VIRY.CZ

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.01.2019
Ran by Kapucky (administrator) on KAPUCKY-PC (06-01-2019 22:21:48)
Running from C:\Users\Kapucky\Downloads
Loaded Profiles: Kapucky (Available Profiles: Kapucky)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-06] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-06] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-06] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\Run: [Dropbox Update] => C:\Users\Kapucky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-14] (Dropbox, Inc.)
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [54788456 2018-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\Run: [AvastBrowserAutoLaunch_904A5F03167E69BAD41F43FACF0E9E10] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1827112 2018-12-04] (AVAST Software)
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\MountPoints2: {57fb4b9a-a4b3-11e5-96db-d43d7ee1c9d5} - G:\SETUP.EXE
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\MountPoints2: {7841e297-c564-11e3-bd3e-d43d7ee1c9d5} - F:\SETUP.EXE /AUTORUN
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\MountPoints2: {b3a4b2d4-16bb-11e7-979f-d43d7ee1c9d5} - E:\AutoRun.exe
HKLM\...\Drivers32-x32: [VIDC.DVSD] => C:\Windows\SysWOW64\pdvcodec.dll [215552 2000-11-21] (Matsushita Electric Industrial Co., Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\70.1.973.110\Installer\chrmstp.exe [2019-01-04] (AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\Kapucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-12-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.1.103.65 10.1.1.1
Tcpip\..\Interfaces\{D5562BC4-A715-4AEA-A9A3-C04A259A9312}: [DhcpNameServer] 10.1.103.65 10.1.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-18] (Oracle Corporation)
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
IE Session Restore: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001 -> is enabled.
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Kapucky\AppData\Roaming\Oxford University Press\OxfordGrammarForSchools1\Profiles\gkl5qly9.default [2014-12-16]
FF ProfilePath: C:\Users\Kapucky\AppData\Roaming\Mozilla\Firefox\Profiles\2zizny6g.default [2019-01-06]
FF Homepage: Mozilla\Firefox\Profiles\2zizny6g.default -> hxxp://www.seznam.cz/
FF Session Restore: Mozilla\Firefox\Profiles\2zizny6g.default -> is enabled.
FF Extension: (Avast Passwords) - C:\Users\Kapucky\AppData\Roaming\Mozilla\Firefox\Profiles\2zizny6g.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-12-13]
FF Extension: (Avast Online Security) - C:\Users\Kapucky\AppData\Roaming\Mozilla\Firefox\Profiles\2zizny6g.default\Extensions\wrc@avast.com.xpi [2018-08-06]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-10] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2525883802-2620883698-3047885965-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kapucky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-23] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxps://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default [2019-01-06]
CHR Extension: (Dokumenty) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Vyhledávání Google) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Avast Passwords) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-12-20]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-12-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-04]
CHR Extension: (Avast Online Security) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-06] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-13] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-06] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-13] (AVAST Software)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 ssinstall; C:\Windows\SysWOW64\ssins.exe [4696960 2016-11-23] (PS Media s.r.o.)
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37304 2019-01-06] (AVAST Software)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-06] (AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [220688 2019-01-06] (AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-01-06] (AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-01-06] (AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-01-06] (AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239808 2019-01-06] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-06] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-06] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166472 2019-01-06] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-01-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-06] (AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-06] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-06] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-01-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-06] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-09] (Disc Soft Ltd)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46016 2012-07-24] ()
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [8192 2008-01-20] ()
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-06 22:21 - 2019-01-06 22:22 - 000018364 _____ C:\Users\Kapucky\Downloads\FRST.txt
2019-01-06 22:20 - 2019-01-06 22:21 - 000000000 ____D C:\FRST
2019-01-06 22:20 - 2019-01-06 22:20 - 002425856 _____ (Farbar) C:\Users\Kapucky\Downloads\FRST64.exe
2019-01-06 22:16 - 2019-01-06 22:16 - 632286154 _____ C:\Windows\MEMORY.DMP
2019-01-06 22:16 - 2019-01-06 22:16 - 000441304 _____ C:\Windows\Minidump\010619-16458-01.dmp
2019-01-06 22:16 - 2019-01-06 22:16 - 000072100 _____ C:\Windows\ntbtlog.txt
2019-01-06 17:20 - 2019-01-06 17:18 - 000320888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-01-06 17:20 - 2019-01-06 17:18 - 000220688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-06 17:20 - 2019-01-06 17:18 - 000196264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-01-06 17:20 - 2019-01-06 17:18 - 000058160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-01-06 17:20 - 2019-01-06 17:18 - 000037304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-01-06 17:19 - 2019-01-06 17:19 - 000361352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-12-14 04:00 - 2018-12-14 04:00 - 000000000 ____D C:\Users\Kapucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-06 22:16 - 2014-11-16 10:38 - 000000000 ____D C:\Windows\Minidump
2019-01-06 22:15 - 2018-03-04 08:15 - 000000000 ____D C:\Users\Kapucky\AppData\Local\AVAST Software
2019-01-06 22:14 - 2014-01-15 16:28 - 000000000 ___RD C:\Users\Kapucky\Dropbox
2019-01-06 22:13 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-06 20:27 - 2009-07-14 05:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-06 20:27 - 2009-07-14 05:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-06 20:21 - 2016-11-14 13:12 - 000000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001UA1d23e7065ae909a.job
2019-01-06 20:21 - 2016-11-14 13:12 - 000000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001Core1d23e706549db51.job
2019-01-06 20:15 - 2016-11-20 19:07 - 000000000 ____D C:\Users\Kapucky\AppData\LocalLow\Mozilla
2019-01-06 20:12 - 2018-08-20 15:24 - 000004536 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-06 20:12 - 2018-08-20 15:23 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-01-06 20:12 - 2017-03-02 11:59 - 000004524 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-01-06 20:12 - 2016-11-14 13:12 - 000003910 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001UA1d23e7065ae909a
2019-01-06 20:12 - 2016-11-14 13:12 - 000003514 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001Core1d23e706549db51
2019-01-06 20:12 - 2015-12-09 14:40 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d132872b3abd06
2019-01-06 20:12 - 2015-12-09 14:40 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d13287275ed3ef
2019-01-06 20:12 - 2015-12-03 19:03 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-01-06 20:12 - 2015-11-11 16:58 - 000003290 _____ C:\Windows\System32\Tasks\{314F236F-9D61-4724-8055-306F5A6BF3B8}
2019-01-06 18:22 - 2016-10-09 11:08 - 000000000 ____D C:\Program Files\WinRAR
2019-01-06 18:22 - 2016-10-09 11:07 - 000001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2019-01-06 18:22 - 2016-10-09 11:07 - 000000000 ____D C:\Users\Kapucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-01-06 18:22 - 2016-10-09 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-01-06 18:22 - 2016-10-09 11:06 - 000000000 ____D C:\Program Files (x86)\WinRAR
2019-01-06 18:22 - 2014-01-10 17:06 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-01-06 18:22 - 2014-01-10 17:06 - 000000000 ____D C:\Program Files\CCleaner
2019-01-06 18:22 - 2014-01-10 16:49 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-01-06 18:22 - 2014-01-10 16:49 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-06 18:22 - 2014-01-10 16:49 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-01-06 18:22 - 2014-01-10 16:49 - 000000000 ____D C:\Windows\system32\Macromed
2019-01-06 17:20 - 2017-03-27 21:19 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-01-06 17:19 - 2018-10-21 08:56 - 000042488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-01-06 17:19 - 2018-01-09 18:35 - 000239808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-01-06 17:19 - 2017-11-10 19:05 - 000203488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000474648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000380144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000218056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000166472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000111992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000088144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000046584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2019-01-06 17:18 - 2015-01-07 09:49 - 001034056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-01-04 03:57 - 2018-05-13 14:52 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-12-20 22:07 - 2011-04-12 09:34 - 000668542 _____ C:\Windows\system32\perfh005.dat
2018-12-20 22:07 - 2011-04-12 09:34 - 000141202 _____ C:\Windows\system32\perfc005.dat
2018-12-20 22:07 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-20 22:07 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-12-20 18:54 - 2014-08-27 06:38 - 000000000 ____D C:\Users\Kapucky\AppData\Local\Adobe
2018-12-18 03:58 - 2014-01-10 16:52 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-16 19:21 - 2018-02-04 21:01 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
2018-12-16 19:21 - 2018-02-04 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-12-16 19:17 - 2016-11-20 17:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-12-16 19:17 - 2014-01-10 16:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-14 04:00 - 2014-01-15 16:26 - 000000000 ____D C:\Users\Kapucky\AppData\Roaming\Dropbox

==================== Files in the root of some directories =======

2016-01-07 17:07 - 2016-01-07 17:07 - 000000016 ____H () C:\Users\Kapucky\AppData\Local\citpt.dat
2014-06-16 15:36 - 2018-11-21 22:45 - 000019456 _____ () C:\Users\Kapucky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2015-12-11 12:02 - 2015-12-11 12:02 - 000071168 _____ () C:\Users\Kapucky\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz6l1cz.dll
2015-05-15 15:57 - 2015-05-15 15:57 - 000027448 _____ (AVG Technologies) C:\Users\Kapucky\AppData\Local\Temp\DseShExt-x64.dll
2015-05-15 15:57 - 2015-05-15 15:57 - 000030008 _____ (AVG Technologies) C:\Users\Kapucky\AppData\Local\Temp\DseShExt-x86.dll
2015-11-12 14:06 - 2015-11-12 14:06 - 001898640 _____ (Irfan Skiljan) C:\Users\Kapucky\AppData\Local\Temp\iview438_setup.exe
2014-09-29 18:06 - 2014-09-29 18:06 - 000937896 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2016-08-25 14:06 - 2016-08-25 14:06 - 000741440 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-19 22:06 - 2016-10-19 22:06 - 000737856 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-20 16:02 - 2017-01-20 16:02 - 000739904 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-26 15:42 - 2017-04-26 15:42 - 000739904 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-08-03 15:17 - 2017-08-03 15:17 - 000740416 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-10-29 21:56 - 2017-10-29 21:56 - 001856576 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-06-04 12:03 - 2018-06-04 12:03 - 001884616 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-07-30 15:18 - 2018-07-30 15:18 - 001906040 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u181-windows-au.exe
2018-10-18 17:52 - 2018-10-18 17:52 - 001892728 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u191-windows-au.exe
2014-12-18 18:29 - 2014-12-18 18:29 - 000641448 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u31-windows-au.exe
2015-07-20 14:37 - 2015-07-20 14:37 - 000563808 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u51-windows-au.exe
2015-08-28 00:07 - 2015-08-28 00:07 - 000585824 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u60-windows-au.exe
2015-10-21 13:39 - 2015-10-21 13:39 - 000585824 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u65-windows-au.exe
2015-11-24 21:10 - 2015-11-24 21:10 - 000585824 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-01-26 13:56 - 2016-01-26 13:56 - 000644704 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-09 13:22 - 2016-02-09 13:22 - 000736352 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-29 11:54 - 2016-03-29 11:54 - 000736320 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-04-27 08:11 - 2016-04-27 08:11 - 000739904 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u91-windows-au.exe
2010-06-09 01:24 - 2010-06-09 01:24 - 000149352 ____R (Microsoft Corporation) C:\Users\Kapucky\AppData\Local\Temp\ose00000.exe
2018-05-13 14:55 - 2018-05-13 14:51 - 002758672 _____ () C:\Users\Kapucky\AppData\Local\Temp\removeSZB.exe
2015-05-15 15:57 - 2015-05-15 15:57 - 000033080 _____ (AVG Technologies) C:\Users\Kapucky\AppData\Local\Temp\SDShelEx-win32.dll
2015-05-15 15:57 - 2015-05-15 15:57 - 000032056 _____ (AVG Technologies) C:\Users\Kapucky\AppData\Local\Temp\SDShelEx-x64.dll
2015-01-02 15:21 - 2016-05-11 21:48 - 045198968 _____ (Skype Technologies S.A.) C:\Users\Kapucky\AppData\Local\Temp\SkypeSetup.exe
2015-11-12 14:06 - 2016-11-23 12:59 - 004696960 _____ (PS Media s.r.o.) C:\Users\Kapucky\AppData\Local\Temp\ssins.exe
2016-09-15 20:29 - 2016-09-15 20:45 - 070514752 _____ (Dropbox, Inc.) C:\Users\Kapucky\AppData\Local\Temp\{A3EAF2C9-289D-40D6-B943-A3F3AB89AAE4}-DropboxClient_10.4.25.exe
2016-04-14 11:15 - 2016-04-14 11:16 - 068205976 _____ (Dropbox, Inc.) C:\Users\Kapucky\AppData\Local\Temp\{A582CCFC-3632-432F-96F0-B6810A52C946}-DropboxClient_3.18.1.exe
2016-10-07 05:41 - 2016-10-07 05:43 - 070395576 _____ (Dropbox, Inc.) C:\Users\Kapucky\AppData\Local\Temp\{F6CD4B2C-8D48-4478-BACF-C1C10C0B75B1}-DropboxClient_11.4.22.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-03 00:38

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.01.2019
Ran by Kapucky (06-01-2019 22:22:41)
Running from C:\Users\Kapucky\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-10 14:52:40)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2525883802-2620883698-3047885965-500 - Administrator - Disabled)
Guest (S-1-5-21-2525883802-2620883698-3047885965-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2525883802-2620883698-3047885965-1003 - Limited - Enabled)
Kapucky (S-1-5-21-2525883802-2620883698-3047885965-1001 - Administrator - Enabled) => C:\Users\Kapucky

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (HKLM-x32\...\{23170F69-40C1-2701-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advertising Center (HKLM-x32\...\{b2ec4a38-b545-4a00-8214-13fe0e915e6d}) (Version: 0.0.0.1 - Nero AG) Hidden
AMD Catalyst Install Manager (HKLM\...\{13351E83-6DCD-4E97-2A8C-5D496259A47F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.1.973.110 - AVAST Software)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.68.1077 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Cubify Invent (HKLM-x32\...\{603AFBD1-85BB-4BCD-B42E-E1BD1C34652C}) (Version: 1.0.0.10007 - 3D Systems)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
DolbyFiles (HKLM-x32\...\{b1adf008-e898-4fe2-8a1f-690d9a06acaf}) (Version: 0.1 - Nero AG) Hidden
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - )
Dropbox (HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\Dropbox) (Version: 63.4.107 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
K-Lite Codec Pack 9.4.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotionDV STUDIO 5.3E LE for DV (HKLM-x32\...\{43F8F1E5-C740-4293-A309-EA9DD6474DB1}) (Version: - )
Mozilla Firefox 64.0 (x64 cs) (HKLM\...\Mozilla Firefox 64.0 (x64 cs)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 64.0.0.6914 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Tag (HKLM-x32\...\{2ADBD0DD-F146-413E-8C3A-285592BD10F0}) (Version: 2.08 - Wide Angle Software)
Nero 9 Essentials (HKLM-x32\...\{baf459c9-fe42-429a-ab4f-7fab4348549c}) (Version: - Nero AG)
OpenOffice 4.0.1 (HKLM-x32\...\{220C463A-2890-4C7F-B97C-C49FE175B849}) (Version: 4.01.9714 - Apache Software Foundation)
Oxford Grammar for Schools 1 (HKLM-x32\...\Oxford Grammar for Schools 1 1.0) (Version: 1.0 - Oxford University Press)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PKR (HKLM-x32\...\PKR) (Version: - PKR Ltd)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6586 - Realtek Semiconductor Corp.)
Recepty doma (HKLM-x32\...\Recepty doma_is1) (Version: - Martin Roubec)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Seznam Instalátor (HKLM-x32\...\ssinstall) (Version: - Seznam.cz)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype verze 8.36 (HKLM-x32\...\Skype_is1) (Version: 8.36 - Skype Technologies S.A.)
Splash Lite (HKLM-x32\...\{8B4A6011-BB10-4918-B561-3F6CF5712B37}) (Version: 1.7.1 - Mirillis)
Stamp ID3 Tag Editor (HKLM-x32\...\Stamp) (Version: 2.39 - NCH Software)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
WinRAR 5.61 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Zacek v2.1 (HKLM-x32\...\Zacek v2.1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2009-07-16] (Nero AG)
ContextMenuHandlers1-x32-x32: [PDFArchitectExtension] -> {DBDB3433-0E01-40CE-A026-D9F54FAC3CA9} => C:\Program Files (x86)\PDF Architect\ContextMenuExt.dll [2013-04-08] (pdfforge GmbH)
ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-30] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2525883802-2620883698-3047885965-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2525883802-2620883698-3047885965-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2525883802-2620883698-3047885965-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0007A619-1F16-41CB-AD42-0C58D66FFE5C} - System32\Tasks\{314F236F-9D61-4724-8055-306F5A6BF3B8} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\setup.exe -d C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}
Task: {0171FEA5-A136-49D0-A63A-043D98EB7767} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-20] (Adobe Systems Incorporated)
Task: {0FDAF20A-39E2-468A-ACA4-FD13E144FE97} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-06] (AVAST Software)
Task: {13630C59-C6AD-4F3E-887A-3715AB0AE2B0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-11-02] (AVAST Software)
Task: {17F07F9E-C75D-4D7E-A323-46E0D8ED7E15} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [2018-12-16] (Adobe Systems Incorporated)
Task: {187861B2-37AF-44D9-B122-13AE888CDD14} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001Core1d23e706549db51 => C:\Users\Kapucky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-14] (Dropbox, Inc.)
Task: {277481F7-373C-432B-B252-5E055B9F7EF1} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {288CCB3B-1D85-46CA-9E7A-2BD5CD0A3FA7} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8efec4ce9532 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4D0CAA7A-8200-4504-B960-3A2659ACD595} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {5599DA96-1DD8-4E44-A392-EAB9C684921E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001UA1d23e7065ae909a => C:\Users\Kapucky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-14] (Dropbox, Inc.)
Task: {61889AB3-7464-4D81-A818-20E10736AE79} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-13] (AVAST Software)
Task: {6A9027A0-5682-4CF1-8F8A-1BC2769D4EEF} - System32\Tasks\GoogleUpdateTaskMachineCore1d13287275ed3ef => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {753324D8-CC82-4AB9-9F39-AF6FE6933191} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-13] (AVAST Software)
Task: {935ACA67-01B2-4012-B358-CB71EDF16088} - System32\Tasks\{7D7E2AFC-AA12-4B6D-AA44-3D66D3282E65} => C:\Windows\system32\pcalua.exe -a D:\MDVS\Setup\Setup.exe -d D:\MDVS\Setup
Task: {94E6DD1F-AEAF-4342-9A7E-64502D946081} - System32\Tasks\GoogleUpdateTaskMachineUA1d132872b3abd06 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9FB21CDB-DAEB-42A8-95CD-AF1736E5217F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B420F967-557D-4220-8CDF-D3372CF0C96A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-06] (Adobe Systems Incorporated)
Task: {B66C100E-71AC-4DB5-A8A2-C19C11EFCC3F} - System32\Tasks\GoogleUpdateTaskMachineUA1cfff784c491cd1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {BEF99ECA-3DE9-4A9D-98D7-F7EC67FAFF0C} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8efec4e662f5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CC6BE03C-7ADE-44DB-A5D8-6F0EFFE5BDFE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {CEF586B9-CB2C-4AD8-9B91-E391247A3A0C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {DF839088-43F5-46D0-97FB-1949184A9FC3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001Core1d23e706549db51.job => C:\Users\Kapucky\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001UA1d23e7065ae909a.job => C:\Users\Kapucky\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8efec4ce9532.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8efec4e662f5.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff784c491cd1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Kapucky\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Kapucky\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Webové servery ve službě MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2019-01-04 03:57 - 2018-12-04 12:43 - 002294000 _____ () C:\Program Files (x86)\AVAST Software\Browser\Application\70.1.973.110\swiftshader\libglesv2.dll
2019-01-04 03:57 - 2018-12-04 12:43 - 000138120 _____ () C:\Program Files (x86)\AVAST Software\Browser\Application\70.1.973.110\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-01-04 08:46 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kapucky\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.1.103.65 - 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F2E1FA47-F50C-4ABC-A535-4B7381667040}] => (Allow) C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
FirewallRules: [{187E555F-5530-4B8B-A2B8-0A075E1E2975}] => (Allow) C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
FirewallRules: [{DC901452-A5BB-4169-8A54-969F3819FC72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{DD45A6E7-E89A-4366-A7E5-DBF334FFB764}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{4974BDCE-E7E1-4056-B452-F75BC641BC03}C:\users\kapucky\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kapucky\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc.)
FirewallRules: [UDP Query User{6C13A6CD-0297-470D-9615-3FCCDE8B225E}C:\users\kapucky\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kapucky\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc.)
FirewallRules: [{2A5F8BDD-999B-4577-BD14-284DC831FD7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{B9C35F5E-352C-4A6A-A465-9DD6B143A16E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{2DA3FE81-5CED-41BA-9BDF-AAD444139318}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.)
FirewallRules: [{97C90EE2-C152-406E-92F7-CD835AA8D173}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.)
FirewallRules: [TCP Query User{8392FB0C-6568-4128-9906-B64BFD8B1213}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe ()
FirewallRules: [UDP Query User{1AE69F48-14DA-4CA3-8E26-A60130C70AF5}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe ()
FirewallRules: [{E4C588A8-ED05-4E57-A3C6-6B1CBBB9417B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{985A8218-906F-4BA3-B69E-638661158904}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{50A2ECC0-3925-4F22-A323-769D1C57CFDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{DAD4C143-6401-4EFF-A133-F1CF0C5165CB}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)
FirewallRules: [{03FC888E-64D7-4814-AE09-64195C65D78D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{7FB7183D-A3FE-4C7F-9E85-D54E9C9FB617}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{028A0FF3-16EB-4627-8BEB-D0EF3CE99AA0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{55B43BEB-56C1-47F7-8BBD-7FAF62B760BF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)

==================== Restore Points =========================

17-12-2018 00:13:05 Naplánovaný kontrolní bod
29-12-2018 16:48:38 Naplánovaný kontrolní bod
06-01-2019 19:55:07 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2019 10:18:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/06/2019 10:13:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/06/2019 08:21:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/06/2019 08:21:47 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/06/2019 08:21:47 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/06/2019 08:21:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)

Error: (01/06/2019 08:21:44 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/06/2019 08:21:44 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nenačetla informace o úložišti vlastností.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Databáze indexu obsahu je poškozená. (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (01/06/2019 10:20:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (01/06/2019 10:20:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (01/06/2019 10:20:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (01/06/2019 10:20:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (01/06/2019 10:20:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (01/06/2019 10:20:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (01/06/2019 10:19:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (01/06/2019 10:19:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.


Windows Defender:
===================================
Date: 2016-08-26 13:21:09.927
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x8050800d
Popis chyby:Některé položky historie nelze zobrazit. Počkejte několik minut a akci opakujte. Pokud tento postup nefunguje, vymažte historii a opakujte pokus.
Verze podpisu:1.227.706.0
Verze modulu:1.1.13000.0

Date: 2016-03-05 09:41:55.330
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

Date: 2016-03-05 09:41:55.306
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci.
Nová verze podpisu:1.187.1007.0
Předchozí verze podpisu:
Zdroj aktualizace:Složka aktualizace podpisů
Typ podpisu:Antispywarový program
Typ aktualizace:Úplné
Uživatel:NT AUTHORITY\SYSTEM
Aktuální verze modulu:1.1.10401.0
Předchozí verze modulu:
Kód chyby:0x80070666
Popis chyby:Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2016-03-05 09:41:55.306
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu:1.1.10401.0
Předchozí verze modulu:
Zdroj aktualizace:Složka aktualizace podpisů
Uživatel:NT AUTHORITY\SYSTEM
Kód chyby:0x80070666
Popis chyby:Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2015-11-11 19:03:50.700
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

CodeIntegrity:
===================================

Date: 2015-11-11 18:44:27.345
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:44:27.127
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:44:26.940
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:44:26.799
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:44:26.565
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:44:26.409
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:29:21.214
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:29:20.996
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A10-6800K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 16%
Total physical RAM: 7374.98 MB
Available physical RAM: 6135.89 MB
Total Virtual: 14748.15 MB
Available Virtual: 13507.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.32 GB) (Free:788.86 GB) NTFS
Drive f: (Bebuscha&Kaaposch) (Fixed) (Total:931.48 GB) (Free:268.1 GB) NTFS
Drive g: (KAAPOSCH1TB) (Fixed) (Total:931.28 GB) (Free:894.91 GB) FAT32

\\?\Volume{29c9d0b5-7a05-11e3-a8cc-806e6f6e6963}\ () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D3829413)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: FC622B53)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: B0FE7CAB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

==================== End of Addition.txt ============================

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-07-2019
# Duration: 00:00:01
# OS: Windows 7 Home Premium
# Cleaned: 38
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Kapucky\AppData\Roaming\RHEng
Deleted C:\Program Files (x86)\DAEMON Tools Toolbar

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKCU\Software\AppDataLow\Software\Smartbar
Not Deleted HKLM\Software\Microsoft\Internet Explorer\Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar|{25A3A431-30BB-47C8-AD6A-E1063801134F}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zbozi.akcniceny.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.vinice-hnanice.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.tobias-ucebnice.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.stavebnice4u.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.srovnanicen.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.onlinepohlednice.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.levneucebnice.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.akcniceny.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vinice-hnanice.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ucebnice.fraus.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tobias-ucebnice.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\stavebnice4u.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\srovnanicen.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sperkovnice.hledejceny.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sperkovnice.heureka.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\onlinepohlednice.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\levneucebnice.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\lednice.heureka.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\kik.akcniceny.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akcniceny.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovit.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\auta.trovit.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zs-snp-v-hk.webnode.cz
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\warthunder.com
Deleted HKCU\Software\win

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted DAEMON Search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5395 octets] - [07/01/2019 07:03:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Poprosim o obidva nove logy z FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07.01.2019
Ran by Kapucky (administrator) on KAPUCKY-PC (08-01-2019 21:57:26)
Running from C:\Users\Kapucky\Desktop
Loaded Profiles: Kapucky (Available Profiles: Kapucky)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Dropbox, Inc.) C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6469736 2012-03-06] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-06] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-06] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\Run: [Dropbox Update] => C:\Users\Kapucky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-14] (Dropbox, Inc.)
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [54788456 2018-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\Run: [AvastBrowserAutoLaunch_904A5F03167E69BAD41F43FACF0E9E10] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1827112 2018-12-04] (AVAST Software)
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\MountPoints2: {57fb4b9a-a4b3-11e5-96db-d43d7ee1c9d5} - G:\SETUP.EXE
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\MountPoints2: {7841e297-c564-11e3-bd3e-d43d7ee1c9d5} - F:\SETUP.EXE /AUTORUN
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\MountPoints2: {b3a4b2d4-16bb-11e7-979f-d43d7ee1c9d5} - E:\AutoRun.exe
HKLM\...\Drivers32-x32: [VIDC.DVSD] => C:\Windows\SysWOW64\pdvcodec.dll [215552 2000-11-21] (Matsushita Electric Industrial Co., Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\70.1.973.110\Installer\chrmstp.exe [2019-01-04] (AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\Kapucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-12-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.1.103.65 10.1.1.1
Tcpip\..\Interfaces\{D5562BC4-A715-4AEA-A9A3-C04A259A9312}: [DhcpNameServer] 10.1.103.65 10.1.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-18] (Oracle Corporation)
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
IE Session Restore: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001 -> is enabled.
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Kapucky\AppData\Roaming\Oxford University Press\OxfordGrammarForSchools1\Profiles\gkl5qly9.default [2014-12-16]
FF ProfilePath: C:\Users\Kapucky\AppData\Roaming\Mozilla\Firefox\Profiles\2zizny6g.default [2019-01-08]
FF Homepage: Mozilla\Firefox\Profiles\2zizny6g.default -> hxxp://www.seznam.cz/
FF Session Restore: Mozilla\Firefox\Profiles\2zizny6g.default -> is enabled.
FF Extension: (Avast Passwords) - C:\Users\Kapucky\AppData\Roaming\Mozilla\Firefox\Profiles\2zizny6g.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-12-13]
FF Extension: (Avast Online Security) - C:\Users\Kapucky\AppData\Roaming\Mozilla\Firefox\Profiles\2zizny6g.default\Extensions\wrc@avast.com.xpi [2019-01-08]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-10] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2525883802-2620883698-3047885965-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kapucky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-23] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxps://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default [2019-01-08]
CHR Extension: (Dokumenty) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Vyhledávání Google) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Avast Passwords) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-12-20]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-12-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-04]
CHR Extension: (Avast Online Security) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Kapucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-06] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-13] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-06] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-13] (AVAST Software)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ssinstall; C:\Windows\SysWOW64\ssins.exe [4696960 2016-11-23] (PS Media s.r.o.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37304 2019-01-06] (AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-06] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [220688 2019-01-06] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-01-06] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-01-06] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-01-06] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239808 2019-01-06] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-06] (AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166472 2019-01-06] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-01-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-06] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-06] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-06] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-01-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-06] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-09] (Disc Soft Ltd)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46016 2012-07-24] ()
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [8192 2008-01-20] ()
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-08 21:57 - 2019-01-08 21:57 - 000018753 _____ C:\Users\Kapucky\Desktop\FRST.txt
2019-01-08 21:57 - 2019-01-08 21:57 - 000000000 ____D C:\Users\Kapucky\Desktop\FRST-OlderVersion
2019-01-07 07:02 - 2019-01-07 07:04 - 000000000 ____D C:\AdwCleaner
2019-01-07 07:02 - 2019-01-07 07:01 - 007320272 _____ (Malwarebytes) C:\Users\Kapucky\Desktop\adwcleaner_7.2.6.0.exe
2019-01-07 07:00 - 2019-01-07 07:01 - 007320272 _____ (Malwarebytes) C:\Users\Kapucky\Downloads\adwcleaner_7.2.6.0.exe
2019-01-06 22:22 - 2019-01-06 22:23 - 000041354 _____ C:\Users\Kapucky\Downloads\Addition.txt
2019-01-06 22:21 - 2019-01-06 22:23 - 000031762 _____ C:\Users\Kapucky\Downloads\FRST.txt
2019-01-06 22:20 - 2019-01-08 21:57 - 002424832 _____ (Farbar) C:\Users\Kapucky\Desktop\FRST64.exe
2019-01-06 22:20 - 2019-01-08 21:57 - 000000000 ____D C:\FRST
2019-01-06 22:16 - 2019-01-06 22:16 - 632286154 _____ C:\Windows\MEMORY.DMP
2019-01-06 22:16 - 2019-01-06 22:16 - 000441304 _____ C:\Windows\Minidump\010619-16458-01.dmp
2019-01-06 22:16 - 2019-01-06 22:16 - 000072100 _____ C:\Windows\ntbtlog.txt
2019-01-06 17:20 - 2019-01-06 17:18 - 000320888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-01-06 17:20 - 2019-01-06 17:18 - 000220688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-06 17:20 - 2019-01-06 17:18 - 000196264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-01-06 17:20 - 2019-01-06 17:18 - 000058160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-01-06 17:20 - 2019-01-06 17:18 - 000037304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-01-06 17:19 - 2019-01-06 17:19 - 000361352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-12-14 04:00 - 2018-12-14 04:00 - 000000000 ____D C:\Users\Kapucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-08 21:49 - 2016-11-14 13:12 - 000000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001UA1d23e7065ae909a.job
2019-01-08 20:49 - 2009-07-14 05:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-08 20:49 - 2009-07-14 05:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-08 20:43 - 2018-08-20 15:24 - 000004536 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-01-08 20:43 - 2018-08-20 15:23 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-01-08 20:43 - 2017-03-02 11:59 - 000004524 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-01-08 20:43 - 2016-11-14 13:12 - 000003910 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001UA1d23e7065ae909a
2019-01-08 20:43 - 2016-11-14 13:12 - 000003514 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001Core1d23e706549db51
2019-01-08 20:43 - 2016-11-14 13:12 - 000000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001Core1d23e706549db51.job
2019-01-08 20:43 - 2015-12-09 14:40 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d132872b3abd06
2019-01-08 20:43 - 2015-12-09 14:40 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d13287275ed3ef
2019-01-08 20:43 - 2015-12-03 19:03 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-01-08 20:43 - 2015-11-11 16:58 - 000003290 _____ C:\Windows\System32\Tasks\{314F236F-9D61-4724-8055-306F5A6BF3B8}
2019-01-08 19:59 - 2016-11-20 19:07 - 000000000 ____D C:\Users\Kapucky\AppData\LocalLow\Mozilla
2019-01-08 19:49 - 2018-03-04 08:15 - 000000000 ____D C:\Users\Kapucky\AppData\Local\AVAST Software
2019-01-07 07:20 - 2014-01-15 16:28 - 000000000 ___RD C:\Users\Kapucky\Dropbox
2019-01-07 07:18 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-06 22:30 - 2015-08-31 12:11 - 000022016 ___SH C:\Users\Kapucky\Thumbs.db
2019-01-06 22:16 - 2014-11-16 10:38 - 000000000 ____D C:\Windows\Minidump
2019-01-06 18:22 - 2016-10-09 11:08 - 000000000 ____D C:\Program Files\WinRAR
2019-01-06 18:22 - 2016-10-09 11:07 - 000001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2019-01-06 18:22 - 2016-10-09 11:07 - 000000000 ____D C:\Users\Kapucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-01-06 18:22 - 2016-10-09 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-01-06 18:22 - 2016-10-09 11:06 - 000000000 ____D C:\Program Files (x86)\WinRAR
2019-01-06 18:22 - 2014-01-10 17:06 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-01-06 18:22 - 2014-01-10 17:06 - 000000000 ____D C:\Program Files\CCleaner
2019-01-06 18:22 - 2014-01-10 16:49 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-01-06 18:22 - 2014-01-10 16:49 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-06 18:22 - 2014-01-10 16:49 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-01-06 18:22 - 2014-01-10 16:49 - 000000000 ____D C:\Windows\system32\Macromed
2019-01-06 17:20 - 2017-03-27 21:19 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-01-06 17:19 - 2018-10-21 08:56 - 000042488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-01-06 17:19 - 2018-01-09 18:35 - 000239808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-01-06 17:19 - 2017-11-10 19:05 - 000203488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000474648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000380144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000218056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000166472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000111992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000088144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-01-06 17:19 - 2015-01-07 09:49 - 000046584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2019-01-06 17:18 - 2015-01-07 09:49 - 001034056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-01-04 03:57 - 2018-05-13 14:52 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-12-20 22:07 - 2011-04-12 09:34 - 000668542 _____ C:\Windows\system32\perfh005.dat
2018-12-20 22:07 - 2011-04-12 09:34 - 000141202 _____ C:\Windows\system32\perfc005.dat
2018-12-20 22:07 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-20 22:07 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-12-20 18:54 - 2014-08-27 06:38 - 000000000 ____D C:\Users\Kapucky\AppData\Local\Adobe
2018-12-18 03:58 - 2014-01-10 16:52 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-16 19:21 - 2018-02-04 21:01 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
2018-12-16 19:21 - 2018-02-04 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-12-16 19:17 - 2016-11-20 17:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-12-16 19:17 - 2014-01-10 16:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-14 04:00 - 2014-01-15 16:26 - 000000000 ____D C:\Users\Kapucky\AppData\Roaming\Dropbox

==================== Files in the root of some directories =======

2016-01-07 17:07 - 2016-01-07 17:07 - 000000016 ____H () C:\Users\Kapucky\AppData\Local\citpt.dat
2014-06-16 15:36 - 2018-11-21 22:45 - 000019456 _____ () C:\Users\Kapucky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2015-12-11 12:02 - 2015-12-11 12:02 - 000071168 _____ () C:\Users\Kapucky\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz6l1cz.dll
2015-05-15 15:57 - 2015-05-15 15:57 - 000027448 _____ (AVG Technologies) C:\Users\Kapucky\AppData\Local\Temp\DseShExt-x64.dll
2015-05-15 15:57 - 2015-05-15 15:57 - 000030008 _____ (AVG Technologies) C:\Users\Kapucky\AppData\Local\Temp\DseShExt-x86.dll
2015-11-12 14:06 - 2015-11-12 14:06 - 001898640 _____ (Irfan Skiljan) C:\Users\Kapucky\AppData\Local\Temp\iview438_setup.exe
2014-09-29 18:06 - 2014-09-29 18:06 - 000937896 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2016-08-25 14:06 - 2016-08-25 14:06 - 000741440 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-19 22:06 - 2016-10-19 22:06 - 000737856 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-20 16:02 - 2017-01-20 16:02 - 000739904 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-26 15:42 - 2017-04-26 15:42 - 000739904 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-08-03 15:17 - 2017-08-03 15:17 - 000740416 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-10-29 21:56 - 2017-10-29 21:56 - 001856576 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u151-windows-au.exe
2018-06-04 12:03 - 2018-06-04 12:03 - 001884616 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u171-windows-au.exe
2018-07-30 15:18 - 2018-07-30 15:18 - 001906040 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u181-windows-au.exe
2018-10-18 17:52 - 2018-10-18 17:52 - 001892728 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u191-windows-au.exe
2014-12-18 18:29 - 2014-12-18 18:29 - 000641448 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u31-windows-au.exe
2015-07-20 14:37 - 2015-07-20 14:37 - 000563808 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u51-windows-au.exe
2015-08-28 00:07 - 2015-08-28 00:07 - 000585824 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u60-windows-au.exe
2015-10-21 13:39 - 2015-10-21 13:39 - 000585824 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u65-windows-au.exe
2015-11-24 21:10 - 2015-11-24 21:10 - 000585824 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-01-26 13:56 - 2016-01-26 13:56 - 000644704 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-09 13:22 - 2016-02-09 13:22 - 000736352 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-29 11:54 - 2016-03-29 11:54 - 000736320 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-04-27 08:11 - 2016-04-27 08:11 - 000739904 _____ (Oracle Corporation) C:\Users\Kapucky\AppData\Local\Temp\jre-8u91-windows-au.exe
2010-06-09 01:24 - 2010-06-09 01:24 - 000149352 ____R (Microsoft Corporation) C:\Users\Kapucky\AppData\Local\Temp\ose00000.exe
2018-05-13 14:55 - 2018-05-13 14:51 - 002758672 _____ () C:\Users\Kapucky\AppData\Local\Temp\removeSZB.exe
2015-05-15 15:57 - 2015-05-15 15:57 - 000033080 _____ (AVG Technologies) C:\Users\Kapucky\AppData\Local\Temp\SDShelEx-win32.dll
2015-05-15 15:57 - 2015-05-15 15:57 - 000032056 _____ (AVG Technologies) C:\Users\Kapucky\AppData\Local\Temp\SDShelEx-x64.dll
2015-01-02 15:21 - 2016-05-11 21:48 - 045198968 _____ (Skype Technologies S.A.) C:\Users\Kapucky\AppData\Local\Temp\SkypeSetup.exe
2015-11-12 14:06 - 2016-11-23 12:59 - 004696960 _____ (PS Media s.r.o.) C:\Users\Kapucky\AppData\Local\Temp\ssins.exe
2016-09-15 20:29 - 2016-09-15 20:45 - 070514752 _____ (Dropbox, Inc.) C:\Users\Kapucky\AppData\Local\Temp\{A3EAF2C9-289D-40D6-B943-A3F3AB89AAE4}-DropboxClient_10.4.25.exe
2016-04-14 11:15 - 2016-04-14 11:16 - 068205976 _____ (Dropbox, Inc.) C:\Users\Kapucky\AppData\Local\Temp\{A582CCFC-3632-432F-96F0-B6810A52C946}-DropboxClient_3.18.1.exe
2016-10-07 05:41 - 2016-10-07 05:43 - 070395576 _____ (Dropbox, Inc.) C:\Users\Kapucky\AppData\Local\Temp\{F6CD4B2C-8D48-4478-BACF-C1C10C0B75B1}-DropboxClient_11.4.22.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-03 00:38

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07.01.2019
Ran by Kapucky (08-01-2019 21:58:06)
Running from C:\Users\Kapucky\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-10 14:52:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2525883802-2620883698-3047885965-500 - Administrator - Disabled)
Guest (S-1-5-21-2525883802-2620883698-3047885965-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2525883802-2620883698-3047885965-1003 - Limited - Enabled)
Kapucky (S-1-5-21-2525883802-2620883698-3047885965-1001 - Administrator - Enabled) => C:\Users\Kapucky

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (HKLM-x32\...\{23170F69-40C1-2701-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advertising Center (HKLM-x32\...\{b2ec4a38-b545-4a00-8214-13fe0e915e6d}) (Version: 0.0.0.1 - Nero AG) Hidden
AMD Catalyst Install Manager (HKLM\...\{13351E83-6DCD-4E97-2A8C-5D496259A47F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 70.1.973.110 - AVAST Software)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.68.1077 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Cubify Invent (HKLM-x32\...\{603AFBD1-85BB-4BCD-B42E-E1BD1C34652C}) (Version: 1.0.0.10007 - 3D Systems)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
DolbyFiles (HKLM-x32\...\{b1adf008-e898-4fe2-8a1f-690d9a06acaf}) (Version: 0.1 - Nero AG) Hidden
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - )
Dropbox (HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\Dropbox) (Version: 63.4.107 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
K-Lite Codec Pack 9.4.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotionDV STUDIO 5.3E LE for DV (HKLM-x32\...\{43F8F1E5-C740-4293-A309-EA9DD6474DB1}) (Version: - )
Mozilla Firefox 64.0 (x64 cs) (HKLM\...\Mozilla Firefox 64.0 (x64 cs)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 64.0.0.6914 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Tag (HKLM-x32\...\{2ADBD0DD-F146-413E-8C3A-285592BD10F0}) (Version: 2.08 - Wide Angle Software)
Nero 9 Essentials (HKLM-x32\...\{baf459c9-fe42-429a-ab4f-7fab4348549c}) (Version: - Nero AG)
OpenOffice 4.0.1 (HKLM-x32\...\{220C463A-2890-4C7F-B97C-C49FE175B849}) (Version: 4.01.9714 - Apache Software Foundation)
Oxford Grammar for Schools 1 (HKLM-x32\...\Oxford Grammar for Schools 1 1.0) (Version: 1.0 - Oxford University Press)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PKR (HKLM-x32\...\PKR) (Version: - PKR Ltd)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6586 - Realtek Semiconductor Corp.)
Recepty doma (HKLM-x32\...\Recepty doma_is1) (Version: - Martin Roubec)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Seznam Instalátor (HKLM-x32\...\ssinstall) (Version: - Seznam.cz)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype verze 8.36 (HKLM-x32\...\Skype_is1) (Version: 8.36 - Skype Technologies S.A.)
Splash Lite (HKLM-x32\...\{8B4A6011-BB10-4918-B561-3F6CF5712B37}) (Version: 1.7.1 - Mirillis)
Stamp ID3 Tag Editor (HKLM-x32\...\Stamp) (Version: 2.39 - NCH Software)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
WinRAR 5.61 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Zacek v2.1 (HKLM-x32\...\Zacek v2.1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2525883802-2620883698-3047885965-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2009-07-16] (Nero AG)
ContextMenuHandlers1-x32-x32: [PDFArchitectExtension] -> {DBDB3433-0E01-40CE-A026-D9F54FAC3CA9} => C:\Program Files (x86)\PDF Architect\ContextMenuExt.dll [2013-04-08] (pdfforge GmbH)
ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-30] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-06] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2525883802-2620883698-3047885965-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2525883802-2620883698-3047885965-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2525883802-2620883698-3047885965-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.0.dll [2018-12-13] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0007A619-1F16-41CB-AD42-0C58D66FFE5C} - System32\Tasks\{314F236F-9D61-4724-8055-306F5A6BF3B8} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\setup.exe -d C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}
Task: {0171FEA5-A136-49D0-A63A-043D98EB7767} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-20] (Adobe Systems Incorporated)
Task: {0FDAF20A-39E2-468A-ACA4-FD13E144FE97} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-06] (AVAST Software)
Task: {13630C59-C6AD-4F3E-887A-3715AB0AE2B0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-11-02] (AVAST Software)
Task: {17F07F9E-C75D-4D7E-A323-46E0D8ED7E15} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe [2018-12-16] (Adobe Systems Incorporated)
Task: {187861B2-37AF-44D9-B122-13AE888CDD14} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001Core1d23e706549db51 => C:\Users\Kapucky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-14] (Dropbox, Inc.)
Task: {277481F7-373C-432B-B252-5E055B9F7EF1} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {288CCB3B-1D85-46CA-9E7A-2BD5CD0A3FA7} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8efec4ce9532 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4D0CAA7A-8200-4504-B960-3A2659ACD595} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {5599DA96-1DD8-4E44-A392-EAB9C684921E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001UA1d23e7065ae909a => C:\Users\Kapucky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-14] (Dropbox, Inc.)
Task: {61889AB3-7464-4D81-A818-20E10736AE79} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-13] (AVAST Software)
Task: {6A9027A0-5682-4CF1-8F8A-1BC2769D4EEF} - System32\Tasks\GoogleUpdateTaskMachineCore1d13287275ed3ef => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {753324D8-CC82-4AB9-9F39-AF6FE6933191} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-13] (AVAST Software)
Task: {935ACA67-01B2-4012-B358-CB71EDF16088} - System32\Tasks\{7D7E2AFC-AA12-4B6D-AA44-3D66D3282E65} => C:\Windows\system32\pcalua.exe -a D:\MDVS\Setup\Setup.exe -d D:\MDVS\Setup
Task: {94E6DD1F-AEAF-4342-9A7E-64502D946081} - System32\Tasks\GoogleUpdateTaskMachineUA1d132872b3abd06 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9FB21CDB-DAEB-42A8-95CD-AF1736E5217F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B420F967-557D-4220-8CDF-D3372CF0C96A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-01-06] (Adobe Systems Incorporated)
Task: {B66C100E-71AC-4DB5-A8A2-C19C11EFCC3F} - System32\Tasks\GoogleUpdateTaskMachineUA1cfff784c491cd1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {BEF99ECA-3DE9-4A9D-98D7-F7EC67FAFF0C} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8efec4e662f5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CC6BE03C-7ADE-44DB-A5D8-6F0EFFE5BDFE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {CEF586B9-CB2C-4AD8-9B91-E391247A3A0C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {DF839088-43F5-46D0-97FB-1949184A9FC3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001Core1d23e706549db51.job => C:\Users\Kapucky\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2525883802-2620883698-3047885965-1001UA1d23e7065ae909a.job => C:\Users\Kapucky\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8efec4ce9532.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8efec4e662f5.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff784c491cd1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":
WMI:subscription\__EventFilter->BVTFilter:
WMI:subscription\CommandLineEventConsumer->BVTConsumer:

Shortcut: C:\Users\Kapucky\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Kapucky\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Webové servery ve službě MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2019-01-06 17:19 - 2019-01-06 17:19 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2019-01-06 17:19 - 2019-01-06 17:19 - 000550792 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2019-01-06 17:19 - 2019-01-06 17:19 - 001175944 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2019-01-06 17:19 - 2019-01-06 17:19 - 001967496 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2019-01-08 15:21 - 2019-01-08 15:21 - 006914192 _____ () C:\Program Files\AVAST Software\Avast\defs\19010802\algo64.dll
2013-08-30 19:47 - 2013-08-30 19:47 - 000214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 14:41 - 2012-10-22 14:41 - 000749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 14:42 - 2012-10-22 14:42 - 003645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2019-01-06 17:19 - 2019-01-06 17:19 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-08-30 19:47 - 2013-08-30 19:47 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-02-04 21:00 - 2018-12-11 18:46 - 001837672 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-12-16 19:21 - 2018-12-11 18:46 - 002413624 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2018-12-16 19:21 - 2018-12-11 18:46 - 000097840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-12-16 19:21 - 2018-12-11 18:46 - 000219696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-12-16 19:21 - 2018-12-11 18:46 - 000081768 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2018-12-14 04:00 - 2018-12-13 06:12 - 001140552 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-12-14 04:00 - 2018-12-13 06:12 - 002103112 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-05-15 02:15 - 2018-12-13 06:16 - 000023376 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\tornado.speedups.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000025456 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000148968 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\_cffi_backend.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 001878888 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000025960 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:12 - 000118232 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\pywintypes35.dll
2018-05-15 02:15 - 2018-12-13 06:12 - 000109024 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32api.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000083784 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\fastpath.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:12 - 000418776 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\pythoncom35.dll
2018-12-14 04:00 - 2018-12-13 06:15 - 000074072 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000027616 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32event.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000049128 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32process.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000026600 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32clipboard.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000131552 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32file.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000182752 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32gui.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000027616 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32pipe.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000119272 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32security.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:16 - 000401752 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32com.shell.shell.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000028640 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:16 - 000034664 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:16 - 000062304 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:12 - 000023520 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\mmapfile.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000053736 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32service.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000065504 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32evtlog.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:14 - 000025944 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:16 - 000068968 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:16 - 000028520 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000027488 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000032224 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32ts.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000156504 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000092496 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt562.sip.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 001778000 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000518992 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000052056 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 001929552 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 003821392 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000044888 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000132944 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000218456 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000205656 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000061408 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32print.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:16 - 000051552 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000027624 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\win32profile.cp35-win32.pyd
2018-08-02 13:45 - 2018-12-13 06:16 - 000033632 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winreindex.compiled._winreindex.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:16 - 000028008 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:16 - 000025960 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:16 - 000025448 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:16 - 000025960 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000031600 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:12 - 000486880 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winxpgui.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:16 - 000029040 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 011727696 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\nucleus_python.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000029024 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:12 - 000036312 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\librsync.dll
2018-05-15 02:15 - 2018-12-13 06:16 - 000025960 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000433992 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-05-15 02:15 - 2018-12-13 06:16 - 000035680 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000025920 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-12-14 04:00 - 2018-12-13 06:15 - 001592128 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-09-11 22:17 - 2018-12-13 06:16 - 000029544 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winffi.shell32.compiled._winffi_shell32.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000102736 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.cp35-win32.pyd
2018-10-25 19:43 - 2018-12-13 06:16 - 000025448 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winffi.gdi32.compiled._winffi_gdi32.cp35-win32.pyd
2018-05-15 02:15 - 2018-12-13 06:16 - 000029544 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000530768 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000348496 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.cp35-win32.pyd
2018-12-14 04:00 - 2018-12-13 06:15 - 000037200 _____ () C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.cp35-win32.pyd
2018-02-04 21:00 - 2018-12-11 18:46 - 002915328 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-02-04 21:00 - 2018-12-11 18:46 - 000015360 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-12-16 19:21 - 2018-12-11 18:46 - 000405056 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-12-16 19:21 - 2018-12-11 18:46 - 000138816 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-12-16 19:21 - 2018-12-11 18:47 - 003239984 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\Processing.NDI.Lib.x86.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2019-01-04 08:46 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kapucky\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.1.103.65 - 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F2E1FA47-F50C-4ABC-A535-4B7381667040}] => (Allow) C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
FirewallRules: [{187E555F-5530-4B8B-A2B8-0A075E1E2975}] => (Allow) C:\Users\Kapucky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
FirewallRules: [{DC901452-A5BB-4169-8A54-969F3819FC72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{DD45A6E7-E89A-4366-A7E5-DBF334FFB764}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [TCP Query User{4974BDCE-E7E1-4056-B452-F75BC641BC03}C:\users\kapucky\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kapucky\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc.)
FirewallRules: [UDP Query User{6C13A6CD-0297-470D-9615-3FCCDE8B225E}C:\users\kapucky\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kapucky\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc.)
FirewallRules: [{2A5F8BDD-999B-4577-BD14-284DC831FD7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{B9C35F5E-352C-4A6A-A465-9DD6B143A16E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FirewallRules: [{2DA3FE81-5CED-41BA-9BDF-AAD444139318}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.)
FirewallRules: [{97C90EE2-C152-406E-92F7-CD835AA8D173}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.)
FirewallRules: [TCP Query User{8392FB0C-6568-4128-9906-B64BFD8B1213}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe ()
FirewallRules: [UDP Query User{1AE69F48-14DA-4CA3-8E26-A60130C70AF5}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe ()
FirewallRules: [{E4C588A8-ED05-4E57-A3C6-6B1CBBB9417B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{985A8218-906F-4BA3-B69E-638661158904}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
FirewallRules: [{50A2ECC0-3925-4F22-A323-769D1C57CFDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{DAD4C143-6401-4EFF-A133-F1CF0C5165CB}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)
FirewallRules: [{03FC888E-64D7-4814-AE09-64195C65D78D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{7FB7183D-A3FE-4C7F-9E85-D54E9C9FB617}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
FirewallRules: [{028A0FF3-16EB-4627-8BEB-D0EF3CE99AA0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{55B43BEB-56C1-47F7-8BBD-7FAF62B760BF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)

==================== Restore Points =========================

17-12-2018 00:13:05 Naplánovaný kontrolní bod
29-12-2018 16:48:38 Naplánovaný kontrolní bod
06-01-2019 19:55:07 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2019 09:56:52 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.

Error: (01/08/2019 08:56:52 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.

Error: (01/08/2019 07:56:52 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.

Error: (01/08/2019 06:56:52 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.

Error: (01/08/2019 05:56:52 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.

Error: (01/08/2019 04:56:52 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.

Error: (01/08/2019 03:56:54 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.

Error: (01/08/2019 02:56:52 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.


System errors:
=============
Error: (01/08/2019 06:50:12 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/08/2019 06:35:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/08/2019 06:32:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/08/2019 06:29:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/08/2019 06:29:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/08/2019 02:16:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (01/07/2019 07:19:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Disc Soft Lite Bus Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (01/07/2019 07:19:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Disc Soft Lite Bus Service bylo dosaženo časového limitu (30000 ms).


Windows Defender:
===================================
Date: 2016-08-26 13:21:09.927
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x8050800d
Popis chyby:Některé položky historie nelze zobrazit. Počkejte několik minut a akci opakujte. Pokud tento postup nefunguje, vymažte historii a opakujte pokus.
Verze podpisu:1.227.706.0
Verze modulu:1.1.13000.0

Date: 2016-03-05 09:41:55.330
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

Date: 2016-03-05 09:41:55.306
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci.
Nová verze podpisu:1.187.1007.0
Předchozí verze podpisu:
Zdroj aktualizace:Složka aktualizace podpisů
Typ podpisu:Antispywarový program
Typ aktualizace:Úplné
Uživatel:NT AUTHORITY\SYSTEM
Aktuální verze modulu:1.1.10401.0
Předchozí verze modulu:
Kód chyby:0x80070666
Popis chyby:Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2016-03-05 09:41:55.306
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu:1.1.10401.0
Předchozí verze modulu:
Zdroj aktualizace:Složka aktualizace podpisů
Uživatel:NT AUTHORITY\SYSTEM
Kód chyby:0x80070666
Popis chyby:Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2015-11-11 19:03:50.700
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

CodeIntegrity:
===================================

Date: 2015-11-11 18:44:27.345
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:44:27.127
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:44:26.940
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:44:26.799
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:44:26.565
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:44:26.409
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:29:21.214
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-11 18:29:20.996
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A10-6800K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 36%
Total physical RAM: 7374.98 MB
Available physical RAM: 4708.07 MB
Total Virtual: 14748.15 MB
Available Virtual: 11948.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.32 GB) (Free:788.31 GB) NTFS
Drive f: (Bebuscha&Kaaposch) (Fixed) (Total:931.48 GB) (Free:267.96 GB) NTFS
Drive g: (KAAPOSCH1TB) (Fixed) (Total:931.28 GB) (Free:894.91 GB) FAT32

\\?\Volume{29c9d0b5-7a05-11e3-a8cc-806e6f6e6963}\ () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D3829413)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: FC622B53)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: B0FE7CAB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

==================== End of Addition.txt ============================

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  File: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
  File: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
  Folder: C:\Windows\Minidump
  Zip: C:\Windows\Minidump
  
  HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\MountPoints2: {57fb4b9a-a4b3-11e5-96db-d43d7ee1c9d5} - G:\SETUP.EXE
  HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\MountPoints2: {7841e297-c564-11e3-bd3e-d43d7ee1c9d5} - F:\SETUP.EXE /AUTORUN
  HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\MountPoints2: {b3a4b2d4-16bb-11e7-979f-d43d7ee1c9d5} - E:\AutoRun.exe
  HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
  Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
  Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
  FF Homepage: Mozilla\Firefox\Profiles\2zizny6g.default -> hxxp://www.seznam.cz/
  FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
  FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
  FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
  FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
  CHR HomePage: Default -> hxxp://www.seznam.cz/
  CHR StartupUrls: Default -> "hxxp://www.google.com/"
  CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
  CHR DefaultSearchKeyword: Default -> seznam.cz
  CHR DefaultSuggestURL: Default -> hxxps://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
  CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
  CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
  CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
  Task: {0007A619-1F16-41CB-AD42-0C58D66FFE5C} - System32\Tasks\{314F236F-9D61-4724-8055-306F5A6BF3B8} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\setup.exe -d C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}
  Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
  Task: {935ACA67-01B2-4012-B358-CB71EDF16088} - System32\Tasks\{7D7E2AFC-AA12-4B6D-AA44-3D66D3282E65} => C:\Windows\system32\pcalua.exe -a D:\MDVS\Setup\Setup.exe -d D:\MDVS\Setup
  Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
  Task: {CC6BE03C-7ADE-44DB-A5D8-6F0EFFE5BDFE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
  Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
  Task: {DF839088-43F5-46D0-97FB-1949184A9FC3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
  Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Na ploche by sa mal vytvorit ZIP archiv s aktualnym datumom a casom v nazve, nahraj ho napr. na leteckaposta.cz a posli odkaz na stiahnutie.

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.01.2019 01
Ran by Kapucky (09-01-2019 23:22:06) Run:1
Running from C:\Users\Kapucky\Desktop
Loaded Profiles: Kapucky (Available Profiles: Kapucky)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
File: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
Folder: C:\Windows\Minidump
Zip: C:\Windows\Minidump

HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\MountPoints2: {57fb4b9a-a4b3-11e5-96db-d43d7ee1c9d5} - G:\SETUP.EXE
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\MountPoints2: {7841e297-c564-11e3-bd3e-d43d7ee1c9d5} - F:\SETUP.EXE /AUTORUN
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\...\MountPoints2: {b3a4b2d4-16bb-11e7-979f-d43d7ee1c9d5} - E:\AutoRun.exe
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FF Homepage: Mozilla\Firefox\Profiles\2zizny6g.default -> hxxp://www.seznam.cz/
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxps://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
Task: {0007A619-1F16-41CB-AD42-0C58D66FFE5C} - System32\Tasks\{314F236F-9D61-4724-8055-306F5A6BF3B8} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\setup.exe -d C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {935ACA67-01B2-4012-B358-CB71EDF16088} - System32\Tasks\{7D7E2AFC-AA12-4B6D-AA44-3D66D3282E65} => C:\Windows\system32\pcalua.exe -a D:\MDVS\Setup\Setup.exe -d D:\MDVS\Setup
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CC6BE03C-7ADE-44DB-A5D8-6F0EFFE5BDFE} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DF839088-43F5-46D0-97FB-1949184A9FC3} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 20
Average :
Sum : 12279822
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========


========================= File: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe ========================

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
File not signed
MD5: 8FBBCD143A1E31B19C254D65BD3D0ABB
Creation and modification date: 2013-08-30 19:46 - 2013-08-30 19:46
Size: 000344064
Attributes: ----A
Company Name: Advanced Micro Devices, Inc.
Internal Name: Fuel
Original Name: Fuel.Service.exe
Product: AMD Fuel Service
Description: AMD Fuel Service
File Version: 1.0.0.0
Product Version: 1.0.0.0
Copyright: Copyright © 2009-2010 Advanced Micro Devices, Inc. All Rights Reserved
VirusTotal: https://www.virustotal.com/file/2fceb84 ... 538847885/

====== End of File: ======


========================= File: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt ========================

C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
File is digitally signed
MD5: D41D8CD98F00B204E9800998ECF8427E (0-byte)
Creation and modification date: 2014-01-10 17:09 - 2014-01-10 17:09
Size: 000000000
Attributes: ----D
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0-byte

====== End of File: ======


========================= Folder: C:\Windows\Minidump ========================

2019-01-06 22:16 - 2019-01-06 22:16 - 000441304 ____A [89266DA7C3F377D75CD783340AD955C8] () C:\Windows\Minidump\010619-16458-01.dmp

====== End of Folder: ======

================== Zip: ===================
C:\Windows\Minidump -> copied successfully to C:\Users\Kapucky\Desktop\09.01.2019_23.22.43.zip
=========== Zip: End ===========
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57fb4b9a-a4b3-11e5-96db-d43d7ee1c9d5} => removed successfully
HKLM\Software\Classes\CLSID\{57fb4b9a-a4b3-11e5-96db-d43d7ee1c9d5} => not found
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7841e297-c564-11e3-bd3e-d43d7ee1c9d5} => removed successfully
HKLM\Software\Classes\CLSID\{7841e297-c564-11e3-bd3e-d43d7ee1c9d5} => not found
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a4b2d4-16bb-11e7-979f-d43d7ee1c9d5} => removed successfully
HKLM\Software\Classes\CLSID\{b3a4b2d4-16bb-11e7-979f-d43d7ee1c9d5} => not found
HKU\S-1-5-21-2525883802-2620883698-3047885965-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17}" => removed successfully
HKLM\Software\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => not found
"Firefox homepage" => removed successfully
"HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0007A619-1F16-41CB-AD42-0C58D66FFE5C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0007A619-1F16-41CB-AD42-0C58D66FFE5C}" => removed successfully
C:\Windows\System32\Tasks\{314F236F-9D61-4724-8055-306F5A6BF3B8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{314F236F-9D61-4724-8055-306F5A6BF3B8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{935ACA67-01B2-4012-B358-CB71EDF16088}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{935ACA67-01B2-4012-B358-CB71EDF16088}" => removed successfully
C:\Windows\System32\Tasks\{7D7E2AFC-AA12-4B6D-AA44-3D66D3282E65} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D7E2AFC-AA12-4B6D-AA44-3D66D3282E65}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC6BE03C-7ADE-44DB-A5D8-6F0EFFE5BDFE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC6BE03C-7ADE-44DB-A5D8-6F0EFFE5BDFE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF839088-43F5-46D0-97FB-1949184A9FC3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF839088-43F5-46D0-97FB-1949184A9FC3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 156992021 B
Java, Flash, Steam htmlcache => 1289 B
Windows/system/drivers => 472931247 B
Edge => 0 B
Chrome => 67121732 B
Firefox => 189671682 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 71068 B
LocalService => 0 B
NetworkService => 610266 B
Kapucky => 10919140338 B

RecycleBin => 0 B
EmptyTemp: => 11 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:24:27 ====


http://leteckaposta.cz/718520484

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ssinstall
  File: C:\Windows\SysWOW64\ssins.exe
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Pockaj na dokoncenie
• Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.01.2019 01
Ran by Kapucky (10-01-2019 23:15:26) Run:2
Running from C:\Users\Kapucky\Desktop
Loaded Profiles: Kapucky (Available Profiles: Kapucky)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ssinstall
File: C:\Windows\SysWOW64\ssins.exe
End
*****************

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ssinstall]
"DisplayName"="Seznam Instalátor"
"DisplayIcon"="C:\Windows\SysWOW64\ssins.exe"
"UninstallString"="C:\Windows\system32\ssinstall-uninstall.bat"
"publisher"="Seznam.cz"

=== End of ExportKey ===

========================= File: C:\Windows\SysWOW64\ssins.exe ========================

C:\Windows\SysWOW64\ssins.exe
File is digitally signed
MD5: 46A6DF36E85082A9AAA3E8A3DFAE44D3
Creation and modification date: 2015-11-12 14:06 - 2016-11-23 12:59
Size: 004696960
Attributes: ----A
Company Name: PS Media s.r.o.
Internal Name: Seznam instalator
Original Name: sinstalator.exe
Product: Seznam.cz instalátor - služba
Description: Seznam.cz Instalátor
File Version: 3.4.0.0
Product Version: 3.4.0.0
Copyright: Radek Szurman
VirusTotal: https://www.virustotal.com/file/4103e0a ... 524761580/

====== End of File: ======


==== End of Fixlog 23:15:27 ====

Este poprosim spustit tento fixlist:

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.01.2019 01
Ran by Kapucky (11-01-2019 13:19:44) Run:3
Running from C:\Users\Kapucky\Desktop
Loaded Profiles: Kapucky (Available Profiles: Kapucky)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CMD: type "C:\Windows\system32\ssinstall-uninstall.bat"
End
*****************


========= type "C:\Windows\system32\ssinstall-uninstall.bat" =========

Syst‚m nem…§e nal‚zt uvedeně soubor.

========= End of CMD: =========


==== End of Fixlog 13:19:44 ====

OK. Co sa tyka tych BSOD, je tam len 1 minidump, z ktoreho vyplyva, ze BSOD bola sposobena padom AMD ovladaca. Ak je pre danu graficku kartu dostupna novsia verzia AMD ovladacov, odporucam aktualizovat.

Takisto odporucam doinstalovat vsetky dolezite aktualizacie cez Windows Update.

Spusti kontrolu integrity systemovych suborov:

• Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
• Skopiruj a spusti prikaz:

  Kód: Vybrat vše

  sfc /scannow

• Po dokonceni skopiruj a spusti tento prikaz:

  Kód: Vybrat vše

  findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"

• Na ploche sa vytvori subor sfcdetails.txt, zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
• Restartuj PC a napis ako sa chova PC

ovladače aktualizovány
windows update nespolupracuje - poslední aktualizace je z listopadu 2017 a nové to nechce najít, že prý je služba vypnuta a že je třeba restart (ten nepomáhá) - přitom jsou zaplé automatické aktualizace
pomocník windows pro řešení potíží s w. update taky nepomohl
do obnovení systému se mi nechce, protože tam jsou 2 body z 11.1.2019 a další je bitová kopie (záloha) z 2015 (zřejmě předtím, než jsem instaloval w10 a pak je vracel z5 na w7)
dál jsem se tedy nedostal

A ako to vyzera s tou kontrolou integrity? Ta ide spustit?

šlo to, ale nic nenašlo...

k aktualizacím jsem na netu našel toto, tak to zkusím:
"stačilo udělat tohle: Ovládací panely - Systém a zabezpečení - Windows Update - Změnit nastavení - a tam (stačí jen pro tu chvíli) zatrhnout: Nikdy nevyhledávat aktualizace. Pak už jsem spustil aktualizaci ručně a šlo to.."

už se aktualizuje...