program Files\ZCKJPK90R6\6ZBRKBY37.exe
(Hang ) C:\Users\fidrmucova\AppData\Roaming\21s22bo5mtj\kozh4kytzzz.exe
() C:\Users\fidrmucova\AppData\Local\Temp\is-UPPO2.tmp\kozh4kytzzz.tmp
(Opera Software) C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera.exe
(Opera Software) C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera_crashreporter.exe
( ) C:\Users\fidrmucova\AppData\Roaming\ic1vdyhjwj1\panlp3sg4qe.exe
(7%G37%5A) C:\Program Files\RXJUAEX2EX\6CJASAZR4.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Opera Software) C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osaui.exe
( ) C:\Users\fidrmucova\AppData\Roaming\izn20lis5s0\0kurt4hi2ev.exe
(3PN2BC4) C:\Program Files\RKBTXHCAHG\T2HMOPYD5.exe
() C:\Users\fidrmucova\AppData\Local\Temp\is-GM75R.tmp\panlp3sg4qe.tmp
() C:\Users\fidrmucova\AppData\Local\Temp\is-8N7LN.tmp\0kurt4hi2ev.tmp
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera.exe
(Opera Software) C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera.exe
(Opera Software) C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera.exe
(Opera Software) C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera.exe
(Opera Software) C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera.exe
(Opera Software) C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera.exe
() C:\Windows\Temp\JZkOEbITvPfCrZRe\IftgWgCbV.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ActivManager] => C:\Program Files\Activ Software\ActivDriver\activmgr.exe [1171456 2017-06-13] ()
HKLM\...\Run: [ActivRelayKA] => C:\Program Files\Activ Software\ActivRelay\activrelay_ka.exe [944128 2017-06-13] ()
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533568 2012-08-23] (NTI Corporation)
HKLM-x32\...\Run: [OfficeSubscriptionAgent] => C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe [932160 2011-11-16] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1471320 2018-08-08] (Google Inc.)
HKLM\...\RunOnce: [hgy34oddabg] => C:\Program Files (x86)\Artal\5042487.exe [670720 2018-07-13] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2017-09-28] ()
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2437920 2017-10-02] (Acer)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [World of Warships] => "C:\Games\World_of_Warships\WargamingGameUpdater.exe"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [WHC9WTQ779XAD8Y] => C:\Program Files\3XGVQYR3C8\3XGVQYR3C.exe [837120 2018-07-14] (VQXQ)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [IHRWCHPRGTZWKWW] => C:\Program Files\SUNK974A8S\5JUZH6AB8.exe [806912 2018-07-14] (1W)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [T60R8H16MY4QYJO] => C:\Program Files\CNDSY2HKR5\CNDSY2HKR.exe [828416 2018-07-14] (7)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [YK3W6YL7YFAD6W6] => C:\Program Files\8N27S0A98J\8N27S0A98.exe [911360 2018-07-14] (TRW)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [6LZXILL34JYHYB4] => C:\Program Files\QEPFLZ9XKT\QEPFLZ9XK.exe [835072 2018-07-17] (MU)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [7456080] => C:\Users\fidrmucova\AppData\Roaming\5nug1mymk1a\s0f0qulztf1.exe [540888 2018-07-17] ( )
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [07S83RATFBJVAPH] => C:\Program Files\E5EYHMTIUX\9MMO4XVS4.exe [835072 2018-07-17] (MU)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [9525555] => C:\Users\fidrmucova\AppData\Roaming\sqhrq21jncq\flphnsru3no.exe [540888 2018-07-17] ( )
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [JBBJ1LS9FZ0QFZQ] => C:\Program Files\IG6NL377YR\CVNUD7XPT.exe [1098752 2018-07-18] (MGY)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [7920410] => C:\Users\fidrmucova\AppData\Roaming\l35rdrgjmdz\wssx1omyu2y.exe [792287 2018-07-18] (Lowest )
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [W783QEIDOTNC6KX] => C:\Program Files\RENYK9R2FV\KXTGB10SL.exe [749056 2018-07-18] (KUI5%ZSL)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [7006415] => C:\Users\fidrmucova\AppData\Roaming\oce3kvtyp2h\ovztsancrvh.exe [792287 2018-07-18] (Lowest )
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [77YLD09R57LXP5Z] => C:\Program Files\RCHGOFT8UH\RCHGOFT8U.exe [749056 2018-07-18] (KUI5%ZSL)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [723073] => C:\Users\fidrmucova\AppData\Roaming\fyckbmo1iml\h30fmhxoumk.exe [792287 2018-07-18] (Lowest )
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [X47GFNZKZGCNBHV] => C:\Program Files\ZOSLLM1N9S\ZOSLLM1N9.exe [834048 2018-08-25] (JGI01@7)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [4501065] => C:\Users\fidrmucova\AppData\Roaming\ixc2nw25ff0\mrc0iwvam3v.exe [496686 2018-08-25] (Hang )
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [QSPUZFR6VXPECPT] => C:\Program Files\K4K4F3L5CS\K4K4F3L5C.exe [846848 2018-08-25] (8DD4UWHV)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [8310293] => C:\Users\fidrmucova\AppData\Roaming\dvihzizgxvx\bvg11mj0c3u.exe [496686 2018-08-25] (Hang )
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [7A14295F67C1QGC] => C:\Program Files\ZXIBFS92HI\PBW5VRL4F.exe [829952 2018-08-25] (IEB)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [6179140] => C:\Users\fidrmucova\AppData\Roaming\so4yeel0sj3\zdgo4l41njz.exe [496686 2018-08-25] (Hang )
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [MMRTVPW1X3JCLQ2] => C:\Program Files\ZCKJPK90R6\6ZBRKBY37.exe [857600 2018-08-25] (BAGP)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [5848714] => C:\Users\fidrmucova\AppData\Roaming\21s22bo5mtj\kozh4kytzzz.exe [496686 2018-08-25] (Hang )
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [1913905] => C:\Users\fidrmucova\AppData\Roaming\ic1vdyhjwj1\panlp3sg4qe.exe [500538 2018-08-28] ( )
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [PPVFKLBTMPHQXYM] => C:\Program Files\RXJUAEX2EX\6CJASAZR4.exe [829952 2018-08-28] (7%G37%5A)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [16UG0A4DI8K7FBA] => C:\Program Files\RKBTXHCAHG\T2HMOPYD5.exe [921600 2018-08-28] (3PN2BC4)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [3546914] => C:\Users\fidrmucova\AppData\Roaming\izn20lis5s0\0kurt4hi2ev.exe [500538 2018-08-28] ( )
AppInit_DLLs: C:\ProgramData\Voyasollam\SailKix.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Hottone.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-08]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\fidrmucova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Primary output from Start (Active).lnk [2018-07-14]
ShortcutTarget: Shortcut to Primary output from Start (Active).lnk -> C:\Users\fidrmucova\AppData\Roaming\Microsoft\Installer\{05CF8E79-632C-4054-A009-82A729987D61}\_A45AEC26828A6190BC1BCB.exe ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{50e0a268-02f4-4367-926b-4ae6585d1361}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{dfae735e-3e64-4567-9493-d47b56b073fa}: [DhcpNameServer] 46.33.112.42 46.33.96.2

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://newtab.club
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1cx2_5azMH6_yp4osM7oe3hSfR9xLJzwALBwy8TuQcaK64T6fWTnNzSfB_WuaQ8LCvUssR5f0AOjoXfUZUz1wzeVsr5IPrhvwy7Ac_RMhmYzlR_-rFj-JeiOhiv4Za_4z865W0zFIAr0zkF9IBYsXPWOgruboUY&q={searchTerms}
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://newtab.club
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE04
SearchScopes: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001 -> {DDDB7A32-319B-436E-9345-93884AAE5040} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=Searchmodule_1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-25] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: YoutubeAdBlock -> {AA675BFD-19B8-4ADF-8052-F972A446A257} -> C:\Program Files (x86)\fqNcwRkZsIE\tkLqsDS.dll [2018-08-28] ()
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: YoutubeAdBlock -> {AA675BFD-19B8-4ADF-8052-F972A446A257} -> C:\Program Files (x86)\fqNcwRkZsIE\kQadVZ5j.dll [2018-08-28] ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-25] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2018-08-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2018-08-25] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://newtab.club/
CHR StartupUrls: Default -> "hxxps://newtab.club/"
CHR DefaultSearchURL: Default -> hxxp://search-cdn.net/?e=g&q={searchTerms}
CHR DefaultSearchKeyword: Default -> cdn
CHR DefaultSuggestURL: Default -> hxxps://www.google.ru/complete/search?client=ch ... earchTerms}
CHR Profile: C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default [2018-08-28]
CHR Extension: (Slides) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-25]
CHR Extension: (Docs) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-25]
CHR Extension: (Google Drive) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-25]
CHR Extension: (YouTube) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-25]
CHR Extension: (Google Slides Offline) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkbibfnelggjiagnbapfoodmhhnedfa [2018-08-28] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (Sheets) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-25]
CHR Extension: (Google Docs Offline) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25]
CHR Extension: (Gmail) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-25]

Opera:
=======
OPR Extension: (Google Slides Offline) - C:\Users\fidrmucova\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbioifkimlbfbeeelbkpkjhoelebkeoh [2018-08-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ActivControl; C:\Program Files\Activ Software\ActivDriver\activcontrolsvc.exe [18432 2017-06-13] (Promethean) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-26] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8853984 2018-08-09] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
S2 ellfService; C:\ProgramData\ellfService\ellfService.exe [947408 2018-07-14] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S3 NanoServicePackUpdate64; C:\Program Files\SystemNanoPacks\Nano Service Pack\BaseNanoServicePackUpdater.exe [602848 2018-08-24] (SystemNanoPacks)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 osubsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe [493384 2011-11-16] (Microsoft Corporation)
R2 Promethean ActivRelay; C:\Program Files\Activ Software\ActivRelay\activRelay.exe [1101824 2017-06-13] () [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-08] (Dritek System INC.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-26] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508056 2017-10-24] (Symantec Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-08] (Dritek System Inc.)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-26] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-26] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-26] (Microsoft Corporation)
S1 powzip; \SystemRoot\System32\drivers\powzip.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-28 21:43 - 2018-08-28 21:45 - 000026043 _____ C:\Users\fidrmucova\Desktop\FRST.txt
2018-08-28 21:43 - 2018-08-28 21:43 - 000000000 ____D C:\FRST
2018-08-28 21:42 - 2018-08-28 21:42 - 002413056 _____ (Farbar) C:\Users\fidrmucova\Desktop\FRST64.exe
2018-08-28 21:39 - 2018-08-28 21:39 - 000012222 _____ C:\Users\fidrmucova\Desktop\AdwCleaner[C00].txt
2018-08-28 21:39 - 2018-08-28 21:39 - 000003692 _____ C:\WINDOWS\System32\Tasks\OneSystemCare Task
2018-08-28 21:39 - 2018-08-28 21:39 - 000003448 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2018-08-28 21:39 - 2018-08-28 21:39 - 000003440 _____ C:\WINDOWS\System32\Tasks\One System Care Delayed
2018-08-28 21:39 - 2018-08-28 21:39 - 000002640 _____ C:\WINDOWS\System32\Tasks\yZiHCnIRlRiAMEG
2018-08-28 21:39 - 2018-08-28 21:39 - 000000320 _____ C:\WINDOWS\Tasks\yZiHCnIRlRiAMEG.job
2018-08-28 21:39 - 2018-08-28 21:39 - 000000000 ____D C:\Program Files (x86)\YDHJZflmU
2018-08-28 21:39 - 2018-08-28 21:39 - 000000000 ____D C:\Program Files (x86)\fqNcwRkZsIE
2018-08-28 21:39 - 2018-08-28 21:39 - 000000000 ____D C:\Program Files (x86)\DByTOvidzZUn
2018-08-28 21:38 - 2018-08-28 21:38 - 000001024 _____ C:\Users\fidrmucova\Desktop\Launch One System Care.lnk
2018-08-28 21:38 - 2018-08-28 21:38 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\One System Care
2018-08-28 21:38 - 2018-08-28 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2018-08-28 21:38 - 2018-08-28 21:38 - 000000000 ____D C:\ProgramData\f1223d26-924b-4f5b-8457-8cd296ae280d
2018-08-28 21:38 - 2018-08-28 21:38 - 000000000 ____D C:\ProgramData\033263c4-979d-4ee6-9fc8-d45499817fa8
2018-08-28 21:38 - 2018-08-28 21:38 - 000000000 ____D C:\Program Files (x86)\OneSystemCare
2018-08-28 21:37 - 2018-08-28 21:37 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\izn20lis5s0
2018-08-28 21:37 - 2018-08-28 21:37 - 000000000 ____D C:\Program Files\RKBTXHCAHG
2018-08-28 21:22 - 2018-08-28 21:22 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\ic1vdyhjwj1
2018-08-28 21:22 - 2018-08-28 21:22 - 000000000 ____D C:\Program Files\RXJUAEX2EX
2018-08-25 23:35 - 2018-08-25 23:38 - 000000000 ____D C:\Program Files\ZCKJPK90R6
2018-08-25 23:35 - 2018-08-25 23:36 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\21s22bo5mtj
2018-08-25 22:49 - 2018-08-25 22:50 - 000000000 ____D C:\Program Files\ZXIBFS92HI
2018-08-25 22:49 - 2018-08-25 22:49 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\so4yeel0sj3
2018-08-25 22:37 - 2018-08-25 22:37 - 007649280 _____ C:\Program Files (x86)\GUTC55F.tmp
2018-08-25 22:37 - 2018-08-25 22:37 - 000000000 ____D C:\Program Files (x86)\GUMC51F.tmp
2018-08-25 22:04 - 2018-08-25 22:05 - 000000000 ____D C:\Program Files\K4K4F3L5CS
2018-08-25 22:04 - 2018-08-25 22:04 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\dvihzizgxvx
2018-08-25 21:20 - 2018-08-25 21:20 - 000003968 _____ C:\WINDOWS\System32\Tasks\NanoPackUpdate_6.2.5
2018-08-25 21:20 - 2018-08-25 21:20 - 000003714 _____ C:\Program Files\Common Files\AppLoaderPM.xml
2018-08-25 21:20 - 2018-08-25 21:20 - 000000000 ____D C:\Program Files\SystemNanoPacks
2018-08-25 21:19 - 2018-08-25 21:19 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\SystemNanoPacks
2018-08-25 21:19 - 2018-08-25 21:19 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\ixc2nw25ff0
2018-08-25 21:19 - 2018-08-25 21:19 - 000000000 ____D C:\Program Files\ZOSLLM1N9S
2018-08-25 21:18 - 2018-08-28 21:29 - 000000000 ____D C:\AdwCleaner
2018-08-25 21:03 - 2018-08-25 21:06 - 007417040 _____ (Malwarebytes) C:\Users\fidrmucova\Downloads\adwcleaner_7.2.2.exe
2018-08-25 20:57 - 2018-08-25 20:57 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-08-25 20:57 - 2018-08-25 20:57 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-08-25 20:57 - 2018-08-25 20:57 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-25 20:57 - 2018-08-25 20:57 - 000002340 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-25 20:57 - 2018-08-25 20:57 - 000000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-25 20:57 - 2018-08-25 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-08-25 20:57 - 2018-08-25 20:57 - 000000000 ____D C:\Program Files\CCleaner
2018-08-25 20:55 - 2018-08-28 21:17 - 000000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-08-25 20:55 - 2018-08-28 21:17 - 000000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-08-25 20:55 - 2018-08-25 20:55 - 000004040 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-08-25 20:55 - 2018-08-25 20:55 - 000003808 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-08-25 20:54 - 2018-08-25 20:54 - 015989160 _____ (Piriform Ltd) C:\Users\fidrmucova\Downloads\ccsetup544.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-28 21:35 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-28 21:33 - 2018-07-11 11:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-28 21:32 - 2018-07-11 11:21 - 000000000 ____D C:\Users\fidrmucova
2018-08-28 21:32 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-28 21:31 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-28 21:30 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-28 21:29 - 2017-09-04 10:14 - 000000000 ____D C:\ProgramData\BSD
2018-08-28 21:27 - 2012-09-08 17:07 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-08-28 21:17 - 2018-07-11 11:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-25 23:44 - 2015-08-08 15:23 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\uTorrent
2018-08-25 23:11 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-25 22:41 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-25 22:34 - 2018-07-11 11:48 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F772F367-2432-42A1-99A5-6ECD42D2DACB}
2018-08-25 21:37 - 2018-07-10 14:46 - 000000000 ___DC C:\WINDOWS\Panther
2018-08-25 21:36 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-25 21:36 - 2014-01-20 15:46 - 000000000 ____D C:\Users\fidrmucova\AppData\Local\CrashDumps
2018-08-25 21:27 - 2018-07-11 12:13 - 000000000 ____D C:\Windows.old
2018-08-25 21:15 - 2018-07-14 02:26 - 000000270 __RSH C:\ProgramData\ntuser.pol
2018-08-25 21:13 - 2018-07-18 15:54 - 000000000 ____D C:\Program Files (x86)\szukwmZlgIE
2018-08-25 20:57 - 2013-01-22 22:52 - 000000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2018-08-25 22:37 - 2018-08-25 22:37 - 007649280 _____ () C:\Program Files (x86)\GUTC55F.tmp
2018-08-25 21:20 - 2018-08-25 21:20 - 000003714 _____ () C:\Program Files\Common Files\AppLoaderPM.xml
2018-07-21 10:12 - 2018-07-21 10:12 - 000001729 ____H () C:\Program Files\Common Files\service_pack.bat
2018-07-14 02:28 - 2018-07-14 02:28 - 007631872 _____ () C:\Users\fidrmucova\AppData\Local\agent.dat
2018-07-14 02:27 - 2018-07-14 02:27 - 000278510 _____ () C:\Users\fidrmucova\AppData\Local\Alphacof.bin
2018-07-14 02:28 - 2018-07-14 02:28 - 000070896 _____ () C:\Users\fidrmucova\AppData\Local\Config.xml
2018-07-14 02:25 - 2018-07-14 02:25 - 000140800 _____ () C:\Users\fidrmucova\AppData\Local\installer.dat
2018-07-14 02:28 - 2018-07-14 02:28 - 001988185 _____ () C:\Users\fidrmucova\AppData\Local\KayTech.tst
2018-07-14 02:28 - 2018-07-14 02:28 - 000005568 _____ () C:\Users\fidrmucova\AppData\Local\md.xml
2018-07-14 02:28 - 2018-07-14 02:28 - 000126464 _____ () C:\Users\fidrmucova\AppData\Local\noah.dat
2018-07-14 02:25 - 2018-07-14 02:29 - 000929792 _____ () C:\Users\fidrmucova\AppData\Local\sham.db
2018-07-14 02:29 - 2018-07-14 02:29 - 000032038 _____ () C:\Users\fidrmucova\AppData\Local\uninstall_temp.ico
2018-07-14 02:28 - 2018-07-14 02:28 - 001895383 _____ () C:\Users\fidrmucova\AppData\Local\VivaFan.bin

Some files in TEMP:
====================
2018-08-25 23:46 - 2018-08-25 23:47 - 002608128 _____ (Opera Software) C:\Users\fidrmucova\AppData\Local\Temp\Opera_installer_18082521462352312372.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-11 11:14

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by fidrmucova (28-08-2018 21:48:08)
Running from C:\Users\fidrmucova\Desktop
Windows 10 Home Version 1803 17134.165 (X64) (2018-07-11 09:50:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1675228566-3109809821-3512086675-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1675228566-3109809821-3512086675-503 - Limited - Disabled)
fidrmucova (S-1-5-21-1675228566-3109809821-3512086675-1001 - Administrator - Enabled) => C:\Users\fidrmucova
Guest (S-1-5-21-1675228566-3109809821-3512086675-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1675228566-3109809821-3512086675-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2002 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2003.6 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
ActivDriver (HKLM\...\{5A6DF759-5992-4809-8456-A6256CB40874}) (Version: 5.16.7.0 - Promethean Ltd) Hidden
ActivDriver (HKLM-x32\...\{edbf0bd6-6823-4e8a-8562-bec8b84528a5}) (Version: 5.16.7.0 - Promethean Ltd)
Active WebCam (HKLM-x32\...\Active WebCam) (Version: - )
ActivInspire Core Resources (CZE) v1 (HKLM-x32\...\{A8F3E8B6-D34A-4FB1-BF02-3211F24599C5}) (Version: 1.5.2 - Promethean)
ActivInspire Help (CZE) v1 (HKLM-x32\...\{915770D3-B34B-4135-9B36-1CA6CC45F316}) (Version: 1.5.2 - Promethean)
ActivInspire HWR Resources (CZE) v1 (HKLM-x32\...\{60104019-8CEF-440A-88B3-737F48ECF6FD}) (Version: 1.5.2 - Promethean)
ActivInspire v1 (HKLM-x32\...\{FAC83A5C-8BC9-4EE0-A27E-4CC684B1EDF5}) (Version: 1.5.34144 - Promethean)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
B&L Angličtina pro děti - školní verze (HKLM-x32\...\B&L Angličtina pro děti - školní verze) (Version: - )
B&L Angličtina pro nejmenší (instalace na disk) (HKLM-x32\...\B&L Angličtina pro nejmenší (instalace na disk)) (Version: - )
Backup Manager v4 (HKLM-x32\...\{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation) Hidden
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
clear.fi SDK - Video 2 (HKLM-x32\...\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}) (Version: 2.1.1910 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (HKLM-x32\...\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}) (Version: 2.1.1910 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Český jazyk 6 (instalace na disk) (HKLM-x32\...\Český jazyk 6 (instalace na disk)) (Version: - )
Český jazyk, pravopis hrou (HKLM-x32\...\Český jazyk, pravopis hrou) (Version: - )
ČŠI testování (HKLM-x32\...\{3FE6C185-44D9-4F19-B32B-13436B712354}) (Version: 4.4.2 - ČŠI - itelligence, a.s.)
Dětský koutek 5 (minimální instalace) (HKLM-x32\...\Dětský koutek 5 (minimální instalace)) (Version: - )
Dětský koutek 5 (plná instalace) (HKLM-x32\...\Dětský koutek 5 (plná instalace)) (Version: - )
Didakta - Angličtina 1 (HKLM-x32\...\Didakta - Angličtina 1_is1) (Version: - )
Dropbox (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Dyslexie II verze 1.0 (HKLM-x32\...\{112F5372-0A25-4F98-843D-45490E5A8021}_is1) (Version: 1.0 - Eurodidact)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
ESET Endpoint Antivirus (HKLM\...\{0165402B-C509-49BA-ACC1-2EDB9BB3C493}) (Version: 6.1.2222.1 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
KOUZELNÁ MATEMATIKA (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\KOUZELNÁ MATEMATIKA) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8103 - Acer Incorporated)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.10325.20118 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSSUB) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Online Services Logonassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MyWinLocker (HKLM\...\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}) (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (HKLM-x32\...\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}) (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
Nano Service Pack (HKLM\...\{698AC878-6359-4253-A72A-64A2DE9AB864}) (Version: 6.2.5 - SystemNanoPacks) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NativeDesktopMediaService (HKLM\...\{74182FA1-3662-46EA-97AE-AF304171584C}) (Version: 2.3.0 - Jetmedia) <==== ATTENTION
NTI Media Maker 9 (HKLM-x32\...\{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
One System Care (HKLM-x32\...\OneSystemCare_is1) (Version: 4.4.0.3 - One System Care) <==== ATTENTION
Opera Stable 54.0.2952.54 (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Opera 54.0.2952.54) (Version: 54.0.2952.54 - Opera Software)
Poznáváme minulost 1 - PRAVĚK (doporučená instalace) (HKLM-x32\...\Poznáváme minulost 1 - PRAVĚK (doporučená instalace)) (Version: - )
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Roblox Player for fidrmucova (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
Roblox Studio for fidrmucova (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
SafeFinder (HKLM-x32\...\{D8653BE3-D769-49AD-A55D-3D730E5C876D}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-011D-0000-0000-0000000FF1CE}_Office14.PROPLUSSUB_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
STORMWARE PDF Printer 10.1.0.1871 (HKLM\...\STORMWARE PDF Printer_is1) (Version: 10.1.0.1871 - STORMWARE)
STORMWARE POHODA Start CZ (HKLM-x32\...\{C7F86EE3-34D4-4195-82F2-2412218CF67E}) (Version: 10600.130 - STORMWARE)
TS Angličtina 1 (plná instalace) (HKLM-x32\...\TS Angličtina 1 (plná instalace)) (Version: - )
TS Angličtina hrou 1 (doporučená instalace) (HKLM-x32\...\TS Angličtina hrou 1 (doporučená instalace)) (Version: - )
TS Angličtina hrou 2 (doporučená instalace) (HKLM-x32\...\TS Angličtina hrou 2 (doporučená instalace)) (Version: - )
TS Český jazyk - Vyjmenovaná slova (instalace na disk) (HKLM-x32\...\TS Český jazyk - Vyjmenovaná slova (instalace na disk)) (Version: - )
TS Český jazyk hrou 1 (instalace na disk) (HKLM-x32\...\TS Český jazyk hrou 1 (instalace na disk)) (Version: - )
TS Diktáty (plná instalace) (HKLM-x32\...\TS Diktáty (plná instalace)) (Version: - )
TS Matematika 1 - Logické úkoly (doporučená instalace) (HKLM-x32\...\TS Matematika 1 - Logické úkoly (doporučená instalace)) (Version: - )
TS Přírodověda 1 (instalace na disk) (HKLM-x32\...\TS Přírodověda 1 (instalace na disk)) (Version: - )
TS Přírodověda 2 (instalace na disk) (HKLM-x32\...\TS Přírodověda 2 (instalace na disk)) (Version: - )
TS Přírodověda 3 (instalace na disk) (HKLM-x32\...\TS Přírodověda 3 (instalace na disk)) (Version: - )
TS Přírodověda 4 (instalace na disk) (HKLM-x32\...\TS Přírodověda 4 (instalace na disk)) (Version: - )
TS Přírodověda 5 (instalace na disk) (HKLM-x32\...\TS Přírodověda 5 (instalace na disk)) (Version: - )
TS Přírodověda 6 (instalace na disk) (HKLM-x32\...\TS Přírodověda 6 (instalace na disk)) (Version: - )
TS Slovní úlohy a matematické hry 2 (instalace na disk) (HKLM-x32\...\TS Slovní úlohy a matematické hry 2 (instalace na disk)) (Version: - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WhiteClick (HKLM-x32\...\{05CF8E79-632C-4054-A009-82A729987D61}) (Version: 1.0.6 - Digital LLC)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
YoutubeAdBlock (HKLM-x32\...\1655C0CA-7AE7-4012-8502-970C8675E5F8) (Version: 2.0.0.609 - Company Inc.) <==== ATTENTION
Živá Abeceda verze 2.25 (HKLM-x32\...\{6AD23362-5DEF-4CCB-AC07-DC2D8A355C72}_is1) (Version: 2.25 - Nakladatelství Nová Škola)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MWLIVShellExt] -> {B1B294FE-EC1E-4fef-AF68-D34CE3E38157} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll [2012-07-12] (Egis Technology Inc. )
ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2011-03-29] (Egis Technology Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers1_S-1-5-21-1675228566-3109809821-3512086675-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1675228566-3109809821-3512086675-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1675228566-3109809821-3512086675-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014FD00A-7C46-4DC0-A845-03B92E74E80D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {0703A3FA-CAA0-41AA-86E7-10D9327F5DAD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1ABB8CAF-713E-48DE-8B70-EFC33C8BB1A3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {1B96AEDC-7B24-4043-89CA-9D7D43E2F169} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {1C614661-B9DD-4F21-857F-B9026AF9EC0A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-25] (Microsoft Corporation)
Task: {1CE9DFD6-A0EB-4C37-B8CC-ECF3617D16AD} - System32\Tasks\EqpFSOLlowVuQ2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\qddGHEDCBPKSMPVB\GhKoRMO.wsf"
Task: {1DE41006-56FA-420E-B4F0-7C70AC8884F8} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {2B13905F-E747-47F0-B735-1782A7C9C82A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36717364-2D18-43C8-BD27-0D1867ED58D7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {40871C02-4146-4BDA-8854-F0C1D6A62DA6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-09] (Microsoft Corporation)
Task: {40FED36B-3EA3-4A54-98C9-C1FFD5BFBCE1} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2018-07-31] () <==== ATTENTION
Task: {49C4D410-494E-4A73-B318-478783B32AF2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4A6AD514-5555-47A5-AED2-F493F7C5CEA6} - System32\Tasks\One System Care Delayed => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2018-07-26] () <==== ATTENTION
Task: {52199AD5-D156-4740-8C0B-8AA31036DB24} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-08-25] (Microsoft Corporation)
Task: {5228967F-65E5-46E1-AC5A-0C204E797496} - System32\Tasks\Chameleon Folder-fidrmucova => "C:\Program Files (x86)\Chameleon Explorer\ChameleonFolder.exe"
Task: {5C4C6CC2-17E6-466E-96E5-4982C84EB5FA} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2017-03-15] ()
Task: {5C9D6325-26AC-427F-B62C-D1EDBCF00CFC} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-08-25] (Microsoft Corporation)
Task: {622310B5-58CA-4E64-87C9-3DB781297A92} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {638FF7E9-AA46-4EE6-8FFA-B99600332EC5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6AF75FE6-FF63-4BB6-A66C-7B0077D87EF0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6F75A5BF-DD75-4067-BE82-668C3A7A7AD6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {722A9927-EB5D-47E5-A4E3-797E0FC621DE} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2017-10-02] (Acer)
Task: {84E18237-FC7D-4829-9140-38AD29E52603} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-09-26] (Acer Incorporated)
Task: {8A4824F7-FDD3-4966-9AB3-A8A0893C0A95} - System32\Tasks\Opera scheduled Autoupdate 1531925403 => C:\Users\fidrmucova\AppData\Local\Programs\Opera\launcher.exe [2018-07-11] (Opera Software)
Task: {8B888213-57C6-4F1F-A06B-749C698FBF26} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9567E296-54AE-48CD-B792-6575F46A8B20} - System32\Tasks\OneSystemCare Task => C:\ProgramData\f1223d26-924b-4f5b-8457-8cd296ae280d\SystemConsole.exe [2018-07-31] () <==== ATTENTION
Task: {98CEFDC9-4187-453C-A3B4-C49FB9152592} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {9BDDD0D5-A761-4A4D-BB43-AD543897B33D} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2017-09-28] ()
Task: {9EC41D81-DA7D-48D4-A474-67FB64845619} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-25] (Microsoft Corporation)
Task: {A0ECA155-F193-43FC-9211-AEBA765F139D} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2017-03-15] ()
Task: {A52AEF31-EBFC-4299-AAFA-26AB16442A81} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A79C36F5-A854-459A-87BD-D62083DA5B91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-25] (Google Inc.)
Task: {B12E4960-E4B4-499F-8C50-69633FC680B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B36714BF-802F-4A13-8702-14DC33236DFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {B612FA16-ED60-40CB-A427-7FC1FFC2E37A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {B6CAB085-D00A-44D3-960E-ADC9FB68BD87} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {B89A9C3E-6E55-4427-88F6-EA04323FDEE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {BB2BF8A7-DE46-4CC2-A908-4DE60FA24739} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BCA594BE-5016-4CE9-A49B-28AB4CB61F70} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-09] (Microsoft Corporation)
Task: {CBB062D9-B2CE-4F0B-A01A-A1738D367D7C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {CE7BD5CD-0A01-46C7-910C-15ADAC7AF73F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-08-25] (Microsoft Corporation)
Task: {D28B3FB0-9A14-470B-8612-73CCB82C945E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {DA11A7E4-857C-4E1A-98E5-C48FDCB1D1BB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DB52C38A-7BED-4C11-8C09-4DA13108FB1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {E26CE8E8-4268-462C-8EEA-5286E1474D53} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E364E47D-0815-45AF-B02D-E418CB99A839} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {E462E2C5-4701-40BF-8EDE-0946F1D19A98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-25] (Google Inc.)
Task: {E9F03280-C635-4462-BE5D-BF5A29BAE859} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {EBD0B68A-EB7C-4320-A6DA-064AB9614F6E} - System32\Tasks\NanoPackUpdate_6.2.5 => C:\Program Files\SystemNanoPacks\Nano Service Pack\BaseNanoServicePackUpdater.exe [2018-08-24] (SystemNanoPacks)
Task: {EE4879AB-04B1-43AF-8265-6560E71976E9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {EF2B5922-88D4-4840-947A-2737F00499AB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-08-25] (Microsoft Corporation)
Task: {F0F935F1-7BC0-45CA-A13E-B3B7D81836B4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F2125EC2-4FEC-49D5-87B7-E096A95D47A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {F2A753F9-0584-4E09-85B8-DFAFF41F3E97} - System32\Tasks\yZiHCnIRlRiAMEG => rundll32 "C:\Program Files (x86)\YDHJZflmU\sSkAix.dll",#1
Task: {F83191E3-E913-4DC2-BE22-C614E7BF5FB0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\yZiHCnIRlRiAMEG.job => C:\Program Files (x86)\YDHJZflmU\sSkAix.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\fidrmucova\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com

ShortcutWithArgument: C:\Users\fidrmucova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1366,768

==================== Loaded Modules (Whitelisted) ==============

2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-06-13 15:25 - 2017-06-13 15:25 - 001101824 _____ () C:\Program Files\Activ Software\ActivRelay\activRelay.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\office.odf
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2012-06-22 03:12 - 2012-06-22 03:12 - 001407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2018-07-13 19:47 - 2018-07-06 08:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-14 02:24 - 2018-07-13 02:29 - 000670720 _____ () C:\Program Files (x86)\Artal\5042487.exe
2018-07-17 14:40 - 2018-07-17 14:41 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 14:40 - 2018-07-17 14:41 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 14:40 - 2018-07-17 14:41 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 14:40 - 2018-07-17 14:41 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 14:40 - 2018-07-17 14:41 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-28 18:21 - 2017-09-28 18:21 - 001769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2017-09-28 18:21 - 2017-09-28 18:21 - 000091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2018-08-28 21:36 - 2018-08-28 21:36 - 000714752 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-14VI3.tmp\flphnsru3no.tmp
2018-08-28 21:36 - 2018-08-28 21:36 - 000714752 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-6LHJ8.tmp\s0f0qulztf1.tmp
2018-08-28 21:36 - 2018-08-28 21:36 - 000912384 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-6G9SQ.tmp\ovztsancrvh.tmp
2018-08-28 21:37 - 2018-08-28 21:37 - 000912384 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-NVJQ3.tmp\h30fmhxoumk.tmp
2018-08-28 21:37 - 2018-08-28 21:37 - 000715776 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-5OE6I.tmp\mrc0iwvam3v.tmp
2018-08-28 21:37 - 2018-08-28 21:37 - 000715776 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-QM1SU.tmp\bvg11mj0c3u.tmp
2018-08-28 21:37 - 2018-08-28 21:37 - 000715776 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-FN6B1.tmp\zdgo4l41njz.tmp
2018-08-28 21:37 - 2018-08-28 21:37 - 000715776 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-UPPO2.tmp\kozh4kytzzz.tmp
2018-07-18 16:49 - 2018-07-11 07:28 - 102649432 _____ () C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera_browser.dll
2018-07-18 16:49 - 2018-07-11 07:28 - 004613208 _____ () C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\libglesv2.dll
2018-07-18 16:49 - 2018-07-11 07:28 - 000100440 _____ () C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\libegl.dll
2018-08-28 21:37 - 2018-08-28 21:37 - 000718848 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-GM75R.tmp\panlp3sg4qe.tmp
2018-08-28 21:37 - 2018-08-28 21:37 - 000718848 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-8N7LN.tmp\0kurt4hi2ev.tmp
2018-08-28 21:35 - 2018-08-28 21:35 - 003824385 _____ () C:\WINDOWS\Temp\JZkOEbITvPfCrZRe\IftgWgCbV.exe
2012-08-23 08:26 - 2012-08-23 08:26 - 000465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 000125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 000118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 000155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 000052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 001081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 000727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2017-06-13 15:25 - 2017-06-13 15:25 - 000045568 _____ () C:\Program Files\Activ Software\ActivRelay\QtServices.dll
2017-06-13 15:25 - 2017-06-13 15:25 - 000920576 _____ () C:\Program Files\Activ Software\ActivRelay\activsystem2.dll
2017-06-13 15:23 - 2017-06-13 15:23 - 000318976 _____ () C:\Program Files\Activ Software\ActivRelay\classflowclient.dll
2015-01-28 16:50 - 2015-01-28 16:50 - 000107520 _____ () C:\Program Files\Activ Software\ActivRelay\zlib1.dll
2017-06-13 15:27 - 2017-06-13 15:27 - 000249856 _____ () C:\WINDOWS\libactivboardex.dll
2017-09-22 16:17 - 2017-09-22 16:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2017-09-22 16:14 - 2017-09-22 16:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2017-09-22 16:17 - 2017-09-22 16:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2017-09-22 16:16 - 2017-09-22 16:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2018-07-11 11:23 - 2018-07-11 11:23 - 000015136 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-09-26 13:35 - 2017-09-26 13:35 - 000013088 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-09-26 13:34 - 2017-09-26 13:34 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2017-10-02 15:56 - 2017-10-02 15:56 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2017-10-02 15:56 - 2017-10-02 15:56 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2017-09-28 18:21 - 2017-09-28 18:21 - 000277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2018-08-28 21:36 - 2018-08-28 21:36 - 000024240 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-K0PNP.tmp\_isetup\_isdecmp.dll
2018-08-28 21:36 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-K0PNP.tmp\itdownload.dll
2018-08-28 21:36 - 2018-08-28 21:36 - 000024240 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-B78E9.tmp\_isetup\_isdecmp.dll
2018-08-28 21:36 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-B78E9.tmp\itdownload.dll
2018-08-28 21:36 - 2018-08-28 21:36 - 000024240 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-B78E8.tmp\_isetup\_isdecmp.dll
2018-08-28 21:36 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-B78E8.tmp\itdownload.dll
2018-08-28 21:37 - 2018-08-28 21:37 - 000024240 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-9DEMN.tmp\_isetup\_isdecmp.dll
2018-08-28 21:37 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-9DEMN.tmp\itdownload.dll
2018-08-28 21:37 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-5ARUK.tmp\itdownload.dll
2018-08-28 21:37 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-MOVK4.tmp\itdownload.dll
2018-08-28 21:37 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-PCSDL.tmp\itdownload.dll
2018-08-28 21:37 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-HLB4T.tmp\itdownload.dll
2018-08-28 21:37 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-D44MT.tmp\itdownload.dll
2018-08-28 21:37 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\fidrmucova\AppData\Local\Temp\is-4UDKV.tmp\itdownload.dll
2012-09-08 16:48 - 2012-06-25 19:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\fidrmucova\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "ActivManager"
HKLM\...\StartupApproved\Run: => "ActivRelayKA"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "BakupManagerTray"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\StartupFolder: => "Shortcut to Primary output from Start (Active).lnk"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "IHRWCHPRGTZWKWW"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "T60R8H16MY4QYJO"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "AcerPortal"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "7920410"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "JBBJ1LS9FZ0QFZQ"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "07S83RATFBJVAPH"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "6LZXILL34JYHYB4"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "abDocsDllLoader"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "World of Warships"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "WHC9WTQ779XAD8Y"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "YK3W6YL7YFAD6W6"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9621FDAD-C545-47DD-A334-9905968C100D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5C9C128A-FB3A-4DA0-A3F2-FC6F8527E502}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EA89E0A1-A02F-492D-BE13-C9F627B2CB19}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5502F9F3-458F-4669-AC17-ABF6EFB7ED68}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{9B45EBAA-70BF-4447-80B3-A04CD8A4DCFB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{20870211-3D43-45C5-9687-FFE25D6D9E65}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{DB8E758E-072D-41AE-A765-9B396702BAED}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3E051742-1161-43F0-91AC-C1648DF97680}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{34468BDB-C851-4915-B362-889C98AAE62D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{9D3A7C34-48F1-4DFB-9087-B9B2BB23A03E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{8FE62C7F-63ED-445F-8BF4-28F050BFCA96}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{2EC4A8E5-207F-4EC1-9D31-6DB0E018AB99}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{4E25FB68-8315-419A-8C8F-40F6A5FFB16E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{D971CCCB-0A96-4178-9A43-049879A1E841}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{F5377687-F387-4E77-8AD5-0DA395239578}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{2A67F02C-B64D-4827-A2D7-B44A31EB9BD6}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{154D5966-F663-453C-BED9-1A28E045DD2E}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{3FD46260-14B0-4D4D-8DF1-F65CD4825160}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{9CCD9620-212D-4686-8E54-63AF14927465}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{B83F2E07-A31B-4407-88DA-195E469AF702}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{F370B067-6430-4D0D-8AC8-4F4DC06FA168}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{302A503B-5D3E-4CF5-AD94-1FF4FACC3D04}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{35A75A2E-562E-4FAC-AF13-0704131A8FE6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E5F142BA-3598-4DA3-A973-6AC4A68DCF44}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B12D70AA-1D9B-4C16-BC99-2D5ABDA07D67}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{33BFAAC8-E4F6-4B7D-95E0-D24A9EB02D93}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{CD6BAE9A-BB9D-41A4-B759-D4BB784D05DA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{035E2953-3996-4117-A0DA-E74640F96627}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{C29D9FC1-058C-4805-940E-636A23110DFA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{CBE05461-C17A-4885-9A6C-42414921237D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{02BC8712-07AA-4213-AAB9-D157C0730544}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [UDP Query User{D04B13D2-C1F0-4172-9FCF-11E720CE000E}C:\users\fidrmucova\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\fidrmucova\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{1D435E75-6ADD-457C-AC09-0D38032696A8}C:\users\fidrmucova\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\fidrmucova\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{686F6810-3EE6-4DE8-A966-3824652A6A7D}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{4D211644-52DE-4B61-99A1-6263E6D00570}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{E82CAC18-872F-42EB-8783-E55F1BB9DB71}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{C566453B-61A6-458F-B64F-C4202DA4DDB1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{DC82C64F-0F17-4BC5-8290-B65D5338B358}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{02C1D091-42B2-4D0D-89E5-438FFC24A9D2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{4759DD16-AB61-407A-BF5E-D19A03361E3A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{CA823D61-D858-4415-B6F8-6FE8106DBB3A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{0DF66841-C566-4CEF-80EE-9467C0D6DF47}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{091FE955-2135-46ED-8730-89C5D6315071}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{C43A6F56-6C90-4A65-8FFF-278AFC7A3834}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{D9D93068-CE4A-4A1E-BF79-FEA1E285E628}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{58839B70-D5C3-4624-9B75-705FB9F6490D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{B2341F9E-0B25-40FB-88F5-D6EFFC019CA8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{6DFCCA07-3752-40EB-9A27-D3B59A00D7F2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9BD497CA-5EC0-4069-87EC-5CED7438C6F7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{E2A83288-96DE-4471-9B2C-3168645C6537}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{85A2A8F4-0671-4710-9B7F-F3BDA1B2B02E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7E9DB892-2C32-4F40-B7E0-B772C21B4940}] => (Allow) C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{93BC8C2E-3145-4A56-B9F3-7170821570DF}] => (Allow) C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FC08FA20-6AE4-4492-8B25-A7D35568DB48}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F277318E-BAF6-468C-9F58-6D6957EEEFB8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1D69815-38A4-4021-A724-5B716B3D605B}] => (Allow) C:\WINDOWS\SysWOW64\TCPSVCS.EXE
FirewallRules: [{FB4B5DB8-4A65-48FE-BCA4-F5F445974D3C}] => (Allow) C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe
FirewallRules: [{1FF6937F-5882-4EDC-9BD1-2EC50383E252}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{082CFB82-EDED-4A1C-A3C0-E7E4CDAF9D46}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{057F6A25-165A-479B-91B9-ECD4DBF3BFCE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{6E9024B1-1427-4F4E-86AE-282391030E3A}] => (Allow) C:\Program Files\SystemNanoPacks\Nano Service Pack\nsrv.exe
FirewallRules: [{74EA8AAD-69DE-4393-9B7B-1BD8023A8959}] => (Allow) C:\Program Files\SystemNanoPacks\Nano Service Pack\BaseNanoServicePackUpdater.exe

==================== Restore Points =========================

13-07-2018 19:42:56 Windows Update
18-07-2018 15:13:24 Removed NativeDesktopMediaService

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2018 09:41:17 PM) (Source: OSA) (EventID: 1) (User: )
Description: Funkce Publisher:GetTicket se nezdařila. Chyba: 0x1

Error: (08/28/2018 09:24:21 PM) (Source: OSA) (EventID: 1) (User: )
Description: Funkce Publisher:GetTicket se nezdařila. Chyba: 0x1

Error: (08/28/2018 09:19:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 768: ERROR: read_msg errno 10054 (Stávající připojení bylo vynuceně ukončeno vzdáleným hostitelem.)

Error: (08/25/2018 11:46:53 PM) (Source: Wlclntfy) (EventID: 4005) (User: )
Description: Proces přihlášení do systému Windows byl neočekávaně ukončen.

Error: (08/25/2018 10:34:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: nsrv.exe, verze: 0.0.0.0, časové razítko: 0x5b796238
Název chybujícího modulu: nsrv.exe, verze: 0.0.0.0, časové razítko: 0x5b796238
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000004ca00
ID chybujícího procesu: 0x1308
Čas spuštění chybující aplikace: 0x01d43cb10ff3325d
Cesta k chybující aplikaci: C:\Program Files\SystemNanoPacks\Nano Service Pack\nsrv.exe
Cesta k chybujícímu modulu: C:\Program Files\SystemNanoPacks\Nano Service Pack\nsrv.exe
ID zprávy: cccf7149-41b5-471c-82d1-d9d301e96756
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (08/25/2018 09:32:12 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (600,R,98) WebCacheLocal: Při otevírání souboru protokolu C:\Users\fidrmucova\AppData\Local\Microsoft\Windows\WebCache\V01.log došlo k chybě -1032 (0xfffffbf8).

Error: (08/25/2018 09:32:12 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (600,R,98) WebCacheLocal: Pokus o otevření souboru C:\Users\fidrmucova\AppData\Local\Microsoft\Windows\WebCache\V01.log pro čtení nebo zápis selhal. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru selže a dojde k chybě -1032 (0xfffffbf8).

Error: (08/25/2018 09:31:53 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (600,R,98) WebCacheLocal: Při otevírání souboru protokolu C:\Users\fidrmucova\AppData\Local\Microsoft\Windows\WebCache\V01.log došlo k chybě -1032 (0xfffffbf8).


System errors:
=============
Error: (08/28/2018 09:38:31 PM) (Source: DCOM) (EventID: 10016) (User: druhatrida)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli druhatrida\fidrmucova (SID: S-1-5-21-1675228566-3109809821-3512086675-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/28/2018 09:38:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

Error: (08/28/2018 09:37:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/28/2018 09:37:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/28/2018 09:37:59 PM) (Source: DCOM) (EventID: 10016) (User: druhatrida)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli druhatrida\fidrmucova (SID: S-1-5-21-1675228566-3109809821-3512086675-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/28/2018 09:37:38 PM) (Source: DCOM) (EventID: 10016) (User: druhatrida)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli druhatrida\fidrmucova (SID: S-1-5-21-1675228566-3109809821-3512086675-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/28/2018 09:34:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/28/2018 09:34:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba ellfService neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


Windows Defender:
===================================
Date: 2018-08-28 21:41:56.291
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\FIDRMU~1\AppData\Local\Temp\is-DUS83.tmp\zrgvbv.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: druhatrida\fidrmucova
Název procesu: C:\Users\FIDRMU~1\AppData\Local\Temp\is-KL800.tmp\data.tmp
Verze podpisu: AV: 1.271.1178.0, AS: 1.271.1178.0, NIS: 1.271.1178.0
Verze modulu: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-08-28 21:38:28.977
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\FIDRMU~1\AppData\Local\Temp\is-DUS83.tmp\zrgvbv.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: druhatrida\fidrmucova
Název procesu: C:\Users\FIDRMU~1\AppData\Local\Temp\is-KL800.tmp\data.tmp
Verze podpisu: AV: 1.271.1178.0, AS: 1.271.1178.0, NIS: 1.271.1178.0
Verze modulu: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-08-28 21:38:01.826
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\fidrmucova\AppData\Local\Temp\is-8EP23.tmp\zrgvbv.dll;file:_C:\Users\FIDRMU~1\AppData\Local\Temp\is-8EP23.tmp\zrgvbv.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: druhatrida\fidrmucova
Název procesu: C:\Users\FIDRMU~1\AppData\Local\Temp\is-62A1F.tmp\FastDataX.tmp
Verze podpisu: AV: 1.271.1178.0, AS: 1.271.1178.0, NIS: 1.271.1178.0
Verze modulu: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-08-28 21:37:47.596
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\FIDRMU~1\AppData\Local\Temp\is-8EP23.tmp\zrgvbv.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: druhatrida\fidrmucova
Název procesu: C:\Users\FIDRMU~1\AppData\Local\Temp\is-62A1F.tmp\FastDataX.tmp
Verze podpisu: AV: 1.271.1178.0, AS: 1.271.1178.0, NIS: 1.271.1178.0
Verze modulu: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-08-25 22:44:16.153
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:HTML/Brocoiner!rfn
ID: 2147724297
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\fidrmucova\AppData\Local\Opera Software\Opera Stable\Cache\f_000321
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: druhatrida\fidrmucova
Název procesu: C:\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera.exe
Verze podpisu: AV: 1.271.1178.0, AS: 1.271.1178.0, NIS: 1.271.1178.0
Verze modulu: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-08-28 21:43:29.397
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.271.1178.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15000.2
Kód chyby: 0x80240022
Popis chyby :V daném programu nelze zkontrolovat aktualizace definic.

Date: 2018-08-28 21:43:29.392
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.271.1178.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15000.2
Kód chyby: 0x80240022
Popis chyby :V daném programu nelze zkontrolovat aktualizace definic.

Date: 2018-08-28 21:23:31.169
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.271.1178.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15000.2
Kód chyby: 0x80080005
Popis chyby :Provádění serveru selhalo

Date: 2018-08-25 20:46:20.279
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.271.1178.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15000.2
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2018-08-25 20:46:20.279
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.271.1178.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15000.2
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2018-07-18 16:12:27.870
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 16:12:27.863
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 16:12:27.854
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 16:12:27.839
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 16:12:27.587
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 16:12:27.495
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 16:12:27.408
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-17 16:11:57.915
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 68%
Total physical RAM: 3909.28 MB
Available physical RAM: 1236.14 MB
Total Virtual: 5381.28 MB
Available Virtual: 1899.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:678.38 GB) (Free:555.15 GB) NTFS

\\?\Volume{7b5bc0ce-38d5-46ac-af58-fe004b81229a}\ (Recovery) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFS
\\?\Volume{6265e184-58be-4b97-bac6-af3b694bcd35}\ () (Fixed) (Total:0.81 GB) (Free:0.34 GB) NTFS
\\?\Volume{cbded148-1ab8-4c7e-a924-43dd8fb11fec}\ (Push Button Reset) (Fixed) (Total:18.64 GB) (Free:2.29 GB) NTFS
\\?\Volume{a9ab955c-b93b-4531-b897-89c791f545d5}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 010F989E)

Partition: GPT.

==================== End of Addition.txt ============================

[sLim01]

Delal jsem jeste scan a cisteni v AdwCleaner. Prikladam log:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-24.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-28-2018
# Duration: 00:02:23
# OS: Windows 10 Home
# Cleaned: 146
# Failed: 0


***** [ Services ] *****

Deleted CRMSvc
Deleted NativeDesktopMediaService
Deleted Nettrans
Deleted backlh
Deleted BackupStack
Deleted Voyasollam
Deleted MicroService

***** [ Folders ] *****

Deleted C:\Users\fidrmucova\AppData\Local\XService
Deleted C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc
Deleted C:\Users\fidrmucova\AppData\Roaming\CRMSvc
Deleted C:\ProgramData\Logic Cramble
Deleted C:\Program Files (x86)\ggyoEsstymMAtvJtmyR
Deleted C:\Program Files (x86)\yaolwXGxxrAU2
Deleted C:\Program Files (x86)\CJkSCRmZU
Deleted C:\Program Files (x86)\zfLNassuzpDxC
Deleted C:\ProgramData\Voyasollam
Deleted C:\ProgramData\C8EC222C-7F35-1
Deleted C:\ProgramData\C8EC222C-4115-0
Deleted C:\ProgramData\915EB6DE-7473-1
Deleted C:\ProgramData\915EB6DE-7045-0
Deleted C:\Windows\Installer\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}
Deleted C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}
Deleted C:\Program Files (x86)\FastDataX
Deleted C:\ProgramData\Jetmedia
Deleted C:\Users\fidrmucova\AppData\Roaming\Jetmedia
Deleted C:\ProgramData\torchcrashhandler
Deleted C:\Users\fidrmucova\AppData\Local\torch
Deleted C:\Program Files (x86)\MyPC Backup
Deleted C:\Users\fidrmucova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Deleted C:\ProgramData\PrefsSecure
Deleted C:\ProgramData\Solvusoft
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
Deleted C:\Program Files (x86)\Solvusoft
Deleted C:\Users\fidrmucova\AppData\Roaming\Solvusoft
Deleted C:\ProgramData\BSD\DriverHive
Deleted C:\Users\fidrmucova\AppData\Local\WhiteClick

***** [ Files ] *****

Deleted C:\Users\fidrmucova\appdata\local\installationconfiguration.xml
Deleted C:\Users\fidrmucova\Desktop\Youtube.lnk
Deleted C:\Users\fidrmucova\AppData\Local\Main.dat
Deleted C:\Windows\System32\drivers\powzip.sys
Deleted C:\Users\fidrmucova\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
Deleted C:\Users\fidrmucova\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
Deleted C:\Users\fidrmucova\Desktop\Torch.lnk
Deleted C:\Windows\SysWOW64\findit.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\dqUvxAMLDajqkAKky2
Deleted C:\Windows\System32\Tasks\MgpeKOGXlCeKqpkYxSV2
Deleted C:\Windows\System32\Tasks\PPejCupzujabRKM2
Deleted C:\Windows\System32\Tasks\heCowIfQqSuzYJ
Deleted C:\Windows\Tasks\BKUEKBOGERHRQCCSBTG.JOB
Deleted C:\Windows\System32\Tasks\BKUEKBOGERHRQCCSBTG
Deleted C:\Windows\System32\Tasks\snp
Deleted C:\Windows\System32\Tasks\LaunchSignup
Deleted C:\Windows\System32\Tasks\AppLoaderPM

***** [ Registry ] *****

Deleted HKLM\Software\CRMSvc
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOYASOLLAM.EXE
Deleted HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOYASOLLAM.EXE
Deleted HKLM\Software\Wow6432Node\mtVoyasollam
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F3FB05E-A29F-470C-B587-9AB07C98A92F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dqUvxAMLDajqkAKky2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64C704B1-FA2F-4DEF-B9D3-E4A925F4A857}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MgpeKOGXlCeKqpkYxSV2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4E03EAF-1507-4607-814C-AD5378848941}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPejCupzujabRKM2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24F2995A-D78C-4D7C-86BA-9A56E72A7029}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24F2995A-D78C-4D7C-86BA-9A56E72A7029}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\heCowIfQqSuzYJ
Deleted HKLM\Software\Wow6432Node\Trymedia Systems
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8A730EF-A571-4F68-B323-42AE4DC9B2BE}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8A730EF-A571-4F68-B323-42AE4DC9B2BE}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bkuEkbOgeRHrqccSbtG
Deleted HKCU\Software\BSD
Deleted HKLM\Software\Wow6432Node\BSD
Deleted HKCU\Software\DataMngr
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}
Deleted HKCU\Software\FastDataX
Deleted HKCU\Software\csastats
Deleted HKCU\Software\InstallCore
Deleted HKLM\Software\Wow6432Node\Jetmedia
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Deleted HKCU\Software\torch
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0570A0D4430B8FD479ED621F12A22CFF
Deleted HKLM\Software\Classes\Installer\Products\0570A0D4430B8FD479ED621F12A22CFF
Deleted HKLM\Software\Classes\Installer\Features\0570A0D4430B8FD479ED621F12A22CFF
Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Voyasollam.exe
Deleted HKLM\Software\Wow6432Node\Classes\AppID\OverlayIcon.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted HKLM\Software\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted HKLM\Software\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted HKLM\Software\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted HKLM\Software\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted HKLM\Software\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2C6A44CB-AD42-4731-A544-3FBD3D83AB5B}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C922B3D0-C99F-4441-A685-DE89514EFF29}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C922B3D0-C99F-4441-A685-DE89514EFF29}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFBD8E91-0E38-4C22-A11C-30C5F11C7FE0}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFBD8E91-0E38-4C22-A11C-30C5F11C7FE0}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup
Deleted HKCU\Software\One System Care
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8650E845-BD3E-490D-8746-F6A62C78581F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8650E845-BD3E-490D-8746-F6A62C78581F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AppLoaderPM
Deleted HKCU\Environment|SNP
Deleted HKCU\Environment|SNF
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DriverDoc
Deleted HKCU\Software\Solvusoft
Deleted HKLM\Software\Wow6432Node\Solvusoft
Deleted HKLM\SOFTWARE\Classes\Applications\DriverDocSetup.exe
Deleted HKLM\SOFTWARE\CLASSES\APPLICATIONS\SolvusoftTray.exe
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F68A383838FDA624C93EEC49F5C822A9
Deleted HKLM\SOFTWARE\Classes\Record\{8ADD5A2B-AA13-383A-97F7-051C1C51A921}
Deleted HKLM\SOFTWARE\Classes\Record\{7083B570-8C01-3ACC-B79E-2E48303C37F6}
Deleted HKLM\SOFTWARE\Classes\Record\{41E0A929-4F83-38B0-9AFC-45A1734A86C8}
Deleted HKLM\SOFTWARE\Classes\Record\{18468F26-AC7F-3145-B67B-0CAD5EA40070}
Deleted HKLM\SOFTWARE\Classes\Record\{8DE86826-8BCE-32F9-868B-41A03C9ED45F}
Deleted HKLM\SOFTWARE\Classes\Record\{80A78203-3F18-3480-8639-C8969135C5BD}
Deleted HKLM\SOFTWARE\Classes\Record\{CA6F8130-AAB8-3561-88E3-B60193C22B14}
Deleted HKLM\Software\Classes\CLSID\{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}
Deleted HKLM\Software\Classes\CLSID\{44CB13F1-7D39-3519-958E-C7F88D27E4F5}
Deleted HKLM\Software\Classes\CLSID\{27C942C5-C8BC-3CA5-AE2E-991157272004}
Deleted HKLM\Software\Classes\CLSID\{616B5130-44B2-3A0B-A4D3-483417633159}
Deleted HKLM\Software\Classes\CLSID\{9EBCA256-0416-39AD-889D-824BD3171B53}
Deleted HKLM\Software\Classes\MailSearch.Helpers.AutoComplete
Deleted HKLM\Software\Classes\MailSearch.MailSearchBandObject
Deleted HKLM\Software\Classes\MailSearch.Installer
Deleted HKLM\Software\Classes\MailSearch.Attributes.BandObjectAttribute
Deleted HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{2C6A44CB-AD42-4731-A544-3FBD3D83AB5B}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [14675 octets] - [28/08/2018 21:29:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Rudy]

Zdravím!
Pokud byl log FRST sejmut ještě před čištěním ADW, dejte nový.

[sLim01]

Diky za reakci.
Byl proveden az po AdwCleaneru.

[Rudy]

OK. Jelikož je v PC svinstva více, než dost (hlavně trojáci), udělejte sken MBAM: http://www.malwarebytes.org/mbam.php. Po skenu smažte vše, co najde a pak dejte nový log FRST.

[sLim01]

Dekuji, je to o dost lepsi.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018
Ran by fidrmucova (administrator) on DRUHATRIDA (29-08-2018 19:11:23)
Running from C:\Users\fidrmucova\Desktop
Loaded Profiles: fidrmucova (Available Profiles: fidrmucova)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
() C:\Program Files\Activ Software\ActivRelay\activRelay.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osa.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Promethean) C:\Program Files\Activ Software\ActivDriver\activcontrolsvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osaui.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MpCmdRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Windows\System32\fodhelper.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files (x86)\Acer\Live Updater\updater.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [ActivManager] => C:\Program Files\Activ Software\ActivDriver\activmgr.exe [1171456 2017-06-13] ()
HKLM\...\Run: [ActivRelayKA] => C:\Program Files\Activ Software\ActivRelay\activrelay_ka.exe [944128 2017-06-13] ()
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533568 2012-08-23] (NTI Corporation)
HKLM-x32\...\Run: [OfficeSubscriptionAgent] => C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe [932160 2011-11-16] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2017-09-28] ()
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2437920 2017-10-02] (Acer)
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [World of Warships] => "C:\Games\World_of_Warships\WargamingGameUpdater.exe"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-08]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{50e0a268-02f4-4367-926b-4ae6585d1361}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{dfae735e-3e64-4567-9493-d47b56b073fa}: [DhcpNameServer] 46.33.112.42 46.33.96.2

Internet Explorer:
==================
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search-cdn.net/?e=g&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search-cdn.net/?e=g&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001 -> {DDDB7A32-319B-436E-9345-93884AAE5040} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=Searchmodule_1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-25] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-25] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2018-08-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2018-08-25] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://search-cdn.net/?e=g&q={searchTerms}
CHR DefaultSearchKeyword: Default -> cdn
CHR DefaultSuggestURL: Default -> hxxps://www.google.ru/complete/search?client=ch ... earchTerms}
CHR Profile: C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default [2018-08-29]
CHR Extension: (Prezentace) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-25]
CHR Extension: (Dokumenty) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-25]
CHR Extension: (Disk Google) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-25]
CHR Extension: (YouTube) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-25]
CHR Extension: (Tabulky) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25]
CHR Extension: (Gmail) - C:\Users\fidrmucova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-25]

Opera:
=======
OPR Extension: (Google Slides Offline) - C:\Users\fidrmucova\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbioifkimlbfbeeelbkpkjhoelebkeoh [2018-08-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ActivControl; C:\Program Files\Activ Software\ActivDriver\activcontrolsvc.exe [18432 2017-06-13] (Promethean) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2278688 2017-09-26] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8853984 2018-08-09] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 osubsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exe [493384 2011-11-16] (Microsoft Corporation)
R2 Promethean ActivRelay; C:\Program Files\Activ Software\ActivRelay\activRelay.exe [1101824 2017-06-13] () [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-08] (Dritek System INC.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-28] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508056 2017-10-24] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-07-12] (Malwarebytes)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193256 2018-08-29] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [117472 2018-08-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [52848 2018-08-29] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-08-29] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [109872 2018-08-29] (Malwarebytes)
S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-08] (Dritek System Inc.)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-08-28] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-08-28] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-28] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-29 19:11 - 2018-08-29 19:12 - 000018632 _____ C:\Users\fidrmucova\Desktop\FRST.txt
2018-08-29 17:46 - 2018-08-29 17:46 - 000000000 ____D C:\Users\fidrmucova\AppData\Local\mbam
2018-08-29 17:43 - 2018-08-29 18:51 - 000117472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-08-29 17:43 - 2018-08-29 18:51 - 000109872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-08-29 17:43 - 2018-08-29 18:51 - 000052848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-08-29 17:43 - 2018-08-29 17:43 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-29 17:43 - 2018-08-29 17:43 - 000193256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-08-29 17:42 - 2018-08-29 17:42 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-08-29 17:42 - 2018-08-29 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-29 17:42 - 2018-08-29 17:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-08-29 17:42 - 2018-08-29 17:42 - 000000000 ____D C:\Program Files\Malwarebytes
2018-08-29 17:42 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-08-29 17:39 - 2018-08-29 17:41 - 082252504 _____ (Malwarebytes ) C:\Users\fidrmucova\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6521.exe
2018-08-29 17:28 - 2018-08-29 18:45 - 000000000 ____D C:\Program Files (x86)\YDHJZflmU
2018-08-29 17:28 - 2018-08-29 18:45 - 000000000 ____D C:\Program Files (x86)\QglbfRTiMpmU2
2018-08-29 17:28 - 2018-08-29 18:45 - 000000000 ____D C:\Program Files (x86)\OPVdSgDQkfYyIdXmgQR
2018-08-29 17:28 - 2018-08-29 18:45 - 000000000 ____D C:\Program Files (x86)\fqNcwRkZsIE
2018-08-29 17:28 - 2018-08-29 18:45 - 000000000 ____D C:\Program Files (x86)\DByTOvidzZUn
2018-08-29 17:28 - 2018-08-29 18:45 - 000000000 ____D C:\Program Files (x86)\BYNMHypwGvCnC
2018-08-29 17:28 - 2018-08-29 17:28 - 000000000 ____D C:\ProgramData\ChNJyeASgmTmzaVB
2018-08-28 21:43 - 2018-08-29 19:11 - 000000000 ____D C:\FRST
2018-08-28 21:42 - 2018-08-28 21:42 - 002413056 _____ (Farbar) C:\Users\fidrmucova\Desktop\FRST64.exe
2018-08-28 21:39 - 2018-08-28 21:39 - 000012222 _____ C:\Users\fidrmucova\Desktop\AdwCleaner[C00].txt
2018-08-28 21:37 - 2018-08-29 18:50 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\izn20lis5s0
2018-08-28 21:37 - 2018-08-29 18:50 - 000000000 ____D C:\Program Files\RKBTXHCAHG
2018-08-28 21:22 - 2018-08-29 18:50 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\ic1vdyhjwj1
2018-08-28 21:22 - 2018-08-29 18:50 - 000000000 ____D C:\Program Files\RXJUAEX2EX
2018-08-25 23:35 - 2018-08-29 18:50 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\21s22bo5mtj
2018-08-25 23:35 - 2018-08-29 18:50 - 000000000 ____D C:\Program Files\ZCKJPK90R6
2018-08-25 22:49 - 2018-08-29 18:50 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\so4yeel0sj3
2018-08-25 22:49 - 2018-08-29 18:50 - 000000000 ____D C:\Program Files\ZXIBFS92HI
2018-08-25 22:37 - 2018-08-25 22:37 - 007649280 _____ C:\Program Files (x86)\GUTC55F.tmp
2018-08-25 22:37 - 2018-08-25 22:37 - 000000000 ____D C:\Program Files (x86)\GUMC51F.tmp
2018-08-25 22:04 - 2018-08-29 18:50 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\dvihzizgxvx
2018-08-25 22:04 - 2018-08-29 18:50 - 000000000 ____D C:\Program Files\K4K4F3L5CS
2018-08-25 21:20 - 2018-08-25 21:20 - 000003714 _____ C:\Program Files\Common Files\AppLoaderPM.xml
2018-08-25 21:19 - 2018-08-29 18:50 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\ixc2nw25ff0
2018-08-25 21:19 - 2018-08-29 18:50 - 000000000 ____D C:\Program Files\ZOSLLM1N9S
2018-08-25 21:18 - 2018-08-28 21:29 - 000000000 ____D C:\AdwCleaner
2018-08-25 21:03 - 2018-08-25 21:06 - 007417040 _____ (Malwarebytes) C:\Users\fidrmucova\Downloads\adwcleaner_7.2.2.exe
2018-08-25 20:57 - 2018-08-25 20:57 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-08-25 20:57 - 2018-08-25 20:57 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-08-25 20:57 - 2018-08-25 20:57 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-25 20:57 - 2018-08-25 20:57 - 000002340 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-25 20:57 - 2018-08-25 20:57 - 000000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-25 20:57 - 2018-08-25 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-08-25 20:57 - 2018-08-25 20:57 - 000000000 ____D C:\Program Files\CCleaner
2018-08-25 20:55 - 2018-08-28 21:17 - 000000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-08-25 20:55 - 2018-08-28 21:17 - 000000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-08-25 20:55 - 2018-08-25 20:55 - 000004040 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-08-25 20:55 - 2018-08-25 20:55 - 000003808 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-08-25 20:54 - 2018-08-25 20:54 - 015989160 _____ (Piriform Ltd) C:\Users\fidrmucova\Downloads\ccsetup544.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-29 19:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-29 19:10 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-08-29 19:10 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-29 19:09 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-29 19:09 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-29 18:53 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-29 18:52 - 2018-07-11 11:14 - 000412968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-29 18:50 - 2018-07-18 16:37 - 000000000 ____D C:\Program Files\RCHGOFT8UH
2018-08-29 18:50 - 2018-07-18 15:52 - 000000000 ____D C:\Program Files\RENYK9R2FV
2018-08-29 18:50 - 2018-07-11 11:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-29 18:49 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-29 18:45 - 2018-07-18 15:03 - 000000000 ____D C:\Program Files\IG6NL377YR
2018-08-29 18:45 - 2018-07-17 16:36 - 000000000 ____D C:\Program Files\E5EYHMTIUX
2018-08-29 18:45 - 2018-07-17 16:09 - 000000000 ____D C:\Program Files\QEPFLZ9XKT
2018-08-29 18:45 - 2018-07-14 04:40 - 000000000 ____D C:\Program Files\8N27S0A98J
2018-08-29 18:45 - 2018-07-14 03:55 - 000000000 ____D C:\Program Files\CNDSY2HKR5
2018-08-29 18:45 - 2018-07-14 03:10 - 000000000 ____D C:\Program Files\SUNK974A8S
2018-08-29 18:45 - 2018-07-14 02:25 - 000000000 ____D C:\Program Files\3XGVQYR3C8
2018-08-29 18:40 - 2018-07-18 15:03 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\l35rdrgjmdz
2018-08-29 18:36 - 2018-07-11 11:48 - 000004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F772F367-2432-42A1-99A5-6ECD42D2DACB}
2018-08-29 17:41 - 2018-07-13 18:55 - 000000000 ____D C:\ProgramData\Packages
2018-08-29 17:35 - 2013-09-03 23:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-08-29 17:35 - 2013-01-16 23:17 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-08-29 17:28 - 2018-07-18 16:37 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\fyckbmo1iml
2018-08-29 17:28 - 2018-07-17 16:09 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\5nug1mymk1a
2018-08-29 17:27 - 2018-07-18 15:52 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\oce3kvtyp2h
2018-08-29 17:27 - 2018-07-17 16:36 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\sqhrq21jncq
2018-08-28 21:55 - 2018-03-01 16:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-08-28 21:32 - 2018-07-11 11:21 - 000000000 ____D C:\Users\fidrmucova
2018-08-28 21:29 - 2017-09-04 10:14 - 000000000 ____D C:\ProgramData\BSD
2018-08-28 21:27 - 2012-09-08 17:07 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-08-28 21:17 - 2018-07-11 11:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-25 23:44 - 2015-08-08 15:23 - 000000000 ____D C:\Users\fidrmucova\AppData\Roaming\uTorrent
2018-08-25 21:37 - 2018-07-10 14:46 - 000000000 ___DC C:\WINDOWS\Panther
2018-08-25 21:36 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-25 21:36 - 2014-01-20 15:46 - 000000000 ____D C:\Users\fidrmucova\AppData\Local\CrashDumps
2018-08-25 21:15 - 2018-07-14 02:26 - 000000270 __RSH C:\ProgramData\ntuser.pol
2018-08-25 20:57 - 2013-01-22 22:52 - 000000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2018-08-25 22:37 - 2018-08-25 22:37 - 007649280 _____ () C:\Program Files (x86)\GUTC55F.tmp
2018-08-25 21:20 - 2018-08-25 21:20 - 000003714 _____ () C:\Program Files\Common Files\AppLoaderPM.xml
2018-07-14 02:25 - 2018-07-14 02:25 - 000140800 _____ () C:\Users\fidrmucova\AppData\Local\installer.dat

Some files in TEMP:
====================
2018-08-25 23:46 - 2018-08-25 23:47 - 002608128 _____ (Opera Software) C:\Users\fidrmucova\AppData\Local\Temp\Opera_installer_18082521462352312372.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-11 11:14

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by fidrmucova (29-08-2018 19:13:17)
Running from C:\Users\fidrmucova\Desktop
Windows 10 Home Version 1803 17134.165 (X64) (2018-07-11 09:50:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1675228566-3109809821-3512086675-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1675228566-3109809821-3512086675-503 - Limited - Disabled)
fidrmucova (S-1-5-21-1675228566-3109809821-3512086675-1001 - Administrator - Enabled) => C:\Users\fidrmucova
Guest (S-1-5-21-1675228566-3109809821-3512086675-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1675228566-3109809821-3512086675-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2002 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2003.6 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
ActivDriver (HKLM\...\{5A6DF759-5992-4809-8456-A6256CB40874}) (Version: 5.16.7.0 - Promethean Ltd) Hidden
ActivDriver (HKLM-x32\...\{edbf0bd6-6823-4e8a-8562-bec8b84528a5}) (Version: 5.16.7.0 - Promethean Ltd)
Active WebCam (HKLM-x32\...\Active WebCam) (Version: - )
ActivInspire Core Resources (CZE) v1 (HKLM-x32\...\{A8F3E8B6-D34A-4FB1-BF02-3211F24599C5}) (Version: 1.5.2 - Promethean)
ActivInspire Help (CZE) v1 (HKLM-x32\...\{915770D3-B34B-4135-9B36-1CA6CC45F316}) (Version: 1.5.2 - Promethean)
ActivInspire HWR Resources (CZE) v1 (HKLM-x32\...\{60104019-8CEF-440A-88B3-737F48ECF6FD}) (Version: 1.5.2 - Promethean)
ActivInspire v1 (HKLM-x32\...\{FAC83A5C-8BC9-4EE0-A27E-4CC684B1EDF5}) (Version: 1.5.34144 - Promethean)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.25.2001.0 - Acer Incorporated)
B&L Angličtina pro děti - školní verze (HKLM-x32\...\B&L Angličtina pro děti - školní verze) (Version: - )
B&L Angličtina pro nejmenší (instalace na disk) (HKLM-x32\...\B&L Angličtina pro nejmenší (instalace na disk)) (Version: - )
Backup Manager v4 (HKLM-x32\...\{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation) Hidden
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
clear.fi SDK - Video 2 (HKLM-x32\...\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}) (Version: 2.1.1910 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (HKLM-x32\...\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}) (Version: 2.1.1910 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Český jazyk 6 (instalace na disk) (HKLM-x32\...\Český jazyk 6 (instalace na disk)) (Version: - )
Český jazyk, pravopis hrou (HKLM-x32\...\Český jazyk, pravopis hrou) (Version: - )
ČŠI testování (HKLM-x32\...\{3FE6C185-44D9-4F19-B32B-13436B712354}) (Version: 4.4.2 - ČŠI - itelligence, a.s.)
Dětský koutek 5 (minimální instalace) (HKLM-x32\...\Dětský koutek 5 (minimální instalace)) (Version: - )
Dětský koutek 5 (plná instalace) (HKLM-x32\...\Dětský koutek 5 (plná instalace)) (Version: - )
Didakta - Angličtina 1 (HKLM-x32\...\Didakta - Angličtina 1_is1) (Version: - )
Dropbox (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Dyslexie II verze 1.0 (HKLM-x32\...\{112F5372-0A25-4F98-843D-45490E5A8021}_is1) (Version: 1.0 - Eurodidact)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
ESET Endpoint Antivirus (HKLM\...\{0165402B-C509-49BA-ACC1-2EDB9BB3C493}) (Version: 6.1.2222.1 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
KOUZELNÁ MATEMATIKA (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\KOUZELNÁ MATEMATIKA) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8103 - Acer Incorporated)
Malwarebytes verze 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.10325.20118 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSSUB) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Online Services Logonassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MyWinLocker (HKLM\...\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}) (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (HKLM-x32\...\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}) (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
Nano Service Pack (HKLM\...\{698AC878-6359-4253-A72A-64A2DE9AB864}) (Version: 6.2.5 - SystemNanoPacks) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NativeDesktopMediaService (HKLM\...\{74182FA1-3662-46EA-97AE-AF304171584C}) (Version: 2.3.0 - Jetmedia) <==== ATTENTION
NTI Media Maker 9 (HKLM-x32\...\{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
One System Care (HKLM-x32\...\OneSystemCare_is1) (Version: 4.4.0.3 - One System Care) <==== ATTENTION
Opera Stable 54.0.2952.54 (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\Opera 54.0.2952.54) (Version: 54.0.2952.54 - Opera Software)
Poznáváme minulost 1 - PRAVĚK (doporučená instalace) (HKLM-x32\...\Poznáváme minulost 1 - PRAVĚK (doporučená instalace)) (Version: - )
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Roblox Player for fidrmucova (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
Roblox Studio for fidrmucova (HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-011D-0000-0000-0000000FF1CE}_Office14.PROPLUSSUB_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
STORMWARE PDF Printer 10.1.0.1871 (HKLM\...\STORMWARE PDF Printer_is1) (Version: 10.1.0.1871 - STORMWARE)
STORMWARE POHODA Start CZ (HKLM-x32\...\{C7F86EE3-34D4-4195-82F2-2412218CF67E}) (Version: 10600.130 - STORMWARE)
TS Angličtina 1 (plná instalace) (HKLM-x32\...\TS Angličtina 1 (plná instalace)) (Version: - )
TS Angličtina hrou 1 (doporučená instalace) (HKLM-x32\...\TS Angličtina hrou 1 (doporučená instalace)) (Version: - )
TS Angličtina hrou 2 (doporučená instalace) (HKLM-x32\...\TS Angličtina hrou 2 (doporučená instalace)) (Version: - )
TS Český jazyk - Vyjmenovaná slova (instalace na disk) (HKLM-x32\...\TS Český jazyk - Vyjmenovaná slova (instalace na disk)) (Version: - )
TS Český jazyk hrou 1 (instalace na disk) (HKLM-x32\...\TS Český jazyk hrou 1 (instalace na disk)) (Version: - )
TS Diktáty (plná instalace) (HKLM-x32\...\TS Diktáty (plná instalace)) (Version: - )
TS Matematika 1 - Logické úkoly (doporučená instalace) (HKLM-x32\...\TS Matematika 1 - Logické úkoly (doporučená instalace)) (Version: - )
TS Přírodověda 1 (instalace na disk) (HKLM-x32\...\TS Přírodověda 1 (instalace na disk)) (Version: - )
TS Přírodověda 2 (instalace na disk) (HKLM-x32\...\TS Přírodověda 2 (instalace na disk)) (Version: - )
TS Přírodověda 3 (instalace na disk) (HKLM-x32\...\TS Přírodověda 3 (instalace na disk)) (Version: - )
TS Přírodověda 4 (instalace na disk) (HKLM-x32\...\TS Přírodověda 4 (instalace na disk)) (Version: - )
TS Přírodověda 5 (instalace na disk) (HKLM-x32\...\TS Přírodověda 5 (instalace na disk)) (Version: - )
TS Přírodověda 6 (instalace na disk) (HKLM-x32\...\TS Přírodověda 6 (instalace na disk)) (Version: - )
TS Slovní úlohy a matematické hry 2 (instalace na disk) (HKLM-x32\...\TS Slovní úlohy a matematické hry 2 (instalace na disk)) (Version: - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Živá Abeceda verze 2.25 (HKLM-x32\...\{6AD23362-5DEF-4CCB-AC07-DC2D8A355C72}_is1) (Version: 2.25 - Nakladatelství Nová Škola)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675228566-3109809821-3512086675-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers3: [MWLIVShellExt] -> {B1B294FE-EC1E-4fef-AF68-D34CE3E38157} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll [2012-07-12] (Egis Technology Inc. )
ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2011-03-29] (Egis Technology Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-1675228566-3109809821-3512086675-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1675228566-3109809821-3512086675-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1675228566-3109809821-3512086675-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014FD00A-7C46-4DC0-A845-03B92E74E80D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {0703A3FA-CAA0-41AA-86E7-10D9327F5DAD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1824C07C-0ABB-403C-8953-246E3ED15F4E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-28] (Microsoft Corporation)
Task: {1ABB8CAF-713E-48DE-8B70-EFC33C8BB1A3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {1B96AEDC-7B24-4043-89CA-9D7D43E2F169} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {1C614661-B9DD-4F21-857F-B9026AF9EC0A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-25] (Microsoft Corporation)
Task: {1DE41006-56FA-420E-B4F0-7C70AC8884F8} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {2B13905F-E747-47F0-B735-1782A7C9C82A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36717364-2D18-43C8-BD27-0D1867ED58D7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {3F2A6927-3BDC-4B86-B8FB-62FFD8EF2100} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-28] (Microsoft Corporation)
Task: {40871C02-4146-4BDA-8854-F0C1D6A62DA6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-09] (Microsoft Corporation)
Task: {49C4D410-494E-4A73-B318-478783B32AF2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {52199AD5-D156-4740-8C0B-8AA31036DB24} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-08-25] (Microsoft Corporation)
Task: {5228967F-65E5-46E1-AC5A-0C204E797496} - System32\Tasks\Chameleon Folder-fidrmucova => "C:\Program Files (x86)\Chameleon Explorer\ChameleonFolder.exe"
Task: {5C4C6CC2-17E6-466E-96E5-4982C84EB5FA} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2017-03-15] ()
Task: {5C9D6325-26AC-427F-B62C-D1EDBCF00CFC} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-08-25] (Microsoft Corporation)
Task: {622310B5-58CA-4E64-87C9-3DB781297A92} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {638FF7E9-AA46-4EE6-8FFA-B99600332EC5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6AF75FE6-FF63-4BB6-A66C-7B0077D87EF0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6F75A5BF-DD75-4067-BE82-668C3A7A7AD6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {722A9927-EB5D-47E5-A4E3-797E0FC621DE} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2017-10-02] (Acer)
Task: {84E18237-FC7D-4829-9140-38AD29E52603} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2017-09-26] (Acer Incorporated)
Task: {8A4824F7-FDD3-4966-9AB3-A8A0893C0A95} - System32\Tasks\Opera scheduled Autoupdate 1531925403 => C:\Users\fidrmucova\AppData\Local\Programs\Opera\launcher.exe [2018-07-11] (Opera Software)
Task: {8B888213-57C6-4F1F-A06B-749C698FBF26} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {98CEFDC9-4187-453C-A3B4-C49FB9152592} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {9BDDD0D5-A761-4A4D-BB43-AD543897B33D} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2017-09-28] ()
Task: {9EC41D81-DA7D-48D4-A474-67FB64845619} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-25] (Microsoft Corporation)
Task: {A0ECA155-F193-43FC-9211-AEBA765F139D} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2017-03-15] ()
Task: {A52AEF31-EBFC-4299-AAFA-26AB16442A81} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A58D8253-58F0-4E2C-818B-475676A63CAE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-28] (Microsoft Corporation)
Task: {A79C36F5-A854-459A-87BD-D62083DA5B91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-25] (Google Inc.)
Task: {B12E4960-E4B4-499F-8C50-69633FC680B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B36714BF-802F-4A13-8702-14DC33236DFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {B612FA16-ED60-40CB-A427-7FC1FFC2E37A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {B6CAB085-D00A-44D3-960E-ADC9FB68BD87} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {BB2BF8A7-DE46-4CC2-A908-4DE60FA24739} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BCA594BE-5016-4CE9-A49B-28AB4CB61F70} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-09] (Microsoft Corporation)
Task: {CBB062D9-B2CE-4F0B-A01A-A1738D367D7C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {CE7BD5CD-0A01-46C7-910C-15ADAC7AF73F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-08-25] (Microsoft Corporation)
Task: {DA11A7E4-857C-4E1A-98E5-C48FDCB1D1BB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DB52C38A-7BED-4C11-8C09-4DA13108FB1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {E26CE8E8-4268-462C-8EEA-5286E1474D53} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E364E47D-0815-45AF-B02D-E418CB99A839} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {E462E2C5-4701-40BF-8EDE-0946F1D19A98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-25] (Google Inc.)
Task: {EE4879AB-04B1-43AF-8265-6560E71976E9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {EF2B5922-88D4-4840-947A-2737F00499AB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-08-25] (Microsoft Corporation)
Task: {F0F935F1-7BC0-45CA-A13E-B3B7D81836B4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F83191E3-E913-4DC2-BE22-C614E7BF5FB0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {FB7B86EC-441C-4581-B795-BE1A6FB33F2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\fidrmucova\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com

==================== Loaded Modules (Whitelisted) ==============

2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-06-13 15:25 - 2017-06-13 15:25 - 001101824 _____ () C:\Program Files\Activ Software\ActivRelay\activRelay.exe
2018-08-29 17:42 - 2018-08-06 14:20 - 002769768 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-08-29 17:42 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\office.odf
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2012-06-22 03:12 - 2012-06-22 03:12 - 001407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2018-07-13 19:47 - 2018-07-06 08:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-10 15:12 - 2018-07-10 15:15 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-07-17 14:40 - 2018-07-17 14:41 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 14:40 - 2018-07-17 14:41 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 14:40 - 2018-07-17 14:41 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 14:40 - 2018-07-17 14:41 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 14:40 - 2018-07-17 14:41 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-28 18:21 - 2017-09-28 18:21 - 001769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2017-09-28 18:21 - 2017-09-28 18:21 - 000091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2018-06-10 22:01 - 2018-06-10 22:02 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-10 22:01 - 2018-06-10 22:02 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-02 07:03 - 2017-10-02 07:06 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-04-26 20:52 - 2018-04-26 20:55 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-30 19:31 - 2018-05-30 19:32 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-30 19:31 - 2018-05-30 19:32 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-30 19:31 - 2018-05-30 19:32 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-03 10:42 - 2018-04-03 11:02 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-06-10 22:01 - 2018-06-10 22:02 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-30 19:31 - 2018-05-30 19:32 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-10 22:01 - 2018-06-10 22:02 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 19:31 - 2018-05-30 19:32 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-30 19:31 - 2018-05-30 19:32 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 19:31 - 2018-05-30 19:32 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2017-03-15 11:47 - 2017-03-15 11:47 - 004153648 _____ () C:\Program Files (x86)\Acer\Live Updater\updater.exe
2018-04-05 07:42 - 2018-04-05 07:42 - 004734464 _____ () C:\Program Files\WindowsApps\Microsoft.Wallet_2.2.18065.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.dll
2018-08-29 19:08 - 2018-08-29 19:09 - 034701824 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 000465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 000125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 000155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 000118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 000052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 001081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 000727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2017-06-13 15:25 - 2017-06-13 15:25 - 000045568 _____ () C:\Program Files\Activ Software\ActivRelay\QtServices.dll
2017-06-13 15:25 - 2017-06-13 15:25 - 000920576 _____ () C:\Program Files\Activ Software\ActivRelay\activsystem2.dll
2017-06-13 15:23 - 2017-06-13 15:23 - 000318976 _____ () C:\Program Files\Activ Software\ActivRelay\classflowclient.dll
2015-01-28 16:50 - 2015-01-28 16:50 - 000107520 _____ () C:\Program Files\Activ Software\ActivRelay\zlib1.dll
2017-06-13 15:27 - 2017-06-13 15:27 - 000249856 _____ () C:\WINDOWS\libactivboardex.dll
2012-09-08 16:48 - 2012-06-25 19:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2017-09-22 16:17 - 2017-09-22 16:17 - 000641312 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2017-09-22 16:14 - 2017-09-22 16:14 - 000202528 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2017-09-22 16:17 - 2017-09-22 16:17 - 000654072 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2017-09-22 16:16 - 2017-09-22 16:16 - 000119072 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2018-07-11 11:23 - 2018-07-11 11:23 - 000015136 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2017-09-26 13:35 - 2017-09-26 13:35 - 000013088 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2017-09-26 13:34 - 2017-09-26 13:34 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2017-10-02 15:56 - 2017-10-02 15:56 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2017-10-02 15:56 - 2017-10-02 15:56 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2017-09-28 18:21 - 2017-09-28 18:21 - 000277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\fidrmucova\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "ActivManager"
HKLM\...\StartupApproved\Run: => "ActivRelayKA"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "BakupManagerTray"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\StartupFolder: => "Shortcut to Primary output from Start (Active).lnk"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "IHRWCHPRGTZWKWW"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "T60R8H16MY4QYJO"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "AcerPortal"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "JBBJ1LS9FZ0QFZQ"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "07S83RATFBJVAPH"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "6LZXILL34JYHYB4"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "abDocsDllLoader"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "World of Warships"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "WHC9WTQ779XAD8Y"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "YK3W6YL7YFAD6W6"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9621FDAD-C545-47DD-A334-9905968C100D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5C9C128A-FB3A-4DA0-A3F2-FC6F8527E502}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EA89E0A1-A02F-492D-BE13-C9F627B2CB19}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5502F9F3-458F-4669-AC17-ABF6EFB7ED68}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{9B45EBAA-70BF-4447-80B3-A04CD8A4DCFB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{20870211-3D43-45C5-9687-FFE25D6D9E65}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{DB8E758E-072D-41AE-A765-9B396702BAED}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3E051742-1161-43F0-91AC-C1648DF97680}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{34468BDB-C851-4915-B362-889C98AAE62D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{9D3A7C34-48F1-4DFB-9087-B9B2BB23A03E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{8FE62C7F-63ED-445F-8BF4-28F050BFCA96}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{2EC4A8E5-207F-4EC1-9D31-6DB0E018AB99}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{4E25FB68-8315-419A-8C8F-40F6A5FFB16E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{D971CCCB-0A96-4178-9A43-049879A1E841}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{F5377687-F387-4E77-8AD5-0DA395239578}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{2A67F02C-B64D-4827-A2D7-B44A31EB9BD6}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{154D5966-F663-453C-BED9-1A28E045DD2E}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{3FD46260-14B0-4D4D-8DF1-F65CD4825160}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{9CCD9620-212D-4686-8E54-63AF14927465}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{B83F2E07-A31B-4407-88DA-195E469AF702}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{F370B067-6430-4D0D-8AC8-4F4DC06FA168}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{302A503B-5D3E-4CF5-AD94-1FF4FACC3D04}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{35A75A2E-562E-4FAC-AF13-0704131A8FE6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E5F142BA-3598-4DA3-A973-6AC4A68DCF44}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B12D70AA-1D9B-4C16-BC99-2D5ABDA07D67}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{33BFAAC8-E4F6-4B7D-95E0-D24A9EB02D93}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{CD6BAE9A-BB9D-41A4-B759-D4BB784D05DA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{035E2953-3996-4117-A0DA-E74640F96627}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{C29D9FC1-058C-4805-940E-636A23110DFA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{CBE05461-C17A-4885-9A6C-42414921237D}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{02BC8712-07AA-4213-AAB9-D157C0730544}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [UDP Query User{D04B13D2-C1F0-4172-9FCF-11E720CE000E}C:\users\fidrmucova\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\fidrmucova\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{1D435E75-6ADD-457C-AC09-0D38032696A8}C:\users\fidrmucova\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\fidrmucova\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{686F6810-3EE6-4DE8-A966-3824652A6A7D}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{4D211644-52DE-4B61-99A1-6263E6D00570}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{E82CAC18-872F-42EB-8783-E55F1BB9DB71}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{C566453B-61A6-458F-B64F-C4202DA4DDB1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{DC82C64F-0F17-4BC5-8290-B65D5338B358}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{02C1D091-42B2-4D0D-89E5-438FFC24A9D2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{4759DD16-AB61-407A-BF5E-D19A03361E3A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{CA823D61-D858-4415-B6F8-6FE8106DBB3A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{0DF66841-C566-4CEF-80EE-9467C0D6DF47}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{091FE955-2135-46ED-8730-89C5D6315071}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{C43A6F56-6C90-4A65-8FFF-278AFC7A3834}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{D9D93068-CE4A-4A1E-BF79-FEA1E285E628}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{58839B70-D5C3-4624-9B75-705FB9F6490D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{B2341F9E-0B25-40FB-88F5-D6EFFC019CA8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{6DFCCA07-3752-40EB-9A27-D3B59A00D7F2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{9BD497CA-5EC0-4069-87EC-5CED7438C6F7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{E2A83288-96DE-4471-9B2C-3168645C6537}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{85A2A8F4-0671-4710-9B7F-F3BDA1B2B02E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7E9DB892-2C32-4F40-B7E0-B772C21B4940}] => (Allow) C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{93BC8C2E-3145-4A56-B9F3-7170821570DF}] => (Allow) C:\Users\fidrmucova\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FC08FA20-6AE4-4492-8B25-A7D35568DB48}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F277318E-BAF6-468C-9F58-6D6957EEEFB8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1D69815-38A4-4021-A724-5B716B3D605B}] => (Allow) C:\WINDOWS\SysWOW64\TCPSVCS.EXE
FirewallRules: [{1FF6937F-5882-4EDC-9BD1-2EC50383E252}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{082CFB82-EDED-4A1C-A3C0-E7E4CDAF9D46}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{057F6A25-165A-479B-91B9-ECD4DBF3BFCE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

13-07-2018 19:42:56 Windows Update
18-07-2018 15:13:24 Removed NativeDesktopMediaService
29-08-2018 17:29:10 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/29/2018 07:10:18 PM) (Source: OSA) (EventID: 1) (User: )
Description: Funkce Publisher:GetTicket se nezdařila. Chyba: 0x1

Error: (08/29/2018 06:52:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 760: ERROR: read_msg errno 10054 (Stávající připojení bylo vynuceně ukončeno vzdáleným hostitelem.)

Error: (08/29/2018 06:48:48 PM) (Source: OSA) (EventID: 1) (User: )
Description: Funkce Publisher:GetTicket se nezdařila. Chyba: 0x805A6003

Error: (08/29/2018 05:38:42 PM) (Source: OSA) (EventID: 1) (User: )
Description: Funkce Publisher:GetTicket se nezdařila. Chyba: 0x1

Error: (08/29/2018 05:35:06 PM) (Source: OSA) (EventID: 1) (User: )
Description: Funkce Publisher:GetTicket se nezdařila. Chyba: 0x805A6002

Error: (08/29/2018 05:33:40 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/29/2018 05:28:21 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = c:\windows\system32\svchost.exe -k netsvcs -p; Popis = Windows Update; Chyba = 0x81000101).

Error: (08/28/2018 09:59:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceive: mDNS_Unlock locking failure! mDNS_busy (1) != mDNS_reentrancy (0)


System errors:
=============
Error: (08/29/2018 06:55:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/29/2018 06:54:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/29/2018 06:50:04 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: eeCtrl64.sys

Error: (08/29/2018 06:49:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby MBAMService bylo dosaženo časového limitu (30000 ms).

Error: (08/29/2018 05:39:00 PM) (Source: DCOM) (EventID: 10016) (User: druhatrida)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli druhatrida\fidrmucova (SID: S-1-5-21-1675228566-3109809821-3512086675-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/29/2018 05:37:33 PM) (Source: DCOM) (EventID: 10016) (User: druhatrida)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli druhatrida\fidrmucova (SID: S-1-5-21-1675228566-3109809821-3512086675-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/29/2018 05:36:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070057): 9NBLGGH42THS-Microsoft.Microsoft3DViewer.

Error: (08/29/2018 05:33:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2018-08-29 18:49:17.051
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {9CC24C6E-A131-44E3-8BFF-BBEFED04C6FA}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\NETWORK SERVICE

Date: 2018-08-29 18:45:56.199
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Bluteal!rfn
ID: 2147724737
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\fidrmucova\AppData\Local\Temp\is-2A2HR.tmp\jaui.dll; file:_C:\Users\fidrmucova\AppData\Local\Temp\is-5MF9F.tmp\jaui.dll->[lowcase_mzpe]; file:_C:\Users\fidrmucova\AppData\Local\Temp\is-VMKLL.tmp\jaui.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Verze podpisu: AV: 1.275.330.0, AS: 1.275.330.0, NIS: 1.275.330.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-08-29 18:45:56.121
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Program Files\3XGVQYR3C8\uninstaller.exe->[lowcase_mzpe]; file:_C:\Program Files\8N27S0A98J\uninstaller.exe->[lowcase_mzpe]; file:_C:\Program Files\E5EYHMTIUX\9MMO4XVS4.exe->[lowcase_mzpe]; file:_C:\Program Files\QEPFLZ9XKT\QEPFLZ9XK.exe->[lowcase_mzpe]; file:_C:\Program Files\RCHGOFT8UH\uninstaller.exe->[lowcase_mzpe]; file:_C:\Program Files\RENYK9R2FV\uninstaller.exe->[lowcase_mzpe]; file:_C:\Program Files\SUNK974A8S\uninstaller.exe->[lowcase_mzpe]
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Verze podpisu: AV: 1.275.330.0, AS: 1.275.330.0, NIS: 1.275.330.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-08-29 18:45:55.827
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Zpevdo.A
ID: 2147727143
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\fidrmucova\AppData\Local\Temp\bp2w1hetxfp\OneSystemCare.exe->[lowcase_mzpe]; file:_C:\Users\fidrmucova\AppData\Local\Temp\cbzplxzgxgv\OneSystemCare.exe->[lowcase_mzpe]; file:_C:\Users\fidrmucova\AppData\Local\Temp\kh2ayrzjf4l\OneSystemCare.exe->[lowcase_mzpe]; file:_C:\Users\fidrmucova\AppData\Local\Temp\lp0se5dmval\OneSystemCare.exe->[lowcase_mzpe]
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Verze podpisu: AV: 1.275.330.0, AS: 1.275.330.0, NIS: 1.275.330.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-08-29 18:45:55.773
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Skeeyah.A!rfn
ID: 2147694182
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\ProgramData\ellfService\ellfService.exe->[lowcase_mzpe]; file:_C:\Users\fidrmucova\AppData\Roaming\l35rdrgjmdz\wssx1omyu2y.exe->[lowcase_mzpe]
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Verze podpisu: AV: 1.275.330.0, AS: 1.275.330.0, NIS: 1.275.330.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-08-29 17:47:25.310
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.275.330.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15200.1
Kód chyby: 0x80240016
Popis chyby ři zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2018-08-28 21:43:29.397
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.271.1178.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15000.2
Kód chyby: 0x80240022
Popis chyby :V daném programu nelze zkontrolovat aktualizace definic.

Date: 2018-08-28 21:43:29.392
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.271.1178.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15000.2
Kód chyby: 0x80240022
Popis chyby :V daném programu nelze zkontrolovat aktualizace definic.

Date: 2018-08-28 21:23:31.169
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.271.1178.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15000.2
Kód chyby: 0x80080005
Popis chyby :Provádění serveru selhalo

Date: 2018-08-25 20:46:20.279
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.271.1178.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15000.2
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2018-08-29 17:43:36.967
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\fidrmucova\AppData\Local\Programs\Opera\54.0.2952.54\opera.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-08-29 17:43:31.755
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 16:12:27.870
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 16:12:27.863
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 16:12:27.854
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 16:12:27.839
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Users\fidrmucova\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 16:12:27.587
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-18 16:12:27.495
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Acer\shellext\x64\shellext_win.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 51%
Total physical RAM: 3909.28 MB
Available physical RAM: 1886.13 MB
Total Virtual: 6085.28 MB
Available Virtual: 3755.14 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:678.38 GB) (Free:548.05 GB) NTFS

\\?\Volume{7b5bc0ce-38d5-46ac-af58-fe004b81229a}\ (Recovery) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFS
\\?\Volume{6265e184-58be-4b97-bac6-af3b694bcd35}\ () (Fixed) (Total:0.81 GB) (Free:0.34 GB) NTFS
\\?\Volume{cbded148-1ab8-4c7e-a924-43dd8fb11fec}\ (Push Button Reset) (Fixed) (Total:18.64 GB) (Free:2.29 GB) NTFS
\\?\Volume{a9ab955c-b93b-4531-b897-89c791f545d5}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 010F989E)

Partition: GPT.

==================== End of Addition.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
CHR DefaultSuggestURL: Default -> hxxps://www.google.ru/complete/search?c ... xt-ansg&q={searchTerms}
C:\Program Files (x86)\YDHJZflmU
C:\Program Files (x86)\QglbfRTiMpmU2
C:\Program Files (x86)\OPVdSgDQkfYyIdXmgQR
C:\Program Files (x86)\fqNcwRkZsIE
C:\Program Files (x86)\DByTOvidzZUn
C:\Program Files (x86)\BYNMHypwGvCnC
C:\ProgramData\ChNJyeASgmTmzaVB
C:\Users\fidrmucova\AppData\Roaming\izn20lis5s0
C:\Program Files\RKBTXHCAHG
C:\Users\fidrmucova\AppData\Roaming\ic1vdyhjwj1
C:\Program Files\RXJUAEX2EX
C:\Users\fidrmucova\AppData\Roaming\21s22bo5mtj
C:\Program Files\ZCKJPK90R6
C:\Users\fidrmucova\AppData\Roaming\so4yeel0sj3
C:\Program Files\ZXIBFS92HI
C:\Program Files (x86)\GUTC55F.tmp
C:\Program Files (x86)\GUMC51F.tmp
C:\Users\fidrmucova\AppData\Roaming\dvihzizgxvx
C:\Program Files\K4K4F3L5CS
C:\Users\fidrmucova\AppData\Roaming\ixc2nw25ff0
C:\Program Files\ZOSLLM1N9S
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Program Files\RCHGOFT8UH
C:\Program Files\RENYK9R2FV
C:\Program Files\IG6NL377YR
C:\Program Files\E5EYHMTIUX
C:\Program Files\QEPFLZ9XKT
C:\Program Files\8N27S0A98J
C:\Program Files\CNDSY2HKR5
C:\Program Files\SUNK974A8S
C:\Program Files\3XGVQYR3C8
C:\Users\fidrmucova\AppData\Roaming\fyckbmo1iml
C:\Users\fidrmucova\AppData\Roaming\5nug1mymk1a
C:\Users\fidrmucova\AppData\Roaming\oce3kvtyp2h
C:\Users\fidrmucova\AppData\Roaming\sqhrq21jncq
C:\Users\fidrmucova\AppData\Local\Temp
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {0703A3FA-CAA0-41AA-86E7-10D9327F5DAD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1ABB8CAF-713E-48DE-8B70-EFC33C8BB1A3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {2B13905F-E747-47F0-B735-1782A7C9C82A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {49C4D410-494E-4A73-B318-478783B32AF2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {622310B5-58CA-4E64-87C9-3DB781297A92} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {638FF7E9-AA46-4EE6-8FFA-B99600332EC5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6AF75FE6-FF63-4BB6-A66C-7B0077D87EF0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6F75A5BF-DD75-4067-BE82-668C3A7A7AD6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8B888213-57C6-4F1F-A06B-749C698FBF26} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A52AEF31-EBFC-4299-AAFA-26AB16442A81} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A79C36F5-A854-459A-87BD-D62083DA5B91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-25] (Google Inc.)
Task: {B612FA16-ED60-40CB-A427-7FC1FFC2E37A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {BB2BF8A7-DE46-4CC2-A908-4DE60FA24739} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DA11A7E4-857C-4E1A-98E5-C48FDCB1D1BB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E26CE8E8-4268-462C-8EEA-5286E1474D53} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E364E47D-0815-45AF-B02D-E418CB99A839} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {E462E2C5-4701-40BF-8EDE-0946F1D19A98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-25] (Google Inc.)
Task: {F0F935F1-7BC0-45CA-A13E-B3B7D81836B4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "IHRWCHPRGTZWKWW"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "T60R8H16MY4QYJO"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "JBBJ1LS9FZ0QFZQ"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "07S83RATFBJVAPH"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "6LZXILL34JYHYB4"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "WHC9WTQ779XAD8Y"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "YK3W6YL7YFAD6W6"

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[sLim01]

Fix result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by fidrmucova (30-08-2018 00:27:59) Run:1
Running from C:\Users\fidrmucova\Desktop
Loaded Profiles: fidrmucova (Available Profiles: fidrmucova)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
CHR DefaultSuggestURL: Default -> hxxps://www.google.ru/complete/search?c ... xt-ansg&q={searchTerms}
C:\Program Files (x86)\YDHJZflmU
C:\Program Files (x86)\QglbfRTiMpmU2
C:\Program Files (x86)\OPVdSgDQkfYyIdXmgQR
C:\Program Files (x86)\fqNcwRkZsIE
C:\Program Files (x86)\DByTOvidzZUn
C:\Program Files (x86)\BYNMHypwGvCnC
C:\ProgramData\ChNJyeASgmTmzaVB
C:\Users\fidrmucova\AppData\Roaming\izn20lis5s0
C:\Program Files\RKBTXHCAHG
C:\Users\fidrmucova\AppData\Roaming\ic1vdyhjwj1
C:\Program Files\RXJUAEX2EX
C:\Users\fidrmucova\AppData\Roaming\21s22bo5mtj
C:\Program Files\ZCKJPK90R6
C:\Users\fidrmucova\AppData\Roaming\so4yeel0sj3
C:\Program Files\ZXIBFS92HI
C:\Program Files (x86)\GUTC55F.tmp
C:\Program Files (x86)\GUMC51F.tmp
C:\Users\fidrmucova\AppData\Roaming\dvihzizgxvx
C:\Program Files\K4K4F3L5CS
C:\Users\fidrmucova\AppData\Roaming\ixc2nw25ff0
C:\Program Files\ZOSLLM1N9S
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Program Files\RCHGOFT8UH
C:\Program Files\RENYK9R2FV
C:\Program Files\IG6NL377YR
C:\Program Files\E5EYHMTIUX
C:\Program Files\QEPFLZ9XKT
C:\Program Files\8N27S0A98J
C:\Program Files\CNDSY2HKR5
C:\Program Files\SUNK974A8S
C:\Program Files\3XGVQYR3C8
C:\Users\fidrmucova\AppData\Roaming\fyckbmo1iml
C:\Users\fidrmucova\AppData\Roaming\5nug1mymk1a
C:\Users\fidrmucova\AppData\Roaming\oce3kvtyp2h
C:\Users\fidrmucova\AppData\Roaming\sqhrq21jncq
C:\Users\fidrmucova\AppData\Local\Temp
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {0703A3FA-CAA0-41AA-86E7-10D9327F5DAD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1ABB8CAF-713E-48DE-8B70-EFC33C8BB1A3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {2B13905F-E747-47F0-B735-1782A7C9C82A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {49C4D410-494E-4A73-B318-478783B32AF2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {622310B5-58CA-4E64-87C9-3DB781297A92} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {638FF7E9-AA46-4EE6-8FFA-B99600332EC5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6AF75FE6-FF63-4BB6-A66C-7B0077D87EF0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6F75A5BF-DD75-4067-BE82-668C3A7A7AD6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8B888213-57C6-4F1F-A06B-749C698FBF26} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A52AEF31-EBFC-4299-AAFA-26AB16442A81} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A79C36F5-A854-459A-87BD-D62083DA5B91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-25] (Google Inc.)
Task: {B612FA16-ED60-40CB-A427-7FC1FFC2E37A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {BB2BF8A7-DE46-4CC2-A908-4DE60FA24739} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DA11A7E4-857C-4E1A-98E5-C48FDCB1D1BB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E26CE8E8-4268-462C-8EEA-5286E1474D53} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E364E47D-0815-45AF-B02D-E418CB99A839} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {E462E2C5-4701-40BF-8EDE-0946F1D19A98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-25] (Google Inc.)
Task: {F0F935F1-7BC0-45CA-A13E-B3B7D81836B4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "IHRWCHPRGTZWKWW"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "T60R8H16MY4QYJO"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "JBBJ1LS9FZ0QFZQ"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "07S83RATFBJVAPH"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "6LZXILL34JYHYB4"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "WHC9WTQ779XAD8Y"
HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\...\StartupApproved\Run: => "YK3W6YL7YFAD6W6"

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
"HKLM\Software\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\Software\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com" => removed successfully
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
C:\Program Files (x86)\YDHJZflmU => moved successfully
C:\Program Files (x86)\QglbfRTiMpmU2 => moved successfully
C:\Program Files (x86)\OPVdSgDQkfYyIdXmgQR => moved successfully
C:\Program Files (x86)\fqNcwRkZsIE => moved successfully
C:\Program Files (x86)\DByTOvidzZUn => moved successfully
C:\Program Files (x86)\BYNMHypwGvCnC => moved successfully
C:\ProgramData\ChNJyeASgmTmzaVB => moved successfully
C:\Users\fidrmucova\AppData\Roaming\izn20lis5s0 => moved successfully
C:\Program Files\RKBTXHCAHG => moved successfully
C:\Users\fidrmucova\AppData\Roaming\ic1vdyhjwj1 => moved successfully
C:\Program Files\RXJUAEX2EX => moved successfully
C:\Users\fidrmucova\AppData\Roaming\21s22bo5mtj => moved successfully
C:\Program Files\ZCKJPK90R6 => moved successfully
C:\Users\fidrmucova\AppData\Roaming\so4yeel0sj3 => moved successfully
C:\Program Files\ZXIBFS92HI => moved successfully
C:\Program Files (x86)\GUTC55F.tmp => moved successfully
C:\Program Files (x86)\GUMC51F.tmp => moved successfully
C:\Users\fidrmucova\AppData\Roaming\dvihzizgxvx => moved successfully
C:\Program Files\K4K4F3L5CS => moved successfully
C:\Users\fidrmucova\AppData\Roaming\ixc2nw25ff0 => moved successfully
C:\Program Files\ZOSLLM1N9S => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Program Files\RCHGOFT8UH => moved successfully
C:\Program Files\RENYK9R2FV => moved successfully
C:\Program Files\IG6NL377YR => moved successfully
C:\Program Files\E5EYHMTIUX => moved successfully
C:\Program Files\QEPFLZ9XKT => moved successfully
C:\Program Files\8N27S0A98J => moved successfully
C:\Program Files\CNDSY2HKR5 => moved successfully
C:\Program Files\SUNK974A8S => moved successfully
C:\Program Files\3XGVQYR3C8 => moved successfully
C:\Users\fidrmucova\AppData\Roaming\fyckbmo1iml => moved successfully
C:\Users\fidrmucova\AppData\Roaming\5nug1mymk1a => moved successfully
C:\Users\fidrmucova\AppData\Roaming\oce3kvtyp2h => moved successfully
C:\Users\fidrmucova\AppData\Roaming\sqhrq21jncq => moved successfully

"C:\Users\fidrmucova\AppData\Local\Temp" folder move:

Could not move "C:\Users\fidrmucova\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0703A3FA-CAA0-41AA-86E7-10D9327F5DAD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0703A3FA-CAA0-41AA-86E7-10D9327F5DAD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ABB8CAF-713E-48DE-8B70-EFC33C8BB1A3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ABB8CAF-713E-48DE-8B70-EFC33C8BB1A3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B13905F-E747-47F0-B735-1782A7C9C82A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B13905F-E747-47F0-B735-1782A7C9C82A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49C4D410-494E-4A73-B318-478783B32AF2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49C4D410-494E-4A73-B318-478783B32AF2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{622310B5-58CA-4E64-87C9-3DB781297A92}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{622310B5-58CA-4E64-87C9-3DB781297A92}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{638FF7E9-AA46-4EE6-8FFA-B99600332EC5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{638FF7E9-AA46-4EE6-8FFA-B99600332EC5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AF75FE6-FF63-4BB6-A66C-7B0077D87EF0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AF75FE6-FF63-4BB6-A66C-7B0077D87EF0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F75A5BF-DD75-4067-BE82-668C3A7A7AD6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F75A5BF-DD75-4067-BE82-668C3A7A7AD6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B888213-57C6-4F1F-A06B-749C698FBF26}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B888213-57C6-4F1F-A06B-749C698FBF26}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A52AEF31-EBFC-4299-AAFA-26AB16442A81}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A52AEF31-EBFC-4299-AAFA-26AB16442A81}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A79C36F5-A854-459A-87BD-D62083DA5B91}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A79C36F5-A854-459A-87BD-D62083DA5B91}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B612FA16-ED60-40CB-A427-7FC1FFC2E37A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B612FA16-ED60-40CB-A427-7FC1FFC2E37A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB2BF8A7-DE46-4CC2-A908-4DE60FA24739}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB2BF8A7-DE46-4CC2-A908-4DE60FA24739}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA11A7E4-857C-4E1A-98E5-C48FDCB1D1BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA11A7E4-857C-4E1A-98E5-C48FDCB1D1BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E26CE8E8-4268-462C-8EEA-5286E1474D53}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E26CE8E8-4268-462C-8EEA-5286E1474D53}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E364E47D-0815-45AF-B02D-E418CB99A839}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E364E47D-0815-45AF-B02D-E418CB99A839}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E462E2C5-4701-40BF-8EDE-0946F1D19A98}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E462E2C5-4701-40BF-8EDE-0946F1D19A98}" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0F935F1-7BC0-45CA-A13E-B3B7D81836B4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0F935F1-7BC0-45CA-A13E-B3B7D81836B4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\IHRWCHPRGTZWKWW" => removed successfully
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IHRWCHPRGTZWKWW" => not found
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\T60R8H16MY4QYJO" => removed successfully
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\T60R8H16MY4QYJO" => not found
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\JBBJ1LS9FZ0QFZQ" => removed successfully
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\JBBJ1LS9FZ0QFZQ" => not found
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\07S83RATFBJVAPH" => removed successfully
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\07S83RATFBJVAPH" => not found
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\6LZXILL34JYHYB4" => removed successfully
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\6LZXILL34JYHYB4" => not found
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\WHC9WTQ779XAD8Y" => removed successfully
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WHC9WTQ779XAD8Y" => not found
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\YK3W6YL7YFAD6W6" => removed successfully
"HKU\S-1-5-21-1675228566-3109809821-3512086675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\YK3W6YL7YFAD6W6" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 60431112 B
Java, Flash, Steam htmlcache => 1352 B
Windows/system/drivers => 188142220 B
Edge => 2123264 B
Chrome => 163948 B
Firefox => 0 B
Opera => 72580143 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 70142998 B
NetworkService => 0 B
fidrmucova => 335512186 B

RecycleBin => 104987 B
EmptyTemp: => 703.2 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-08-2018 00:33:41)

C:\Users\fidrmucova\AppData\Local\Temp => moved successfully

==== End of Fixlog 00:33:49 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[sLim01]

Ano, uz je to v poradku. Mockrat Vam dekuji.

[Rudy]

Rádo se stalo!