Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Poprosim o preventivku

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Martin.Horacek
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 29 pro 2018 11:01

Poprosim o preventivku

#1 Příspěvek od Martin.Horacek »

Ahoj, prvne dekuju za kontrolu meho prvniho pracovniho kompu. Mel jsem tam brouka a protoze jsem tu samou aplikaci instaloval i na muj druhy rodinny mohl bych vas poprosit o posledni kontrolu. Mozna ze tady toho bude vic, pocitac se pouziva dele a je celkove nejaky zpomaleny, nekdy i zamrzava mys.

log FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.12.2018
Ran by Jitka (administrator) on NUNANEK (30-12-2018 19:25:21)
Running from C:\Users\Jitka\Desktop
Loaded Profiles: Jitka & (Available Profiles: Jitka & Martinek)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\ws.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-23] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1714952 2013-10-16] (CyberLink Corp.)
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [1449472 2018-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {170d3cd0-9a76-11e6-bee7-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {1ed8f561-5439-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f6554-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65ba-d036-11e7-beec-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65c4-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {454f5b82-e938-11e5-bee1-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b79-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b82-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {4a42ff50-48b2-11e5-bed7-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {6257f6bd-bae3-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {7d89cc54-5339-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {94c0bd75-88d4-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {9c7659e8-8f71-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594149-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594151-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6da5d-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6e9fa-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {c4765a1e-d263-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {d1d3b51b-809c-11e6-bee6-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e282bbd9-7e6c-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e5165bad-cd3d-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef32e5d3-5423-11e3-be7c-70188b45893e} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470bda-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470be9-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef471913-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1714952 2013-10-16] (CyberLink Corp.)
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [1449472 2018-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {170d3cd0-9a76-11e6-bee7-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {1ed8f561-5439-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {2a2f6554-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {2a2f65ba-d036-11e7-beec-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {2a2f65c4-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {454f5b82-e938-11e5-bee1-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {486d5b79-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {486d5b82-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {4a42ff50-48b2-11e5-bed7-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {6257f6bd-bae3-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {7d89cc54-5339-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {94c0bd75-88d4-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {9c7659e8-8f71-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {b6594149-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {b6594151-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {b9b6da5d-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {b9b6e9fa-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {c4765a1e-d263-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {d1d3b51b-809c-11e6-bee6-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {e282bbd9-7e6c-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {e5165bad-cd3d-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {ef32e5d3-5423-11e3-be7c-70188b45893e} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {ef470bda-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {ef470be9-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\MountPoints2: {ef471913-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1714952 2013-10-16] (CyberLink Corp.)
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_152_Plugin.exe -update plugin
HKLM\...\Providers\Internet Print Provider: inetpp.dll
HKLM\...\Providers\LanMan Print Services: win32spl.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Windows Mail\WinMail.exe [2014-10-29] (Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files (x86)\Windows Mail\WinMail.exe [2014-10-29] (Microsoft Corporation)
Startup: C:\Users\Jitka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2017-10-31]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{41A59794-3B20-4939-8067-FD0C09EEAFC0}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{C6CA0B8F-3621-4AA0-8BEB-F501692D4B67}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL =
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL =
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-23] (Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2018-12-18] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2018-09-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-16] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2018-12-18] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2018-09-21] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

FireFox:
========
FF ProfilePath: C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261 [2018-12-30]
FF Session Restore: Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261 -> is enabled.
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261\Extensions\sp@avast.com.xpi [2018-12-20]
FF Extension: (Avast Online Security) - C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261\Extensions\wrc@avast.com.xpi [2018-12-18]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-03-30] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2018-12-19]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-21] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2018-09-21] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-07] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2018-09-21] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-16] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-23] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-23] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522536 2018-12-10] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-07] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [690248 2018-12-18] (McAfee, Inc.)
R3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-11-23] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-11-23] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-11-23] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-11-23] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-11-23] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239840 2018-11-27] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-11-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-11-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-11-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-11-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-11-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-11-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-11-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-11-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-11-23] (AVAST Software)
R3 btUrbFilterDrv; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2018-12-29] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2018-12-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2018-12-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2018-12-29] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2018-12-30] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-07] (Intel Corporation)
R3 mfesapsn; C:\Program Files\McAfee\WebAdvisor\mfesapsn.sys [111976 2018-12-18] (McAfee, Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2015-08-30] (Realtek Semiconductor Corp.)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [418008 2015-08-30] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-07] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-30 19:25 - 2018-12-30 19:26 - 000033394 _____ C:\Users\Jitka\Desktop\FRST.txt
2018-12-30 19:25 - 2018-12-30 19:25 - 000000000 ____D C:\FRST
2018-12-30 19:24 - 2018-12-30 19:24 - 002424320 _____ (Farbar) C:\Users\Jitka\Downloads\FRST64.exe
2018-12-30 19:24 - 2018-12-30 19:24 - 002424320 _____ (Farbar) C:\Users\Jitka\Desktop\FRST64.exe
2018-12-30 19:21 - 2018-12-30 19:21 - 001781760 _____ (Farbar) C:\Users\Jitka\Downloads\FRST.exe
2018-12-29 09:03 - 2018-12-29 09:03 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-12-29 09:03 - 2018-12-29 09:03 - 000000000 ____D C:\Users\Jitka\AppData\Local\mbam
2018-12-29 09:02 - 2018-12-30 19:18 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000000000 ____D C:\Users\Jitka\AppData\Local\mbamtray
2018-12-29 09:01 - 2018-12-29 09:01 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-29 09:01 - 2018-12-29 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-29 09:01 - 2018-12-29 09:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-29 09:01 - 2018-12-29 09:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-29 09:01 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-12-29 08:53 - 2018-12-29 08:53 - 081227760 _____ (Malwarebytes ) C:\Users\Jitka\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-18 16:14 - 2018-12-18 16:14 - 000291252 _____ C:\Users\Jitka\Downloads\formular-k-proplaceni-prispevku-2018-k-vyplneni-na-pc.pdf
2018-12-08 13:32 - 2018-12-22 18:42 - 000000000 ____D C:\Program Files\McAfee
2018-12-05 16:50 - 2018-12-05 16:50 - 000000000 ____D C:\Users\Jitka\AppData\Local\M-Photo_Ltd
2018-12-02 10:57 - 2018-12-28 16:58 - 000003162 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJitka
2018-12-02 10:57 - 2018-12-28 16:58 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJitka.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-30 19:19 - 2014-01-13 19:23 - 000003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB2B1AE9-AB7B-42EC-B9FC-4B8FC7D703C8}
2018-12-28 13:36 - 2016-11-26 09:37 - 000000000 ____D C:\Users\Jitka\AppData\LocalLow\Mozilla
2018-12-28 13:28 - 2018-06-22 11:12 - 000004168 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-12-28 13:26 - 2013-12-03 11:00 - 001931582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-28 13:26 - 2013-09-30 04:56 - 000797830 _____ C:\WINDOWS\system32\perfh005.dat
2018-12-28 13:26 - 2013-09-30 04:56 - 000181446 _____ C:\WINDOWS\system32\perfc005.dat
2018-12-28 13:26 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2018-12-28 13:22 - 2018-06-22 11:15 - 000000000 ____D C:\Users\Jitka\AppData\Local\AVAST Software
2018-12-28 13:19 - 2013-12-03 11:04 - 000000000 ____D C:\Users\Jitka
2018-12-28 13:18 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-24 14:35 - 2013-11-14 21:35 - 000000000 ____D C:\Users\Jitka\AppData\Roaming\vlc
2018-12-22 18:42 - 2016-11-25 20:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-12-22 18:42 - 2013-11-14 21:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-22 18:42 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-12-22 11:18 - 2013-11-13 21:10 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-797450051-102285635-2811792732-1001
2018-12-22 11:07 - 2017-10-31 20:18 - 000003170 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-797450051-102285635-2811792732-1001
2018-12-22 11:07 - 2017-10-30 20:12 - 000002367 _____ C:\Users\Jitka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2018-12-19 10:29 - 2013-11-14 21:15 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-12-18 21:29 - 2018-03-15 17:33 - 000000000 ____D C:\ProgramData\McAfee
2018-12-18 15:07 - 2013-08-22 16:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-18 12:36 - 2013-06-20 09:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-12-17 19:54 - 2014-08-26 18:58 - 000000000 ____D C:\Users\Jitka\AppData\Local\CrashDumps
2018-12-17 15:12 - 2016-12-20 13:27 - 000000000 ____D C:\Users\Jitka\Downloads\Jitka veci
2018-12-17 14:47 - 2014-01-18 01:55 - 001489920 ___SH C:\Users\Jitka\Desktop\Thumbs.db
2018-12-06 16:11 - 2013-11-26 12:28 - 000000000 ____D C:\Users\Jitka\AppData\Local\HPConnectedMusic
2018-12-05 16:31 - 2018-11-23 14:13 - 000000000 ____D C:\CDSM
2018-12-04 21:01 - 2018-11-23 08:51 - 000000000 ____D C:\Users\Jitka\Desktop\foto na kalendar

==================== Files in the root of some directories =======

2018-05-10 09:48 - 2018-05-10 09:48 - 000003584 _____ () C:\Users\Jitka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2013-12-07 16:58 - 2008-10-15 11:42 - 000050432 _____ () C:\Users\Jitka\AppData\Local\Temp\Extract.exe
2014-10-25 10:35 - 2014-10-25 10:35 - 031600456 _____ () C:\Users\Jitka\AppData\Local\Temp\HPConnectedMusicInstaller_100100126.exe
2015-02-20 16:42 - 2015-02-20 16:43 - 031598424 _____ () C:\Users\Jitka\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
2015-12-12 22:24 - 2015-10-22 01:08 - 000595656 _____ (Hewlett-Packard) C:\Users\Jitka\AppData\Local\Temp\HPSFUpdater.exe
2013-12-07 03:38 - 2013-12-07 03:38 - 017983576 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63342.exe
2013-12-07 03:37 - 2013-12-07 03:37 - 005785816 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63343.exe
2013-12-07 03:38 - 2013-12-07 03:38 - 041827440 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63344.exe
2013-12-07 03:37 - 2013-12-07 03:37 - 220937344 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63346.exe
2013-12-07 03:42 - 2013-12-07 03:42 - 154950016 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63353.exe
2015-08-07 20:02 - 2015-08-07 20:02 - 015335288 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63356.exe
2013-12-07 03:41 - 2013-12-07 03:41 - 006268704 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63357.exe
2014-01-31 00:21 - 2014-01-31 00:21 - 007061320 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63599.exe
2013-12-07 04:04 - 2013-12-07 04:04 - 040444056 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP63945.exe
2014-03-08 21:10 - 2014-03-08 21:10 - 044799704 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\sp64126.exe
2013-12-12 04:13 - 2013-12-12 04:13 - 015485512 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP64571.exe
2014-01-24 00:04 - 2014-01-24 00:04 - 144653000 _____ (InstallShield Software Corporation ) C:\Users\Jitka\AppData\Local\Temp\SP64628.exe
2014-01-24 23:24 - 2014-01-24 23:24 - 110879968 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP64740.exe
2014-01-24 22:27 - 2014-01-24 22:27 - 110883336 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP64741.exe
2014-01-17 02:12 - 2014-01-17 02:12 - 041675328 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP64825.exe
2014-01-24 23:21 - 2014-01-24 23:21 - 050543536 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP64854.exe
2014-01-30 04:55 - 2014-01-30 04:55 - 015545672 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP64881.exe
2014-06-21 21:43 - 2014-06-21 21:43 - 118467640 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP65782.exe
2014-05-03 00:02 - 2014-05-03 00:02 - 001684968 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP65792.exe
2014-06-05 22:04 - 2014-06-05 22:04 - 050965928 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP65793.exe
2014-07-04 21:10 - 2014-07-04 21:10 - 002829368 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP66604.exe
2014-06-29 00:56 - 2014-06-29 00:56 - 016320592 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP66867.exe
2017-11-17 10:51 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Jitka\AppData\Local\Temp\TAInstaller.exe
2014-03-08 23:20 - 2015-09-28 09:36 - 000144912 _____ (Hewlett-Packard Company) C:\Users\Jitka\AppData\Local\Temp\UninstallHPSA.exe
2014-03-15 17:24 - 2014-03-15 17:24 - 024677393 _____ () C:\Users\Jitka\AppData\Local\Temp\vlc-2.1.3-win32.exe
2018-02-17 22:03 - 2018-02-17 22:03 - 030950664 _____ () C:\Users\Jitka\AppData\Local\Temp\vlc-2.2.6-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2018-12-28 18:21

==================== End of FRST.txt ============================

Martin.Horacek
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 29 pro 2018 11:01

Re: Poprosim o preventivku

#2 Příspěvek od Martin.Horacek »

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.12.2018
Ran by Jitka (30-12-2018 19:27:06)
Running from C:\Users\Jitka\Desktop
Windows 8.1 (Update) (X64) (2013-12-03 10:26:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-797450051-102285635-2811792732-500 - Administrator - Disabled)
Guest (S-1-5-21-797450051-102285635-2811792732-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-797450051-102285635-2811792732-1006 - Limited - Enabled)
Jitka (S-1-5-21-797450051-102285635-2811792732-1001 - Administrator - Enabled) => C:\Users\Jitka
Martinek (S-1-5-21-797450051-102285635-2811792732-1004 - Limited - Enabled) => C:\Users\Martinek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDSM Designer (HKLM-x32\...\CDSM_CDSM Designer) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogaléria (HKLM-x32\...\{9093B0D5-EA59-4C9E-A2E3-CC130138DFCD}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (HKLM-x32\...\{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Sound Recorder v10.8.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2016 FreeSoundRecorder Technologies, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP 3D DriveGuard (HKLM\...\{04927A60-31CD-4614-A25C-055B1AD3A8CE}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\...\HPConnectedMusic) (Version: 1.1 (build 77) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F2481209-98FE-4943-8903-90D19E1B7062}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{C001689B-4EAD-4CB4-B5F7-4A85A32785DC}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{79CA8D8A-8371-4146-8920-C1405318E65E}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Java(TM) 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.8.20721 - McAfee, Inc.)
Mediatek Bluetooth (HKLM\...\{A9409290-2A97-8735-93A3-DF710B1F44B0}) (Version: 11.0.742.0 - Mediatek)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.9126.2336 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9EDF46F0-2D4E-4C00-B2B6-0660666E9F60}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A035950F-15BA-41C0-9D8F-165FC0536012}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 64.0 (x64 cs) (HKLM\...\Mozilla Firefox 64.0 (x64 cs)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 64.0.0.6914 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
PowerDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.00.0000 - Název společnosti:) Hidden
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.20 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7010 - Realtek Semiconductor Corp.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Ultimate ZIP Cracker Trial version (HKLM-x32\...\{76F0FEBD-6C17-4D57-0467-BC6FB1881E3C}) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jitka\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-797450051-102285635-2811792732-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jitka\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-01-25] (Cyberlink)
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-01-25] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2014-01-25] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {098B19FE-F2F1-42E1-89B9-FF542408A6F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
Task: {0AFE2162-0C85-41D0-9070-1E42375E4263} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {0C98148A-C710-450C-95B1-1F48A51E7150} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-18] (Microsoft Corporation)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION
Task: {1238D406-17A5-4F99-917B-C62C57F32F90} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-18] (Microsoft Corporation)
Task: {17DE64B5-D005-4F1C-846C-1DE436C5CFCA} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {1E7FD0E3-3ECE-4C88-A3C8-3B61CC5565D9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-18] (Microsoft Corporation)
Task: {360716CE-1A70-4CAF-8208-53A07B692B48} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-07] (Synaptics Incorporated)
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {52FF6AEC-CACD-4D35-8D0D-FB22E7D2C369} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {59DA1E1C-36E3-4434-8194-1447B7A067BA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-17] (CyberLink)
Task: {7C20A9D6-2ADD-4C36-B9FF-D57ADD054CB4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
Task: {812DEB94-39F1-4858-B9DF-E576D65C0FE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
Task: {84E673BF-93A4-423B-A92F-A5F50DF1C887} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {872B3DC3-D281-442C-A1FB-D4E15AF496AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {8CF8C6E9-E4F6-4E42-BCFE-FA3F68EEB6EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
Task: {9043CB27-9BA8-4820-A6BC-AABC7019C551} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-18] (Microsoft Corporation)
Task: {A216000C-66D3-4E66-8A6E-D98AB5762D3C} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [2014-10-29] (Microsoft Corporation)
Task: {A5E9CE25-AA16-4E2A-82EC-3F99038D84EB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-12-18] (AVAST Software)
Task: {B61B9D5B-C53B-49C9-957B-B56465C8A1E2} - System32\Tasks\HPCeeScheduleForJitka => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {CE3BDDC4-0E16-4D9E-B74F-91B2C441CD06} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-23] (AVAST Software)
Task: {D2D48F2A-20D7-4277-A578-979EF7EE4C03} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {D2D48F2A-20D7-4277-A578-979EF7EE4C03} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {DB140562-78A0-4514-BB7D-37040F1C8E22} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-21] (Adobe Systems Incorporated)
Task: {DCD18AA0-838B-4FEE-99AD-EFE3C6DCC19F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-17] ()
Task: {DEBF0B57-802A-4922-A53F-97ECB2046F97} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {DEBF0B57-802A-4922-A53F-97ECB2046F97} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {DEBF0B57-802A-4922-A53F-97ECB2046F97} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {E9E6527C-66B7-4434-8E48-EEF8DE4922E2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {FCE4701E-7A70-4893-BE5F-AF2B997DC92C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-18] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForJitka.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-26 08:58 - 2017-07-26 08:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2013-10-03 23:42 - 2013-10-03 23:42 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-12-29 09:01 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-12-29 09:01 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-01-25 01:17 - 2013-08-05 08:49 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2018-06-22 11:14 - 2018-06-22 11:15 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-23 16:27 - 2018-11-23 16:27 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2013-12-07 16:58 - 2013-12-07 16:58 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2018-11-16 08:08 - 000000829 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program;C:\EDIABAS\Bin;
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jitka\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\Control Panel\Desktop\\Wallpaper -> C:\Users\Jitka\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "BtTray"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-797450051-102285635-2811792732-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172444592\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-797450051-102285635-2811792732-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12302018172445092\...\StartupApproved\Run: => "Power2GoExpress8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9989C03C-9D85-4E5A-92CD-582D68F0F882}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp.)
FirewallRules: [{EE39D76B-9F85-4421-B2E7-6F1E7647B4FA}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe No File
FirewallRules: [{61F6A81C-E996-40F4-A743-A93BF92B7000}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe No File
FirewallRules: [{0FB004B2-1EEE-40A3-A21B-1ED43D0620CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{C4DC9D39-25A4-46E0-818C-69F6C80F3EBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{4379404F-F8B4-4503-B41C-3C3AEDF38BB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{05392FF0-265C-4593-BE2B-DFA26A77699C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{C71D8C9E-DAD7-4EB0-9D3F-DE89ABBF7E50}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe ()
FirewallRules: [{F2CB17DE-93A4-42E6-9C3B-07A0B04D50D2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe ()
FirewallRules: [{A0A61349-D3A1-467E-B771-1D4CD135ADAA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{62273621-CE08-47B2-A8FC-7F5E0F1F8E2D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{4D2A3D82-E474-4155-A82D-6E557B9A9B73}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{3167D6E4-238B-4004-93DB-BC70E750E7AF}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{A4283898-7FFC-421C-90E3-F5B18C8CB31B}] => (Allow) LPort=1900
FirewallRules: [{80F79B04-DD2A-4957-9926-F271879F65C0}] => (Allow) LPort=2869
FirewallRules: [{12B4B1D8-E636-49CA-83CD-7AB65FD3F298}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
FirewallRules: [{C569F568-1675-47FC-B8B2-0FE8289F2029}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{3799C7CF-AB39-4AF6-8C28-10AA2947DA5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{48C715B9-0B64-4E16-9836-292A211F8A02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{12E1CF8A-11C3-40F3-8318-D7114AB21561}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin (The Document Foundation)
FirewallRules: [UDP Query User{0BC5DE52-0CC7-4ED3-8161-1AAFE1BAEEAD}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin (The Document Foundation)
FirewallRules: [TCP Query User{B6543756-C604-474E-BF46-F69D47D86DA6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [UDP Query User{78D1D10B-657B-4083-A94A-DFD9D4E6AF8F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{748F5C5D-F010-45A0-ABA9-4CD67CB3F1A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{0BD76B8D-F884-4F06-B722-FBC828FB1A2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{E7E6F70F-A95B-40CE-99BE-54294BCF9D8D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{38620546-C658-4851-A8CA-F2F5AE860CC1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{CE17E62E-E380-4057-8E1A-BE601965DB85}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{59808CA4-F84D-4824-A2CC-B6F6F25B450B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{C6AE6720-54D8-49AB-B809-2C1C14A0BF74}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{BE9EF2BA-AAC1-40BA-B901-9E09DE2263B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{D389B404-48D1-4E7C-BF98-E54EB609A08D}] => (Allow) C:\Users\Jitka\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{0A87665E-01BE-4767-BE52-5942E1260C15}] => (Allow) C:\Users\Jitka\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{887A5699-216E-4689-80D6-0F22E2FAAD2C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{40A4B9FB-90CB-4DC6-B717-AC30180988C4}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{5DCAC18A-A845-4E3E-BE2B-2994C3973142}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)

==================== Restore Points =========================

13-12-2018 12:33:48 Naplánovaný kontrolní bod
23-12-2018 14:17:22 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2018 07:14:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6592610

Error: (12/30/2018 07:14:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6592610

Error: (12/30/2018 07:14:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2018 12:57:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80070005).

Error: (12/28/2018 10:09:51 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/28/2018 01:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 206687

Error: (12/28/2018 01:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 206687

Error: (12/28/2018 01:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/28/2018 01:20:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby HPWMISVC bylo dosaženo časového limitu (30000 ms).

Error: (12/28/2018 01:20:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby HPWMISVC bylo dosaženo časového limitu (30000 ms).

Error: (12/28/2018 01:18:21 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: Byl spuštěn systémový časovač sledovacího zařízení.

Error: (12/28/2018 01:18:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (13:13:16, ‎28. ‎12. ‎2018) bylo neočekávané.

Error: (12/28/2018 12:35:49 PM) (Source: DCOM) (EventID: 10010) (User: Nunanek)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/28/2018 12:35:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {752073A1-23F2-4396-85F0-8FDB879ED0ED} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/28/2018 12:33:31 PM) (Source: DCOM) (EventID: 10010) (User: Nunanek)
Description: Server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/23/2018 02:22:45 PM) (Source: DCOM) (EventID: 10010) (User: Nunanek)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 74%
Total physical RAM: 3988.27 MB
Available physical RAM: 1028.38 MB
Total Virtual: 7956.27 MB
Available Virtual: 3985.55 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:445.42 GB) (Free:331.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.23 GB) (Free:1.9 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{ab146baf-c657-4429-8af1-b1e36bdf6788}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.12 GB) NTFS
\\?\Volume{220a2b4e-61a2-4b04-9c46-faf79bfca8a7}\ () (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 819E561E)

Partition: GPT.

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Poprosim o preventivku

#3 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Martin.Horacek
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 29 pro 2018 11:01

Re: Poprosim o preventivku

#4 Příspěvek od Martin.Horacek »

Ahoj :)

zde to je

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2018-12-21.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-30-2018
# Duration: 00:00:09
# OS: Windows 8.1
# Cleaned: 22
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\csastats
Deleted HKLM\Software\Wow6432Node\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted HKLM\Software\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted HKLM\Software\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted HKLM\Software\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Deleted HKLM\Software\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3533 octets] - [30/12/2018 20:24:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Poprosim o preventivku

#5 Příspěvek od Conder »

:arrow: Vytvor a posli nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Martin.Horacek
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 29 pro 2018 11:01

Re: Poprosim o preventivku

#6 Příspěvek od Martin.Horacek »

FRST zde

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.12.2018
Ran by Jitka (administrator) on NUNANEK (30-12-2018 21:27:32)
Running from C:\Users\Jitka\Desktop
Loaded Profiles: Jitka (Available Profiles: Jitka & Martinek)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-23] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1714952 2013-10-16] (CyberLink Corp.)
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {170d3cd0-9a76-11e6-bee7-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {1ed8f561-5439-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f6554-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65ba-d036-11e7-beec-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65c4-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {454f5b82-e938-11e5-bee1-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b79-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b82-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {4a42ff50-48b2-11e5-bed7-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {6257f6bd-bae3-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {7d89cc54-5339-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {94c0bd75-88d4-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {9c7659e8-8f71-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594149-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594151-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6da5d-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6e9fa-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {c4765a1e-d263-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {d1d3b51b-809c-11e6-bee6-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e282bbd9-7e6c-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e5165bad-cd3d-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef32e5d3-5423-11e3-be7c-70188b45893e} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470bda-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470be9-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef471913-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Providers\Internet Print Provider: inetpp.dll
HKLM\...\Providers\LanMan Print Services: win32spl.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Windows Mail\WinMail.exe [2014-10-29] (Microsoft Corporation)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files (x86)\Windows Mail\WinMail.exe [2014-10-29] (Microsoft Corporation)
Startup: C:\Users\Jitka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2017-10-31]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{41A59794-3B20-4939-8067-FD0C09EEAFC0}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{C6CA0B8F-3621-4AA0-8BEB-F501692D4B67}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-23] (Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2018-12-18] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2018-09-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-16] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2018-12-18] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2018-09-21] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-16] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

FireFox:
========
FF ProfilePath: C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261 [2018-12-30]
FF Session Restore: Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261 -> is enabled.
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261\Extensions\sp@avast.com.xpi [2018-12-20]
FF Extension: (Avast Online Security) - C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\iqzw86mv.default-1446670738261\Extensions\wrc@avast.com.xpi [2018-12-18]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-03-30] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2018-12-19]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-21] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2018-09-21] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-07] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2018-09-21] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-16] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-23] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-23] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522536 2018-12-10] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-07] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [690248 2018-12-18] (McAfee, Inc.)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201240 2018-11-23] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230344 2018-11-23] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201768 2018-11-23] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346592 2018-11-23] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59496 2018-11-23] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239840 2018-11-27] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46384 2018-11-23] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2018-11-23] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163208 2018-11-23] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111800 2018-11-23] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87432 2018-11-23] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028680 2018-11-23] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469272 2018-11-23] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208472 2018-11-23] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380464 2018-11-23] (AVAST Software)
R3 btUrbFilterDrv; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-07-26] (Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2018-12-29] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2018-12-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2018-12-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2018-12-30] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2018-12-30] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-07] (Intel Corporation)
R3 mfesapsn; C:\Program Files\McAfee\WebAdvisor\mfesapsn.sys [111976 2018-12-18] (McAfee, Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2015-08-30] (Realtek Semiconductor Corp.)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [418008 2015-08-30] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-07] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-30 20:23 - 2018-12-30 20:25 - 000000000 ____D C:\AdwCleaner
2018-12-30 20:23 - 2018-12-30 20:22 - 007320272 _____ (Malwarebytes) C:\Users\Jitka\Desktop\adwcleaner_7.2.6.0.exe
2018-12-30 20:21 - 2018-12-30 20:22 - 007320272 _____ (Malwarebytes) C:\Users\Jitka\Downloads\adwcleaner_7.2.6.0.exe
2018-12-30 19:25 - 2018-12-30 21:28 - 000025338 _____ C:\Users\Jitka\Desktop\FRST.txt
2018-12-30 19:25 - 2018-12-30 21:27 - 000000000 ____D C:\FRST
2018-12-30 19:24 - 2018-12-30 19:24 - 002424320 _____ (Farbar) C:\Users\Jitka\Downloads\FRST64.exe
2018-12-30 19:24 - 2018-12-30 19:24 - 002424320 _____ (Farbar) C:\Users\Jitka\Desktop\FRST64.exe
2018-12-30 19:21 - 2018-12-30 19:21 - 001781760 _____ (Farbar) C:\Users\Jitka\Downloads\FRST.exe
2018-12-29 09:03 - 2018-12-29 09:03 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-12-29 09:03 - 2018-12-29 09:03 - 000000000 ____D C:\Users\Jitka\AppData\Local\mbam
2018-12-29 09:02 - 2018-12-30 20:28 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-12-29 09:02 - 2018-12-30 19:18 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-12-29 09:02 - 2018-12-29 09:02 - 000000000 ____D C:\Users\Jitka\AppData\Local\mbamtray
2018-12-29 09:01 - 2018-12-29 09:01 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-29 09:01 - 2018-12-29 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-29 09:01 - 2018-12-29 09:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-29 09:01 - 2018-12-29 09:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-29 09:01 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-12-29 08:53 - 2018-12-29 08:53 - 081227760 _____ (Malwarebytes ) C:\Users\Jitka\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-18 16:14 - 2018-12-18 16:14 - 000291252 _____ C:\Users\Jitka\Downloads\formular-k-proplaceni-prispevku-2018-k-vyplneni-na-pc.pdf
2018-12-08 13:32 - 2018-12-22 18:42 - 000000000 ____D C:\Program Files\McAfee
2018-12-05 16:50 - 2018-12-05 16:50 - 000000000 ____D C:\Users\Jitka\AppData\Local\M-Photo_Ltd
2018-12-02 10:57 - 2018-12-30 20:27 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJitka.job
2018-12-02 10:57 - 2018-12-28 16:58 - 000003162 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJitka

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-30 20:44 - 2013-11-13 21:10 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-797450051-102285635-2811792732-1001
2018-12-30 20:35 - 2013-12-03 11:00 - 001931582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-30 20:35 - 2013-09-30 04:56 - 000797830 _____ C:\WINDOWS\system32\perfh005.dat
2018-12-30 20:35 - 2013-09-30 04:56 - 000181446 _____ C:\WINDOWS\system32\perfc005.dat
2018-12-30 20:35 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2018-12-30 20:30 - 2018-06-22 11:15 - 000000000 ____D C:\Users\Jitka\AppData\Local\AVAST Software
2018-12-30 20:28 - 2016-11-26 09:37 - 000000000 ____D C:\Users\Jitka\AppData\LocalLow\Mozilla
2018-12-30 20:27 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-30 20:26 - 2013-08-22 14:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-12-30 20:25 - 2013-12-03 11:04 - 000000000 ____D C:\Users\Jitka
2018-12-30 19:19 - 2014-01-13 19:23 - 000003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB2B1AE9-AB7B-42EC-B9FC-4B8FC7D703C8}
2018-12-28 13:28 - 2018-06-22 11:12 - 000004168 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-12-24 14:35 - 2013-11-14 21:35 - 000000000 ____D C:\Users\Jitka\AppData\Roaming\vlc
2018-12-22 18:42 - 2016-11-25 20:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-12-22 18:42 - 2013-11-14 21:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-22 11:07 - 2017-10-31 20:18 - 000003170 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-797450051-102285635-2811792732-1001
2018-12-22 11:07 - 2017-10-30 20:12 - 000002367 _____ C:\Users\Jitka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2018-12-19 10:29 - 2013-11-14 21:15 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-12-18 21:29 - 2018-03-15 17:33 - 000000000 ____D C:\ProgramData\McAfee
2018-12-18 15:07 - 2013-08-22 16:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-18 12:36 - 2013-06-20 09:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-12-17 19:54 - 2014-08-26 18:58 - 000000000 ____D C:\Users\Jitka\AppData\Local\CrashDumps
2018-12-17 15:12 - 2016-12-20 13:27 - 000000000 ____D C:\Users\Jitka\Downloads\Jitka veci
2018-12-17 14:47 - 2014-01-18 01:55 - 001489920 ___SH C:\Users\Jitka\Desktop\Thumbs.db
2018-12-06 16:11 - 2013-11-26 12:28 - 000000000 ____D C:\Users\Jitka\AppData\Local\HPConnectedMusic
2018-12-05 16:31 - 2018-11-23 14:13 - 000000000 ____D C:\CDSM
2018-12-04 21:01 - 2018-11-23 08:51 - 000000000 ____D C:\Users\Jitka\Desktop\foto na kalendar

==================== Files in the root of some directories =======

2018-05-10 09:48 - 2018-05-10 09:48 - 000003584 _____ () C:\Users\Jitka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2013-12-07 16:58 - 2008-10-15 11:42 - 000050432 _____ () C:\Users\Jitka\AppData\Local\Temp\Extract.exe
2014-10-25 10:35 - 2014-10-25 10:35 - 031600456 _____ () C:\Users\Jitka\AppData\Local\Temp\HPConnectedMusicInstaller_100100126.exe
2015-02-20 16:42 - 2015-02-20 16:43 - 031598424 _____ () C:\Users\Jitka\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
2015-12-12 22:24 - 2015-10-22 01:08 - 000595656 _____ (Hewlett-Packard) C:\Users\Jitka\AppData\Local\Temp\HPSFUpdater.exe
2013-12-07 03:38 - 2013-12-07 03:38 - 017983576 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63342.exe
2013-12-07 03:37 - 2013-12-07 03:37 - 005785816 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63343.exe
2013-12-07 03:38 - 2013-12-07 03:38 - 041827440 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63344.exe
2013-12-07 03:37 - 2013-12-07 03:37 - 220937344 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63346.exe
2013-12-07 03:42 - 2013-12-07 03:42 - 154950016 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63353.exe
2015-08-07 20:02 - 2015-08-07 20:02 - 015335288 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63356.exe
2013-12-07 03:41 - 2013-12-07 03:41 - 006268704 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63357.exe
2014-01-31 00:21 - 2014-01-31 00:21 - 007061320 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP63599.exe
2013-12-07 04:04 - 2013-12-07 04:04 - 040444056 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP63945.exe
2014-03-08 21:10 - 2014-03-08 21:10 - 044799704 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\sp64126.exe
2013-12-12 04:13 - 2013-12-12 04:13 - 015485512 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP64571.exe
2014-01-24 00:04 - 2014-01-24 00:04 - 144653000 _____ (InstallShield Software Corporation ) C:\Users\Jitka\AppData\Local\Temp\SP64628.exe
2014-01-24 23:24 - 2014-01-24 23:24 - 110879968 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP64740.exe
2014-01-24 22:27 - 2014-01-24 22:27 - 110883336 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP64741.exe
2014-01-17 02:12 - 2014-01-17 02:12 - 041675328 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP64825.exe
2014-01-24 23:21 - 2014-01-24 23:21 - 050543536 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP64854.exe
2014-01-30 04:55 - 2014-01-30 04:55 - 015545672 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP64881.exe
2014-06-21 21:43 - 2014-06-21 21:43 - 118467640 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP65782.exe
2014-05-03 00:02 - 2014-05-03 00:02 - 001684968 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP65792.exe
2014-06-05 22:04 - 2014-06-05 22:04 - 050965928 _____ (Hewlett-Packard ) C:\Users\Jitka\AppData\Local\Temp\SP65793.exe
2014-07-04 21:10 - 2014-07-04 21:10 - 002829368 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP66604.exe
2014-06-29 00:56 - 2014-06-29 00:56 - 016320592 _____ (Hewlett-Packard Company ) C:\Users\Jitka\AppData\Local\Temp\SP66867.exe
2017-11-17 10:51 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Jitka\AppData\Local\Temp\TAInstaller.exe
2014-03-08 23:20 - 2015-09-28 09:36 - 000144912 _____ (Hewlett-Packard Company) C:\Users\Jitka\AppData\Local\Temp\UninstallHPSA.exe
2014-03-15 17:24 - 2014-03-15 17:24 - 024677393 _____ () C:\Users\Jitka\AppData\Local\Temp\vlc-2.1.3-win32.exe
2018-02-17 22:03 - 2018-02-17 22:03 - 030950664 _____ () C:\Users\Jitka\AppData\Local\Temp\vlc-2.2.6-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2018-12-28 18:21

==================== End of FRST.txt ============================

Martin.Horacek
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 29 pro 2018 11:01

Re: Poprosim o preventivku

#7 Příspěvek od Martin.Horacek »

Additioan zde
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.12.2018
Ran by Jitka (30-12-2018 21:28:54)
Running from C:\Users\Jitka\Desktop
Windows 8.1 (Update) (X64) (2013-12-03 10:26:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-797450051-102285635-2811792732-500 - Administrator - Disabled)
Guest (S-1-5-21-797450051-102285635-2811792732-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-797450051-102285635-2811792732-1006 - Limited - Enabled)
Jitka (S-1-5-21-797450051-102285635-2811792732-1001 - Administrator - Enabled) => C:\Users\Jitka
Martinek (S-1-5-21-797450051-102285635-2811792732-1004 - Limited - Enabled) => C:\Users\Martinek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDSM Designer (HKLM-x32\...\CDSM_CDSM Designer) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogaléria (HKLM-x32\...\{9093B0D5-EA59-4C9E-A2E3-CC130138DFCD}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (HKLM-x32\...\{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Sound Recorder v10.8.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2016 FreeSoundRecorder Technologies, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP 3D DriveGuard (HKLM\...\{04927A60-31CD-4614-A25C-055B1AD3A8CE}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F2481209-98FE-4943-8903-90D19E1B7062}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{C001689B-4EAD-4CB4-B5F7-4A85A32785DC}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{79CA8D8A-8371-4146-8920-C1405318E65E}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Java(TM) 6 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416021FF}) (Version: 6.0.210 - Oracle)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manager (HKLM-x32\...\{A11F05A4-7CAD-4F85-8C85-DCA18E3E208D}) (Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.8.20721 - McAfee, Inc.)
Mediatek Bluetooth (HKLM\...\{A9409290-2A97-8735-93A3-DF710B1F44B0}) (Version: 11.0.742.0 - Mediatek)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.9126.2336 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9EDF46F0-2D4E-4C00-B2B6-0660666E9F60}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A035950F-15BA-41C0-9D8F-165FC0536012}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 64.0 (x64 cs) (HKLM\...\Mozilla Firefox 64.0 (x64 cs)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 64.0.0.6914 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{D646643B-56BD-43B2-9932-9C03D7E90FED}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{792B82BA-6895-4719-B603-E198AEE90D68}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{FF4FA406-055A-479E-B025-1AAA7FFAA39F}) (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
PowerDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.00.0000 - Název společnosti:) Hidden
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.20 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7010 - Realtek Semiconductor Corp.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Ultimate ZIP Cracker Trial version (HKLM-x32\...\{76F0FEBD-6C17-4D57-0467-BC6FB1881E3C}) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-797450051-102285635-2811792732-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jitka\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-01-25] (Cyberlink)
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-01-15] (pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-01-25] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2014-01-25] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-23] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {098B19FE-F2F1-42E1-89B9-FF542408A6F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
Task: {0AFE2162-0C85-41D0-9070-1E42375E4263} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {0C98148A-C710-450C-95B1-1F48A51E7150} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-18] (Microsoft Corporation)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION
Task: {1238D406-17A5-4F99-917B-C62C57F32F90} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-18] (Microsoft Corporation)
Task: {17DE64B5-D005-4F1C-846C-1DE436C5CFCA} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {1E7FD0E3-3ECE-4C88-A3C8-3B61CC5565D9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-18] (Microsoft Corporation)
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {360716CE-1A70-4CAF-8208-53A07B692B48} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-07] (Synaptics Incorporated)
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {52FF6AEC-CACD-4D35-8D0D-FB22E7D2C369} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {59DA1E1C-36E3-4434-8194-1447B7A067BA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-17] (CyberLink)
Task: {7C20A9D6-2ADD-4C36-B9FF-D57ADD054CB4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
Task: {812DEB94-39F1-4858-B9DF-E576D65C0FE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
Task: {84E673BF-93A4-423B-A92F-A5F50DF1C887} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {872B3DC3-D281-442C-A1FB-D4E15AF496AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {8CF8C6E9-E4F6-4E42-BCFE-FA3F68EEB6EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
Task: {9043CB27-9BA8-4820-A6BC-AABC7019C551} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-18] (Microsoft Corporation)
Task: {A216000C-66D3-4E66-8A6E-D98AB5762D3C} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [2014-10-29] (Microsoft Corporation)
Task: {A5E9CE25-AA16-4E2A-82EC-3F99038D84EB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-12-18] (AVAST Software)
Task: {B61B9D5B-C53B-49C9-957B-B56465C8A1E2} - System32\Tasks\HPCeeScheduleForJitka => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {CE3BDDC4-0E16-4D9E-B74F-91B2C441CD06} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-23] (AVAST Software)
Task: {DB140562-78A0-4514-BB7D-37040F1C8E22} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-21] (Adobe Systems Incorporated)
Task: {DCD18AA0-838B-4FEE-99AD-EFE3C6DCC19F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-17] ()
Task: {E9E6527C-66B7-4434-8E48-EEF8DE4922E2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
Task: {EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {FCE4701E-7A70-4893-BE5F-AF2B997DC92C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-18] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForJitka.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-26 08:58 - 2017-07-26 08:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2018-12-29 09:01 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-12-29 09:01 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-10-03 23:42 - 2013-10-03 23:42 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-25 01:17 - 2013-08-05 08:49 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2018-06-22 11:14 - 2018-06-22 11:15 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-11-23 16:27 - 2018-11-23 16:27 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2013-12-07 16:58 - 2013-12-07 16:58 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2018-11-16 08:08 - 000000829 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program;C:\EDIABAS\Bin;
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jitka\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "BtTray"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\StartupApproved\Run: => "Power2GoExpress8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9989C03C-9D85-4E5A-92CD-582D68F0F882}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp.)
FirewallRules: [{EE39D76B-9F85-4421-B2E7-6F1E7647B4FA}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe No File
FirewallRules: [{61F6A81C-E996-40F4-A743-A93BF92B7000}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe No File
FirewallRules: [{0FB004B2-1EEE-40A3-A21B-1ED43D0620CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{C4DC9D39-25A4-46E0-818C-69F6C80F3EBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{4379404F-F8B4-4503-B41C-3C3AEDF38BB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{05392FF0-265C-4593-BE2B-DFA26A77699C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
FirewallRules: [{C71D8C9E-DAD7-4EB0-9D3F-DE89ABBF7E50}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe ()
FirewallRules: [{F2CB17DE-93A4-42E6-9C3B-07A0B04D50D2}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe ()
FirewallRules: [{A0A61349-D3A1-467E-B771-1D4CD135ADAA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{62273621-CE08-47B2-A8FC-7F5E0F1F8E2D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{4D2A3D82-E474-4155-A82D-6E557B9A9B73}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{3167D6E4-238B-4004-93DB-BC70E750E7AF}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd)
FirewallRules: [{A4283898-7FFC-421C-90E3-F5B18C8CB31B}] => (Allow) LPort=1900
FirewallRules: [{80F79B04-DD2A-4957-9926-F271879F65C0}] => (Allow) LPort=2869
FirewallRules: [{12B4B1D8-E636-49CA-83CD-7AB65FD3F298}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
FirewallRules: [{C569F568-1675-47FC-B8B2-0FE8289F2029}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{3799C7CF-AB39-4AF6-8C28-10AA2947DA5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{48C715B9-0B64-4E16-9836-292A211F8A02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{12E1CF8A-11C3-40F3-8318-D7114AB21561}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin (The Document Foundation)
FirewallRules: [UDP Query User{0BC5DE52-0CC7-4ED3-8161-1AAFE1BAEEAD}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin (The Document Foundation)
FirewallRules: [TCP Query User{B6543756-C604-474E-BF46-F69D47D86DA6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [UDP Query User{78D1D10B-657B-4083-A94A-DFD9D4E6AF8F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{748F5C5D-F010-45A0-ABA9-4CD67CB3F1A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{0BD76B8D-F884-4F06-B722-FBC828FB1A2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{E7E6F70F-A95B-40CE-99BE-54294BCF9D8D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{38620546-C658-4851-A8CA-F2F5AE860CC1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [{CE17E62E-E380-4057-8E1A-BE601965DB85}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{59808CA4-F84D-4824-A2CC-B6F6F25B450B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
FirewallRules: [{C6AE6720-54D8-49AB-B809-2C1C14A0BF74}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{BE9EF2BA-AAC1-40BA-B901-9E09DE2263B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
FirewallRules: [{D389B404-48D1-4E7C-BF98-E54EB609A08D}] => (Allow) C:\Users\Jitka\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{0A87665E-01BE-4767-BE52-5942E1260C15}] => (Allow) C:\Users\Jitka\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{887A5699-216E-4689-80D6-0F22E2FAAD2C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
FirewallRules: [{40A4B9FB-90CB-4DC6-B717-AC30180988C4}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{5DCAC18A-A845-4E3E-BE2B-2994C3973142}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)

==================== Restore Points =========================

13-12-2018 12:33:48 Naplánovaný kontrolní bod
23-12-2018 14:17:22 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2018 07:28:36 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/30/2018 07:14:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6592610

Error: (12/30/2018 07:14:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6592610

Error: (12/30/2018 07:14:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2018 12:57:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80070005).

Error: (12/28/2018 10:09:51 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/28/2018 01:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 206687

Error: (12/28/2018 01:35:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 206687


System errors:
=============
Error: (12/30/2018 08:25:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PDF Architect 4 Manager byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/30/2018 08:25:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (12/30/2018 08:25:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HuaweiHiSuiteService64.exe byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/30/2018 08:25:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba McAfee WebAdvisor byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1 milisekund: Restartovat službu.

Error: (12/30/2018 08:25:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PDF Architect 4 Creator byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/30/2018 08:25:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HPWMISVC byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/30/2018 08:25:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Software Framework Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/30/2018 08:25:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Touchpoint Analytics byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 58%
Total physical RAM: 3988.27 MB
Available physical RAM: 1662.14 MB
Total Virtual: 7956.27 MB
Available Virtual: 5553.69 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:445.42 GB) (Free:331.14 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.23 GB) (Free:1.9 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{ab146baf-c657-4429-8af1-b1e36bdf6788}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.12 GB) NTFS
\\?\Volume{220a2b4e-61a2-4b04-9c46-faf79bfca8a7}\ () (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 819E561E)

Partition: GPT.

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Poprosim o preventivku

#8 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
    File: C:\Program Files\Intel\iCLS Client\HeciServer.exe
    File: C:\Windows\System32\Drivers\BtAudioBus.sys
    File: C:\Windows\System32\Drivers\BtL2caScoIf.sys
    
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {170d3cd0-9a76-11e6-bee7-70188b45893e} - "G:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {1ed8f561-5439-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f6554-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65ba-d036-11e7-beec-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65c4-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {454f5b82-e938-11e5-bee1-70188b45893e} - "H:\autorun.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b79-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b82-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {4a42ff50-48b2-11e5-bed7-70188b45893e} - "H:\autorun.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {6257f6bd-bae3-11e5-bee0-70188b45893e} - "F:\autorun.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {7d89cc54-5339-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {94c0bd75-88d4-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {9c7659e8-8f71-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594149-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594151-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6da5d-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6e9fa-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {c4765a1e-d263-11e5-bee0-70188b45893e} - "F:\autorun.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {d1d3b51b-809c-11e6-bee6-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e282bbd9-7e6c-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e5165bad-cd3d-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef32e5d3-5423-11e3-be7c-70188b45893e} - "F:\WD SmartWare.exe" autoplay=true
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470bda-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470be9-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef471913-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe" 
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
    HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
    SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = 
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
    FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
    S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\EX64.SYS [X]
    CustomCLSID: HKU\S-1-5-21-797450051-102285635-2811792732-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jitka\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
    Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION
    Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
    Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
    Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
    Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
    Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
    Task: {EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
    Task: {EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
    Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
    Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Martin.Horacek
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 29 pro 2018 11:01

Re: Poprosim o preventivku

#9 Příspěvek od Martin.Horacek »

Ahoj, pardon za pozdni odpoved, makal jsem jak das.

zde je fixlist log
Fix result of Farbar Recovery Scan Tool (x64) Version: 29.12.2018
Ran by Jitka (31-12-2018 13:26:55) Run:1
Running from C:\Users\Jitka\Desktop
Loaded Profiles: Jitka (Available Profiles: Jitka & Martinek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File: C:\Program Files\Intel\iCLS Client\HeciServer.exe
File: C:\Windows\System32\Drivers\BtAudioBus.sys
File: C:\Windows\System32\Drivers\BtL2caScoIf.sys

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {170d3cd0-9a76-11e6-bee7-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {1ed8f561-5439-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f6554-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65ba-d036-11e7-beec-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {2a2f65c4-d036-11e7-beec-70188b45893e} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {454f5b82-e938-11e5-bee1-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b79-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {486d5b82-d3a7-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {4a42ff50-48b2-11e5-bed7-70188b45893e} - "H:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {6257f6bd-bae3-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {7d89cc54-5339-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {94c0bd75-88d4-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {9c7659e8-8f71-11e8-bef1-e2d383dbce61} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594149-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b6594151-4bbf-11e8-beef-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6da5d-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {b9b6e9fa-1a26-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {c4765a1e-d263-11e5-bee0-70188b45893e} - "F:\autorun.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {d1d3b51b-809c-11e6-bee6-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e282bbd9-7e6c-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {e5165bad-cd3d-11e8-bef8-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef32e5d3-5423-11e3-be7c-70188b45893e} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470bda-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef470be9-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-797450051-102285635-2811792732-1001\...\MountPoints2: {ef471913-8ef1-11e7-beea-70188b45893e} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-797450051-102285635-2811792732-1001 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL =
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150818.025\EX64.SYS [X]
CustomCLSID: HKU\S-1-5-21-797450051-102285635-2811792732-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Jitka\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe <==== ATTENTION
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {21784ECA-C0C5-43A5-B099-045DD1B307E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4C46E480-050E-4D82-91BD-BA22EDA30E1E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {F6D05DA7-915B-42D5-8DE9-30B753C58046} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Corporation)

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========


========= End of Powershell: =========


========================= File: C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe ========================

C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
File not signed
MD5: E548929868BDFD3FC13B46D99605B764
Creation and modification date: 2017-07-26 08:58 - 2017-07-26 08:58
Size: 000192200
Attributes: ----A
Company Name:
Internal Name: DCSHOST
Original Name: HuaweiHiSuiteService.EXE
Product: HuaweiHiSuiteService
Description: HuaweiHiSuiteService
File Version: 2, 0, 0, 42
Product Version: 2, 0, 0, 42
Copyright: Copyright (C) 2008
VirusTotal: https://www.virustotal.com/file/737c8a1 ... 538649226/

====== End of File: ======


========================= File: C:\Program Files\Intel\iCLS Client\HeciServer.exe ========================

C:\Program Files\Intel\iCLS Client\HeciServer.exe
File not signed
MD5: 0DB1E3F6189C628675F855C0EB510419
Creation and modification date: 2013-05-11 17:45 - 2013-05-11 17:45
Size: 000733696
Attributes: ----A
Company Name: Intel(R) Corporation
Internal Name: HeciServer
Original Name: HeciServer.exe
Product: Intel(R) Capability Licensing Service Interface
Description: Intel(R) Capability Licensing Service Interface
File Version: 1.28.487.1 sys_sysscbld
Product Version: 1,28,487,1
Copyright: (C) Copyright Intel(R) Corporation
VirusTotal: https://www.virustotal.com/file/989f539 ... 543809741/

====== End of File: ======


========================= File: C:\Windows\System32\Drivers\BtAudioBus.sys ========================

"C:\Windows\System32\Drivers\BtAudioBus.sys" => not found
====== End of File: ======


========================= File: C:\Windows\System32\Drivers\BtL2caScoIf.sys ========================

"C:\Windows\System32\Drivers\BtL2caScoIf.sys" => not found
====== End of File: ======

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => removed successfully
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{170d3cd0-9a76-11e6-bee7-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{170d3cd0-9a76-11e6-bee7-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed8f561-5439-11e8-beef-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{1ed8f561-5439-11e8-beef-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a2f6554-d036-11e7-beec-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{2a2f6554-d036-11e7-beec-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a2f65ba-d036-11e7-beec-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{2a2f65ba-d036-11e7-beec-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a2f65c4-d036-11e7-beec-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{2a2f65c4-d036-11e7-beec-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454f5b82-e938-11e5-bee1-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{454f5b82-e938-11e5-bee1-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{486d5b79-d3a7-11e8-bef8-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{486d5b79-d3a7-11e8-bef8-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{486d5b82-d3a7-11e8-bef8-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{486d5b82-d3a7-11e8-bef8-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a42ff50-48b2-11e5-bed7-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{4a42ff50-48b2-11e5-bed7-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6257f6bd-bae3-11e5-bee0-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{6257f6bd-bae3-11e5-bee0-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d89cc54-5339-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{7d89cc54-5339-11e7-beea-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94c0bd75-88d4-11e8-bef1-e2d383dbce61} => removed successfully
HKLM\Software\Classes\CLSID\{94c0bd75-88d4-11e8-bef1-e2d383dbce61} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c7659e8-8f71-11e8-bef1-e2d383dbce61} => removed successfully
HKLM\Software\Classes\CLSID\{9c7659e8-8f71-11e8-bef1-e2d383dbce61} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6594149-4bbf-11e8-beef-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{b6594149-4bbf-11e8-beef-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6594151-4bbf-11e8-beef-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{b6594151-4bbf-11e8-beef-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9b6da5d-1a26-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{b9b6da5d-1a26-11e7-beea-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9b6e9fa-1a26-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{b9b6e9fa-1a26-11e7-beea-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4765a1e-d263-11e5-bee0-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{c4765a1e-d263-11e5-bee0-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1d3b51b-809c-11e6-bee6-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{d1d3b51b-809c-11e6-bee6-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e282bbd9-7e6c-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{e282bbd9-7e6c-11e7-beea-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5165bad-cd3d-11e8-bef8-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{e5165bad-cd3d-11e8-bef8-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef32e5d3-5423-11e3-be7c-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{ef32e5d3-5423-11e3-be7c-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef470bda-8ef1-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{ef470bda-8ef1-11e7-beea-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef470be9-8ef1-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{ef470be9-8ef1-11e7-beea-70188b45893e} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef471913-8ef1-11e7-beea-70188b45893e} => removed successfully
HKLM\Software\Classes\CLSID\{ef471913-8ef1-11e7-beea-70188b45893e} => not found
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-797450051-102285635-2811792732-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9DD2AA4-C547-444A-83E9-3ABFF20765EE} => removed successfully
HKLM\Software\Classes\CLSID\{C9DD2AA4-C547-444A-83E9-3ABFF20765EE} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => path removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => removed successfully
HKLM\System\CurrentControlSet\Services\BtAudioBusSrv => removed successfully
BtAudioBusSrv => service removed successfully
HKLM\System\CurrentControlSet\Services\BthL2caScoIfSrv => removed successfully
BthL2caScoIfSrv => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => removed successfully
NAVENG => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVEX15 => removed successfully
NAVEX15 => service removed successfully
HKU\S-1-5-21-797450051-102285635-2811792732-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21784ECA-C0C5-43A5-B099-045DD1B307E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21784ECA-C0C5-43A5-B099-045DD1B307E8}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21784ECA-C0C5-43A5-B099-045DD1B307E8}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21784ECA-C0C5-43A5-B099-045DD1B307E8}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C46E480-050E-4D82-91BD-BA22EDA30E1E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C46E480-050E-4D82-91BD-BA22EDA30E1E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C46E480-050E-4D82-91BD-BA22EDA30E1E}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE5717CE-F4CC-4CF8-B554-B5B4C9E36DFB}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6D05DA7-915B-42D5-8DE9-30B753C58046}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6D05DA7-915B-42D5-8DE9-30B753C58046}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6D05DA7-915B-42D5-8DE9-30B753C58046}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62874108 B
Java, Flash, Steam htmlcache => 1154 B
Windows/system/drivers => 1928993533 B
Edge => 0 B
Chrome => 0 B
Firefox => 1109687135 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 3838137 B
LocalService => 6760829 B
NetworkService => 1706036 B
Jitka => 3828210491 B
Martinek => 12874 B

RecycleBin => 175213857 B
EmptyTemp: => 6.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:35:52 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Poprosim o preventivku

#10 Příspěvek od Conder »

:arrow: Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?

:arrow: Program "McAfee WebAdvisor" odporucam odinstalovat, ak ho nepotrebujes/nepouzivas.

:arrow: Odporucam doinstalovat vsetky dolezite aktualizacie cez Windows Update.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Martin.Horacek
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 29 pro 2018 11:01

Re: Poprosim o preventivku

#11 Příspěvek od Martin.Horacek »

Ahoj, vse nejlepsi v novem roce preji! Dekuju za rady. Pocitac bezi tk nejak normalne. je porad pomalejsi ale to muze byt avastem, ze kontroluje kazdou akci?

mcafee odinstaluju a dam urcite win update

muzu se jen zeptat byly tam nejak zasadni potvory? trojani nebo neco zkrytyjo co mohlo nekam posilat informace? neco co by melo spolecneho s occamy.c nebo zpevdo.a trojanama?

Jeste jenou diky.
M.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Poprosim o preventivku

#12 Příspěvek od Conder »

Dik, takisto prajem vsetko dobre do noveho roku :)

Podla logov PC vyzera cisty, malware som tam nevidel. Precistili sme v podstate iba zbytocnosti.

Tazko povedat, co konkretne spomaluje PC, kazdopadne malwarom by to nemalo byt. Mozme este skusit dalsi sken. V PC je nainstalovany aj Malwarebytes, predpokladam, ze s nim si uz tiez preskenoval PC, ci?

:arrow: Stiahni a uloz na plochu ESET Online Scanner: ceska verzia | slovenska verzia
  • Odsuhlas licencne podmienky
  • Vyber moznost Zapnut detekciu potencialne nechcenych aplikacii
  • Otvor rozsirene nastavenia
  • Zaskrtni prvu moznost Zapnut detekciu potenciale zneuzitelnych aplikacii
  • Klikni na Kontrola alebo Spustit
  • Pockaj na dokoncenie - tento sken moze trvat aj niekolko hodin (zavisi od velkosti a rychlosti diskov)
  • V pripade nalezov:
    • Klikni na Ulozit do textoveho suboru
    • Napis nazov napr. "eset" a uloz log na plochu
    • Obsah tohto logu sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Martin.Horacek
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 29 pro 2018 11:01

Re: Poprosim o preventivku

#13 Příspěvek od Martin.Horacek »

Ahoj,

mcafee je pryc, Win updates vsechny nainstalovane. Jak koukam do task manageru tk mi to opravdu pripadne, ze avast kontroluje jakoukoliv akci a co zpomaluje PC je hlavne vytizenost disku.

Zkusim ten Eset jak prijdu domu, jan malinky dotaz, kdyz jsme skenovali PC nemohl behem scanu do toho vseho nejak kecat ten avast a treba nejakou hrozbu 'schovat'? (jestli ted placam blbosti, tk pardon:))

diky ozvu se jak dopadl ten eset scan.
Martin

p.s. malwarebytes jsem spustil predtim a naslo to ty hrozby ohledne occamy.c a zpevdo.a trojanu a hned je dal do karanteny.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Poprosim o preventivku

#14 Příspěvek od Conder »

:arrow: V Malwarebytes v casti Spravy by mal byt z toho log, exportuj ho a posli aj ten.

:arrow: Avast ako antivirus by hrozby nemal schovavat (to robia prave rootkity), ale naopak odstranit ich a zobrazit upozornenie.

:arrow: Pockame teda este na vysledok u ESETu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Martin.Horacek
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 29 pro 2018 11:01

Re: Poprosim o preventivku

#15 Příspěvek od Martin.Horacek »

Ahoj, omlouvam se ya poydni odpoved ale nebzl jsem ted doma.

zde je log z esetu
5. 1. 2019 22:22:05
Zkontrolováno souborů: 371456
Infikovaných souborů: 2
Vyléčeno hrozeb: 2
Celkový čas kontroly 02:24:51
Stav kontroly: Dokončeno
C:\Program Files (x86)\Free Sound Recorder\goup.exe varianta infiltrace Win32/Meikehuayi.A potenciálně nechtěná aplikace vyléčen smazáním
C:\ProgramData\PDF Architect 4\Installation\PDFArchitect4Installer.exe varianta infiltrace Win32/LuluSoftware.A potenciálně nechtěná aplikace vyléčen smazáním


a zde z MWB


Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 29.12.18
Čas skenování: 9:05
Logovací soubor: 779ca6c8-0b40-11e9-8c8d-70188b45893e.json

-Informace o softwaru-
Verze: 3.6.1.2711
Verze komponentů: 1.0.508
Aktualizovat verzi balíku komponent: 1.0.8543
Licence: Zkušební

-Systémová informace-
OS: Windows 8.1
CPU: x64
Systém souborů: NTFS
Uživatel: Nunanek\Jitka

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 297663
Zjištěné hrozby: 5
Hrozby umístěné do karantény: 5
Uplynulý čas: 11 min, 7 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 1
PUP.Optional.InstallCore, HKU\S-1-5-21-797450051-102285635-2811792732-1001\SOFTWARE\CSASTATS\ic, V karanténě, [414], [586068],1.0.8543

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 4
PUP.Optional.Monetizer, C:\USERS\JITKA\APPDATA\LOCAL\TEMP\IS-IGQO0.TMP\CBSTUB.EXE, V karanténě, [8083], [140604],1.0.8543
PUP.Optional.PerformerSoft, C:\USERS\JITKA\APPDATA\LOCAL\TEMP\СODEC PERFORMER.EXE, V karanténě, [527], [301146],1.0.8543
Generic.Malware/Suspicious, C:\USERS\JITKA\DESKTOP\INPA.lnk, V karanténě, [0], [392686],1.0.8543
Generic.Malware/Suspicious, C:\EC-APPS\INPA\INPA.EXE, V karanténě, [0], [392686],1.0.8543

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Diky dik.

Odpovědět