Moc prosím o preventívní kontrolu po dlouhé době.

Zpráva

Tenda · #1 Příspěvek od **Tenda** » 30 dub 2019 14:36

Zdravím, moc prosím o preventívní kontrolu po dlouhé době, ntb je pomalejší a myslím, že za tu dobu bude dost šmejdů.
Hlavně celkem dlouho po spuštění ntb se vytěžuje HDD na 99% .

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.04.2019
Ran by Jara (administrator) on DESKTOP-R8SE3GV (ASUSTeK COMPUTER INC. X751LJ) (30-04-2019 15:19:36)
Running from C:\Users\Jara\Desktop
Loaded Profiles: Jara (Available Profiles: Jara)
Platform: Windows 10 Home Version 1709 16299.611 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19021.10411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Software602 a.s. -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (Canon Inc. -> CANON INC.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Run: [BingSvc] => C:\Users\Jara\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-01] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2052328 2018-07-24] (TomTom International BV -> TomTom)
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\RunOnce: [Uninstall 19.067.0404.0004\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\RunOnce: [Uninstall 19.067.0404.0004] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004"
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.108\Installer\chrmstp.exe [2019-04-30] (Google LLC -> Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09F3E5DC-C6A5-4FF6-8E12-8E781F2B3F91} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {107EA2E4-E368-4F15-AB85-5E6510271302} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-09] (Adobe Inc. -> Adobe)
Task: {25EBA759-DA85-4813-9C37-440FEA3D1C80} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {4691E769-7F6C-468D-8A92-CEC785F7C7F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-21] (Google Inc -> Google Inc.)
Task: {46994559-7642-488F-8044-5CA53436ED15} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-08] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {47692884-3771-4F24-8736-06E54567EA07} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5D005512-CCB4-4843-BF53-654C10D99BFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-21] (Google Inc -> Google Inc.)
Task: {69594331-51A6-477E-9D74-94F5618F3766} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {80B17154-DCAE-4738-AD98-54AC7BD5FE48} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-09] (Adobe Inc. -> Adobe)
Task: {86CC8FE8-73F4-46D7-872C-11771F1B4B0F} - System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Jara\AppData\Local\BrowserAir\Application\unins000.exe
Task: {86D7EE4F-62E2-42E2-81BD-3FC037E63EF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {96F180FA-E783-4F47-A241-DC1A4FD8C3AF} - System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE} => C:\WINDOWS\system32\pcalua.exe -a G:\17.exe -d G:\
Task: {9790162E-CE7F-40DC-B1F4-FFBF874D6D2D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2380088 2019-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {9CCE8484-C075-48C8-A93F-D7E0F97E2718} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5} - System32\Tasks\KMS_VL_ALL => C:\Users\Jara\Desktop\KMS_VL_ALL_6.8.2\KMS_VL_ALL.cmd
Task: {AF7E7051-3CE0-41A5-B41C-4932AF0F5638} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1618080 2015-05-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {BEBFE4E3-7C8F-4FA9-9304-8B078D0C7909} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {CDEFE595-2270-490A-8C0B-8AD04F47297F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16165632 2015-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {D110610B-0905-41D0-B682-9265A6CB5D3E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [141011376 2016-11-09] (Microsoft Windows -> Microsoft Corporation)
Task: {E4BDCB1E-40E2-4704-8B15-6941169A07F3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5c0e7e6f-408e-4def-9ea2-26116764a284}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6e2fa8ae-9eff-47be-9d0f-089e19944db2}: [DhcpNameServer] 192.168.0.1
HKLM\System\...\Parameters\PersistentRoutes: [137.116.81.24,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.30.202,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.185.70,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [77.67.29.176,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.39.10,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.29.238,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.93,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.92,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.71,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 65 PersistentRoutes.

Internet Explorer:
==================
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bi ... earchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)

FireFox:
========
FF DefaultProfile: 61qldhz4.default-1508666986359
FF ProfilePath: C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 [2019-03-19]
FF Homepage: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> hxxps://www.seznam.cz/?clid=22668
FF NewTab: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> about:newtab
FF HomepageOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
FF Extension: (Avast Online Security) - C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359\Extensions\wrc@avast.com.xpi [2018-07-19]
FF SearchPlugin: C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359\searchplugins\seznam-avast.xml [2018-06-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default [2019-04-30]
CHR Extension: (Prezentace) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-29]
CHR Extension: (Dokumenty) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-29]
CHR Extension: (Disk Google) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (YouTube) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-05]
CHR Extension: (Tabulky) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-16]
CHR Extension: (Gmail) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-04] (Intel(R) Software -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2017-09-29] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [601624 2015-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [19976 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel(R) Software -> Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-01] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
R4 RapportCerberus_1930415; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930415.sys [1659544 2019-04-08] (IBM -> IBM Corp.)
S3 RSUSBCCID; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBCCID; C:\Windows\SysWOW64\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [222720 2009-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek Semiconductor Corp -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2016-11-29] (Nemea Mjukvaruutveckling AB -> Basil)
U3 avgbdisk; no ImagePath
R4 RapportAegle64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [X]
R4 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-30 15:19 - 2019-04-30 15:21 - 000025348 _____ C:\Users\Jara\Desktop\FRST.txt
2019-04-30 15:18 - 2019-04-30 15:19 - 000000000 ____D C:\FRST
2019-04-30 15:15 - 2019-04-30 15:15 - 002429952 _____ (Farbar) C:\Users\Jara\Desktop\FRST64.exe
2019-04-30 11:08 - 2014-03-12 15:40 - 000070224 ____N (CANON INC.) C:\WINDOWS\SysWOW64\IJRMF.exe
2019-04-30 10:37 - 2019-02-13 08:33 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-04-14 09:13 - 2019-04-14 09:13 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-30 15:11 - 2018-02-07 23:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-30 11:42 - 2016-02-24 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-04-30 11:36 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2019-04-30 11:35 - 2018-02-08 00:29 - 000000000 ___RD C:\Users\Jara\OneDrive
2019-04-30 11:32 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-30 11:32 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-04-30 11:32 - 2016-02-23 14:49 - 000000000 ____D C:\Program Files\Microsoft Office
2019-04-30 11:08 - 2019-03-15 19:20 - 000000000 ____D C:\Program Files\CUAssistant
2019-04-30 11:08 - 2017-09-30 13:19 - 000000000 ____D C:\Program Files\rempl
2019-04-30 11:08 - 2016-02-24 10:02 - 000000000 ____D C:\Program Files (x86)\Canon
2019-04-30 11:01 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2019-04-30 10:54 - 2018-10-16 18:22 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-30 10:54 - 2018-02-08 00:11 - 002889262 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-30 10:54 - 2017-09-30 16:31 - 001309506 _____ C:\WINDOWS\system32\perfh005.dat
2019-04-30 10:54 - 2017-09-30 16:31 - 000316654 _____ C:\WINDOWS\system32\perfc005.dat
2019-04-30 10:54 - 2017-03-21 10:25 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-30 10:48 - 2016-10-06 14:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-04-30 10:48 - 2016-02-23 10:19 - 000000000 __SHD C:\Users\Jara\IntelGraphicsProfiles
2019-04-30 10:47 - 2018-02-08 00:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-30 10:47 - 2016-02-23 17:06 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-30 10:46 - 2017-09-29 10:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-30 10:43 - 2018-02-07 23:54 - 000000000 ____D C:\Users\Jara\AppData\Local\Packages
2019-04-30 10:43 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-30 10:43 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-30 10:41 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-30 10:37 - 2016-11-29 18:38 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-04-14 09:14 - 2016-03-15 14:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-10 15:03 - 2018-03-14 11:48 - 000003818 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-10 15:03 - 2018-02-08 00:20 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-04-10 15:03 - 2018-02-08 00:20 - 000003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-10 15:03 - 2018-02-08 00:20 - 000003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-04-10 15:03 - 2018-02-08 00:20 - 000003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-10 15:03 - 2018-02-08 00:20 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2019-04-10 15:03 - 2018-02-08 00:20 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2019-04-10 15:03 - 2018-02-08 00:20 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2019-04-10 15:03 - 2018-02-08 00:20 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-04-10 15:03 - 2018-02-08 00:20 - 000002270 _____ C:\WINDOWS\System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9}
2019-04-10 15:03 - 2018-02-08 00:20 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2019-04-10 15:03 - 2018-02-08 00:20 - 000002198 _____ C:\WINDOWS\System32\Tasks\KMS_VL_ALL
2019-04-10 15:03 - 2018-02-08 00:20 - 000002176 _____ C:\WINDOWS\System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE}
2019-04-10 15:03 - 2018-02-08 00:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-04-09 16:52 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-04-09 16:52 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-04-02 01:42 - 2018-04-12 10:32 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-02 01:42 - 2018-04-12 10:32 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-09-25 15:09 - 2017-09-25 15:09 - 007142416 _____ (AVAST Software) C:\Users\Jara\avast_internet_security_setup_online.exe
2018-06-05 20:15 - 2018-06-05 20:15 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jara\avg_antivirus_free_setup.exe
2018-12-02 10:59 - 2018-12-02 10:59 - 000488952 _____ (IBM Corp.) C:\Users\Jara\RapportSetup.exe
2016-03-13 13:16 - 2016-03-13 13:16 - 043828520 _____ () C:\Users\Jara\Seznam.cz.exe
2017-12-18 16:00 - 2017-12-18 16:00 - 085821536 _____ () C:\Users\Jara\software602_form_filler.exe
2017-06-29 16:23 - 2017-06-29 16:23 - 093663848 _____ (Acresso Software Inc. ) C:\Users\Jara\software602_form_filler_portable.exe
2017-06-29 16:25 - 2011-06-13 10:42 - 000000049 _____ () C:\Users\Jara\start.cmd
2017-06-15 13:57 - 2017-06-15 13:57 - 012024848 _____ (TeamViewer) C:\Users\Jara\TeamViewerQS.exe
2018-10-12 13:58 - 2018-10-12 14:01 - 000000294 _____ () C:\Users\Jara\AppData\Local\config.ini
2018-10-12 13:57 - 2018-10-12 14:01 - 000000000 _____ () C:\Users\Jara\AppData\Local\simedit.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-04-30 11:49
==================== End of FRST.txt ============================

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019
Ran by Jara (30-04-2019 15:21:38)
Running from C:\Users\Jara\Desktop
Windows 10 Home Version 1709 16299.611 (X64) (2018-02-07 22:22:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3330780853-3320950359-2519976978-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3330780853-3320950359-2519976978-503 - Limited - Disabled)
Guest (S-1-5-21-3330780853-3320950359-2519976978-501 - Limited - Disabled)
Jara (S-1-5-21-3330780853-3320950359-2519976978-1001 - Administrator - Enabled) => C:\Users\Jara
WDAGUtilityAccount (S-1-5-21-3330780853-3320950359-2519976978-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.91 - ICEpower a/s)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.57.1049 - Webteh, d.o.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon MG6600 series On-screen Manual (HKLM-x32\...\Canon MG6600 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
eObčanka (HKLM\...\{368DA93C-9B3A-4140-9D20-569C4948D99A}) (Version: 3.1.0.18314 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.108 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 65.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 65.0.2 (x64 cs)) (Version: 65.0.2 - Mozilla)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 369.09 - NVIDIA Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30103 - Realtek Semiconductor Corp.)
Seznam prohlížeč (HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Seznam Browser) (Version: 4.4.10 - Seznam.cz a.s.)
Software602 Form Filler (HKLM-x32\...\{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}) (Version: 4.70 - Software602 a.s.)
TomTom MyDrive Connect 4.2.2.3561 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.2.3561 - TomTom)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-12-18 16:05 - 2015-07-14 13:27 - 000036864 _____ (Windows (R) Win 7 DDK provider) [File not signed] C:\WINDOWS\System32\602localmon.dll
2015-07-29 21:36 - 2015-07-29 21:36 - 000323152 _____ (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
2015-05-19 10:11 - 2015-05-19 10:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2019-01-09 15:22 - 000004967 _____ C:\WINDOWS\system32\drivers\etc\hosts

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com

There are 93 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Control Panel\Desktop\\Wallpaper -> G:\DCIM\100NIKON\DSCN0981.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45D52FC9-11ED-404D-AA12-98D33D0EA3F5}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{101C64C9-CAC8-44AC-841C-86CB1043E945}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{9BDEB4DA-C1F7-4507-BE52-D1FB7C51BCB8}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [UDP Query User{D7428E16-0403-40EF-8F42-6942B28BA08B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{29729BA3-2FB6-44FC-8CC6-07A0128958D6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{3C8A7324-AB91-4438-80EE-FA087D60D36D}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{9CFFF001-18D5-4A28-B564-2E22411704F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0B75F049-F169-48BE-AD83-8707EB45733B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{356CA582-6CBA-4D99-8A09-14ECECF9B817}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{64C773EB-2376-48FB-8BD0-C4ABBB439521}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{646FD863-EC87-45C2-AA58-FE3C87E1B4B1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{4B903569-C33C-443B-9B7D-FF946DE78ED1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{490F45C7-DA06-462C-9F9D-31FB88F72F83}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{EBD201EB-4BCC-4A9F-A85C-E19402A9123C}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{0819CF5C-C53A-474A-9462-C95853243364}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

30-04-2019 12:42:12 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2019 03:11:49 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 11:06:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (04/30/2019 10:48:35 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-R8SE3GV$ přes https://INTC-KeyId-145126d0fdb53e99907d ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(4016ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswVmm.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswStm.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
Systém nemůže nalézt uvedený soubor.
.

System errors:
=============
Error: (04/30/2019 03:12:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R8SE3GV)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-R8SE3GV\Jara (SID: S-1-5-21-3330780853-3320950359-2519976978-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/30/2019 12:48:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/30/2019 12:48:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/30/2019 12:48:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/30/2019 12:48:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/30/2019 12:22:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (04/30/2019 11:12:45 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R8SE3GV)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-R8SE3GV\Jara (SID: S-1-5-21-3330780853-3320950359-2519976978-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/30/2019 11:07:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby sedsvc bylo dosaženo časového limitu (30000 ms).

Windows Defender:
===================================
Date: 2019-04-30 10:50:09.123
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.121
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 116.1.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Systém kontroly sítě
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 2.1.13804.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.066
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.065
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.063
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X751LJ.704 08/10/2015
Motherboard: ASUSTeK COMPUTER INC. X751LJ
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 8062.7 MB
Available physical RAM: 4735.6 MB
Total Virtual: 9342.7 MB
Available Virtual: 5954.36 MB

==================== Drives ================================

Drive c: (WIN 10 Home) (Fixed) (Total:371.5 GB) (Free:300.58 GB) NTFS
Drive d: (Disco ) (Fixed) (Total:558.91 GB) (Free:515.56 GB) NTFS

\\?\Volume{d3b41536-0f9d-4742-a7a3-ce4821d484f2}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{4f68855c-3527-4e09-985d-462cc0b14762}\ () (Fixed) (Total:0.83 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81052E31)

Partition: GPT.

==================== End of Addition.txt ============================

#2 Příspěvek od **Conder** » 30 dub 2019 20:59

Ahoj

System nebol aktualizovany od 08/2018, odporucam doinstalovat aktualizacie cez Windows Update.

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
Nechaj zaskrtnute vsetky nalezy
Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
Otvori sa log, jeho obsah sem skopiruj

Tenda · #3 Příspěvek od **Tenda** » 30 dub 2019 21:39

Ahoj, aktualizace jsem právě provedl, ale zoblo si to asi jen 2 a dále pokud dám vyhledat nové, tak hlásí
Zařízení je aktuální. Poslední kontrola proběhla: dnes v 22:32

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-30-2019
# Duration: 00:00:05
# OS: Windows 10 Home
# Cleaned: 10
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Jara\AppData\Local\Seznam.cz

***** [ Files ] *****

Deleted C:\Windows\rsrcs.dll

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKCU\Software\Conduit
Deleted HKCU\Software\Seznam.cz
Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
Deleted HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\AmazonAppIE.dll
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2066 octets] - [30/04/2019 22:30:48]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **Conder** » 30 dub 2019 23:10

Uvidime pokial sa to aktualizovalo. Poprosim o obidva nove logy z FRST.

Tenda · #5 Příspěvek od **Tenda** » 01 kvě 2019 15:42

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05.2019
Ran by Jara (administrator) on DESKTOP-R8SE3GV (ASUSTeK COMPUTER INC. X751LJ) (01-05-2019 16:32:59)
Running from C:\Users\Jara\Desktop
Loaded Profiles: Jara (Available Profiles: Jara)
Platform: Windows 10 Home Version 1709 16299.611 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.541_none_16e8222032163850\TiWorker.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Software602 a.s. -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (Canon Inc. -> CANON INC.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Run: [BingSvc] => C:\Users\Jara\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-01] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2052328 2018-07-24] (TomTom International BV -> TomTom)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-01] (Google LLC -> Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09F3E5DC-C6A5-4FF6-8E12-8E781F2B3F91} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {107EA2E4-E368-4F15-AB85-5E6510271302} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-09] (Adobe Inc. -> Adobe)
Task: {25EBA759-DA85-4813-9C37-440FEA3D1C80} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {3B46A185-4072-48F2-9940-5B9F88540FB9} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe [258568 2019-03-11] (Microsoft Windows -> Microsoft Corporation)
Task: {4691E769-7F6C-468D-8A92-CEC785F7C7F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-21] (Google Inc -> Google Inc.)
Task: {46994559-7642-488F-8044-5CA53436ED15} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-08] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {47692884-3771-4F24-8736-06E54567EA07} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5D005512-CCB4-4843-BF53-654C10D99BFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-21] (Google Inc -> Google Inc.)
Task: {69594331-51A6-477E-9D74-94F5618F3766} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {80B17154-DCAE-4738-AD98-54AC7BD5FE48} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-09] (Adobe Inc. -> Adobe)
Task: {86CC8FE8-73F4-46D7-872C-11771F1B4B0F} - System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Jara\AppData\Local\BrowserAir\Application\unins000.exe
Task: {86D7EE4F-62E2-42E2-81BD-3FC037E63EF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {96F180FA-E783-4F47-A241-DC1A4FD8C3AF} - System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE} => C:\WINDOWS\system32\pcalua.exe -a G:\17.exe -d G:\
Task: {9790162E-CE7F-40DC-B1F4-FFBF874D6D2D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2380088 2019-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5} - System32\Tasks\KMS_VL_ALL => C:\Users\Jara\Desktop\KMS_VL_ALL_6.8.2\KMS_VL_ALL.cmd
Task: {AF7E7051-3CE0-41A5-B41C-4932AF0F5638} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1618080 2015-05-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {BEBFE4E3-7C8F-4FA9-9304-8B078D0C7909} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {CDEFE595-2270-490A-8C0B-8AD04F47297F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16165632 2015-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {D110610B-0905-41D0-B682-9265A6CB5D3E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [141011376 2016-11-09] (Microsoft Windows -> Microsoft Corporation)
Task: {E4BDCB1E-40E2-4704-8B15-6941169A07F3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5c0e7e6f-408e-4def-9ea2-26116764a284}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6e2fa8ae-9eff-47be-9d0f-089e19944db2}: [DhcpNameServer] 192.168.0.1
HKLM\System\...\Parameters\PersistentRoutes: [137.116.81.24,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.30.202,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.185.70,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [77.67.29.176,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.39.10,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.29.238,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.93,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.92,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.71,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 65 PersistentRoutes.

Internet Explorer:
==================
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bi ... earchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)

FireFox:
========
FF DefaultProfile: 61qldhz4.default-1508666986359
FF ProfilePath: C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 [2019-04-30]
FF Homepage: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> hxxps://www.seznam.cz/?clid=22668
FF NewTab: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> about:newtab
FF HomepageOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
FF Extension: (Avast Online Security) - C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359\Extensions\wrc@avast.com.xpi [2018-07-19]
FF SearchPlugin: C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359\searchplugins\seznam-avast.xml [2018-06-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default [2019-05-01]
CHR Extension: (Prezentace) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-29]
CHR Extension: (Dokumenty) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-29]
CHR Extension: (Disk Google) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (YouTube) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-05]
CHR Extension: (Tabulky) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-16]
CHR Extension: (Gmail) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-04] (Intel(R) Software -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2017-09-29] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [601624 2015-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [19976 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel(R) Software -> Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-01] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RSUSBCCID; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBCCID; C:\Windows\SysWOW64\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [222720 2009-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek Semiconductor Corp -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2016-11-29] (Nemea Mjukvaruutveckling AB -> Basil)
U3 avgbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-01 16:32 - 2019-05-01 16:34 - 000023772 _____ C:\Users\Jara\Desktop\FRST.txt
2019-05-01 16:32 - 2019-05-01 16:32 - 000000000 ____D C:\Users\Jara\Desktop\FRST-OlderVersion
2019-04-30 22:30 - 2019-04-30 22:30 - 000000066 _____ C:\Users\Jara\Desktop\j.txt
2019-04-30 22:28 - 2019-04-30 22:31 - 000000000 ____D C:\AdwCleaner
2019-04-30 16:49 - 2019-05-01 16:30 - 000000000 ___RD C:\Users\Jara\Desktop\Nová složka
2019-04-30 15:18 - 2019-05-01 16:32 - 000000000 ____D C:\FRST
2019-04-30 15:15 - 2019-05-01 16:32 - 002430464 _____ (Farbar) C:\Users\Jara\Desktop\FRST64.exe
2019-04-30 10:37 - 2019-02-13 08:33 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-04-14 09:13 - 2019-04-14 09:13 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-01 16:32 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2019-05-01 16:30 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-01 16:30 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-01 16:26 - 2016-10-06 14:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-05-01 16:26 - 2016-02-23 10:19 - 000000000 __SHD C:\Users\Jara\IntelGraphicsProfiles
2019-05-01 08:57 - 2018-10-16 18:22 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-01 08:57 - 2017-03-21 10:25 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-30 22:36 - 2018-02-08 00:11 - 002921912 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-30 22:36 - 2017-09-30 16:31 - 001325776 _____ C:\WINDOWS\system32\perfh005.dat
2019-04-30 22:36 - 2017-09-30 16:31 - 000321510 _____ C:\WINDOWS\system32\perfc005.dat
2019-04-30 22:33 - 2018-02-07 23:48 - 000406576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-30 22:32 - 2018-02-08 00:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-30 22:31 - 2017-09-29 10:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-30 22:25 - 2019-03-15 19:20 - 000000000 ____D C:\Program Files\CUAssistant
2019-04-30 22:25 - 2017-09-30 13:19 - 000000000 ____D C:\Program Files\rempl
2019-04-30 22:23 - 2018-02-07 23:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-30 17:04 - 2018-08-21 07:22 - 000000000 ____D C:\ProgramData\Packages
2019-04-30 16:26 - 2018-02-07 23:54 - 000000000 ____D C:\Users\Jara\AppData\Local\Packages
2019-04-30 16:23 - 2016-09-28 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2019-04-30 15:26 - 2016-11-20 10:30 - 000000000 ____D C:\Users\Jara\AppData\LocalLow\Mozilla
2019-04-30 11:42 - 2016-02-24 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-04-30 11:36 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2019-04-30 11:35 - 2018-02-08 00:29 - 000000000 ___RD C:\Users\Jara\OneDrive
2019-04-30 11:32 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-30 11:32 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-04-30 11:08 - 2016-02-24 10:02 - 000000000 ____D C:\Program Files (x86)\Canon
2019-04-30 10:47 - 2016-02-23 17:06 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-30 10:41 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-30 10:37 - 2016-11-29 18:38 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-04-14 09:14 - 2016-03-15 14:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-10 15:03 - 2018-03-14 11:48 - 000003818 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-10 15:03 - 2018-02-08 00:20 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-04-10 15:03 - 2018-02-08 00:20 - 000003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-10 15:03 - 2018-02-08 00:20 - 000003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-04-10 15:03 - 2018-02-08 00:20 - 000003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-10 15:03 - 2018-02-08 00:20 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2019-04-10 15:03 - 2018-02-08 00:20 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2019-04-10 15:03 - 2018-02-08 00:20 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2019-04-10 15:03 - 2018-02-08 00:20 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-04-10 15:03 - 2018-02-08 00:20 - 000002270 _____ C:\WINDOWS\System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9}
2019-04-10 15:03 - 2018-02-08 00:20 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2019-04-10 15:03 - 2018-02-08 00:20 - 000002198 _____ C:\WINDOWS\System32\Tasks\KMS_VL_ALL
2019-04-10 15:03 - 2018-02-08 00:20 - 000002176 _____ C:\WINDOWS\System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE}
2019-04-10 15:03 - 2018-02-08 00:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-04-09 16:52 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-04-09 16:52 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-04-02 01:42 - 2018-04-12 10:32 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-02 01:42 - 2018-04-12 10:32 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-09-25 15:09 - 2017-09-25 15:09 - 007142416 _____ (AVAST Software) C:\Users\Jara\avast_internet_security_setup_online.exe
2018-06-05 20:15 - 2018-06-05 20:15 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jara\avg_antivirus_free_setup.exe
2018-12-02 10:59 - 2018-12-02 10:59 - 000488952 _____ (IBM Corp.) C:\Users\Jara\RapportSetup.exe
2016-03-13 13:16 - 2016-03-13 13:16 - 043828520 _____ () C:\Users\Jara\Seznam.cz.exe
2017-12-18 16:00 - 2017-12-18 16:00 - 085821536 _____ () C:\Users\Jara\software602_form_filler.exe
2017-06-29 16:23 - 2017-06-29 16:23 - 093663848 _____ (Acresso Software Inc. ) C:\Users\Jara\software602_form_filler_portable.exe
2017-06-29 16:25 - 2011-06-13 10:42 - 000000049 _____ () C:\Users\Jara\start.cmd
2017-06-15 13:57 - 2017-06-15 13:57 - 012024848 _____ (TeamViewer) C:\Users\Jara\TeamViewerQS.exe
2018-10-12 13:58 - 2018-10-12 14:01 - 000000294 _____ () C:\Users\Jara\AppData\Local\config.ini
2018-10-12 13:57 - 2018-10-12 14:01 - 000000000 _____ () C:\Users\Jara\AppData\Local\simedit.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-04-30 11:49
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05.2019
Ran by Jara (01-05-2019 16:34:57)
Running from C:\Users\Jara\Desktop
Windows 10 Home Version 1709 16299.611 (X64) (2018-02-07 22:22:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3330780853-3320950359-2519976978-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3330780853-3320950359-2519976978-503 - Limited - Disabled)
Guest (S-1-5-21-3330780853-3320950359-2519976978-501 - Limited - Disabled)
Jara (S-1-5-21-3330780853-3320950359-2519976978-1001 - Administrator - Enabled) => C:\Users\Jara
WDAGUtilityAccount (S-1-5-21-3330780853-3320950359-2519976978-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.91 - ICEpower a/s)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.57.1049 - Webteh, d.o.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon MG6600 series On-screen Manual (HKLM-x32\...\Canon MG6600 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
eObčanka (HKLM\...\{368DA93C-9B3A-4140-9D20-569C4948D99A}) (Version: 3.1.0.18314 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 65.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 65.0.2 (x64 cs)) (Version: 65.0.2 - Mozilla)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 369.09 - NVIDIA Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30103 - Realtek Semiconductor Corp.)
Seznam prohlížeč (HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Seznam Browser) (Version: 4.4.10 - Seznam.cz a.s.)
Software602 Form Filler (HKLM-x32\...\{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}) (Version: 4.70 - Software602 a.s.)
TomTom MyDrive Connect 4.2.2.3561 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.2.3561 - TomTom)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-12-18 16:05 - 2015-07-14 13:27 - 000036864 _____ (Windows (R) Win 7 DDK provider) [File not signed] C:\WINDOWS\System32\602localmon.dll
2015-07-29 21:36 - 2015-07-29 21:36 - 000323152 _____ (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
2015-05-19 10:11 - 2015-05-19 10:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2016-02-24 10:07 - 2014-01-17 17:51 - 000588288 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2016-02-24 10:07 - 2013-11-07 20:35 - 000561152 _____ (CANON INC. ) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2019-01-09 15:22 - 000004967 _____ C:\WINDOWS\system32\drivers\etc\hosts

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com

There are 93 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Control Panel\Desktop\\Wallpaper -> G:\DCIM\100NIKON\DSCN0981.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45D52FC9-11ED-404D-AA12-98D33D0EA3F5}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{101C64C9-CAC8-44AC-841C-86CB1043E945}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{9BDEB4DA-C1F7-4507-BE52-D1FB7C51BCB8}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [UDP Query User{D7428E16-0403-40EF-8F42-6942B28BA08B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{29729BA3-2FB6-44FC-8CC6-07A0128958D6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{3C8A7324-AB91-4438-80EE-FA087D60D36D}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{9CFFF001-18D5-4A28-B564-2E22411704F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0B75F049-F169-48BE-AD83-8707EB45733B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{356CA582-6CBA-4D99-8A09-14ECECF9B817}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{64C773EB-2376-48FB-8BD0-C4ABBB439521}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{646FD863-EC87-45C2-AA58-FE3C87E1B4B1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{4B903569-C33C-443B-9B7D-FF946DE78ED1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{490F45C7-DA06-462C-9F9D-31FB88F72F83}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{EBD201EB-4BCC-4A9F-A85C-E19402A9123C}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{A6F6C7C9-37EB-4DF9-B101-AD8BB3BE42BD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

30-04-2019 12:42:12 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2019 04:26:27 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (05/01/2019 08:54:42 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 03:42:01 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 03:11:49 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 11:06:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (04/30/2019 10:48:35 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-R8SE3GV$ přes https://INTC-KeyId-145126d0fdb53e99907d ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(4016ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

System errors:
=============
Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 08:57:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 08:55:52 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R8SE3GV)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-R8SE3GV\Jara (SID: S-1-5-21-3330780853-3320950359-2519976978-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Windows Defender:
===================================
Date: 2019-04-30 17:18:05.056
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Detplock
ID: 2147680291
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Jara\Desktop\CrystalDiskInfo8_0_0.exe;webfile:_C:\Users\Jara\Desktop\CrystalDiskInfo8_0_0.exe|https://ftp.stahuj.cz/dl/6c192d6907c7b2 ... chrome.exe
Původ zjišťování: Internet
Typ zjišťování: FastPath
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: Unknown
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 16:18:24.861
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\Microsoft Office\KMS_VL_ALL_6.8.2\64-bit\SppExtComObjPatcher.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 16:18:12.254
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\Microsoft Office\KMS_VL_ALL_6.8.2\64-bit\SppExtComObjPatcher.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 16:17:55.235
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\Microsoft Office\KMS_VL_ALL_6.8.2\64-bit\SppExtComObjPatcher.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 10:50:09.123
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.121
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 116.1.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Systém kontroly sítě
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 2.1.13804.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.066
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.065
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.063
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X751LJ.704 08/10/2015
Motherboard: ASUSTeK COMPUTER INC. X751LJ
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 29%
Total physical RAM: 8062.7 MB
Available physical RAM: 5702.42 MB
Total Virtual: 9342.7 MB
Available Virtual: 7010.87 MB

==================== Drives ================================

Drive c: (WIN 10 Home) (Fixed) (Total:371.5 GB) (Free:300.61 GB) NTFS
Drive d: (Disco ) (Fixed) (Total:558.91 GB) (Free:515.56 GB) NTFS

\\?\Volume{d3b41536-0f9d-4742-a7a3-ce4821d484f2}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{4f68855c-3527-4e09-985d-462cc0b14762}\ () (Fixed) (Total:0.83 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81052E31)

Partition: GPT.

==================== End of Addition.txt ============================

Tenda · #6 Příspěvek od **Tenda** » 01 kvě 2019 15:42

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05.2019
Ran by Jara (administrator) on DESKTOP-R8SE3GV (ASUSTeK COMPUTER INC. X751LJ) (01-05-2019 16:32:59)
Running from C:\Users\Jara\Desktop
Loaded Profiles: Jara (Available Profiles: Jara)
Platform: Windows 10 Home Version 1709 16299.611 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.541_none_16e8222032163850\TiWorker.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Software602 a.s. -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (Canon Inc. -> CANON INC.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Run: [BingSvc] => C:\Users\Jara\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-01] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2052328 2018-07-24] (TomTom International BV -> TomTom)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-01] (Google LLC -> Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09F3E5DC-C6A5-4FF6-8E12-8E781F2B3F91} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {107EA2E4-E368-4F15-AB85-5E6510271302} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-09] (Adobe Inc. -> Adobe)
Task: {25EBA759-DA85-4813-9C37-440FEA3D1C80} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {3B46A185-4072-48F2-9940-5B9F88540FB9} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe [258568 2019-03-11] (Microsoft Windows -> Microsoft Corporation)
Task: {4691E769-7F6C-468D-8A92-CEC785F7C7F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-21] (Google Inc -> Google Inc.)
Task: {46994559-7642-488F-8044-5CA53436ED15} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-08] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {47692884-3771-4F24-8736-06E54567EA07} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5D005512-CCB4-4843-BF53-654C10D99BFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-21] (Google Inc -> Google Inc.)
Task: {69594331-51A6-477E-9D74-94F5618F3766} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {80B17154-DCAE-4738-AD98-54AC7BD5FE48} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-09] (Adobe Inc. -> Adobe)
Task: {86CC8FE8-73F4-46D7-872C-11771F1B4B0F} - System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Jara\AppData\Local\BrowserAir\Application\unins000.exe
Task: {86D7EE4F-62E2-42E2-81BD-3FC037E63EF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {96F180FA-E783-4F47-A241-DC1A4FD8C3AF} - System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE} => C:\WINDOWS\system32\pcalua.exe -a G:\17.exe -d G:\
Task: {9790162E-CE7F-40DC-B1F4-FFBF874D6D2D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2380088 2019-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5} - System32\Tasks\KMS_VL_ALL => C:\Users\Jara\Desktop\KMS_VL_ALL_6.8.2\KMS_VL_ALL.cmd
Task: {AF7E7051-3CE0-41A5-B41C-4932AF0F5638} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1618080 2015-05-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {BEBFE4E3-7C8F-4FA9-9304-8B078D0C7909} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {CDEFE595-2270-490A-8C0B-8AD04F47297F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16165632 2015-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {D110610B-0905-41D0-B682-9265A6CB5D3E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [141011376 2016-11-09] (Microsoft Windows -> Microsoft Corporation)
Task: {E4BDCB1E-40E2-4704-8B15-6941169A07F3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5c0e7e6f-408e-4def-9ea2-26116764a284}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6e2fa8ae-9eff-47be-9d0f-089e19944db2}: [DhcpNameServer] 192.168.0.1
HKLM\System\...\Parameters\PersistentRoutes: [137.116.81.24,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.30.202,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.185.70,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [77.67.29.176,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.39.10,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.29.238,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.93,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.92,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.71,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 65 PersistentRoutes.

Internet Explorer:
==================
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bi ... earchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)

FireFox:
========
FF DefaultProfile: 61qldhz4.default-1508666986359
FF ProfilePath: C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 [2019-04-30]
FF Homepage: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> hxxps://www.seznam.cz/?clid=22668
FF NewTab: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> about:newtab
FF HomepageOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
FF Extension: (Avast Online Security) - C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359\Extensions\wrc@avast.com.xpi [2018-07-19]
FF SearchPlugin: C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359\searchplugins\seznam-avast.xml [2018-06-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default [2019-05-01]
CHR Extension: (Prezentace) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-29]
CHR Extension: (Dokumenty) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-29]
CHR Extension: (Disk Google) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (YouTube) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-05]
CHR Extension: (Tabulky) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-16]
CHR Extension: (Gmail) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-04] (Intel(R) Software -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2017-09-29] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [601624 2015-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [19976 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel(R) Software -> Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-01] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RSUSBCCID; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBCCID; C:\Windows\SysWOW64\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [222720 2009-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek Semiconductor Corp -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2016-11-29] (Nemea Mjukvaruutveckling AB -> Basil)
U3 avgbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-01 16:32 - 2019-05-01 16:34 - 000023772 _____ C:\Users\Jara\Desktop\FRST.txt
2019-05-01 16:32 - 2019-05-01 16:32 - 000000000 ____D C:\Users\Jara\Desktop\FRST-OlderVersion
2019-04-30 22:30 - 2019-04-30 22:30 - 000000066 _____ C:\Users\Jara\Desktop\j.txt
2019-04-30 22:28 - 2019-04-30 22:31 - 000000000 ____D C:\AdwCleaner
2019-04-30 16:49 - 2019-05-01 16:30 - 000000000 ___RD C:\Users\Jara\Desktop\Nová složka
2019-04-30 15:18 - 2019-05-01 16:32 - 000000000 ____D C:\FRST
2019-04-30 15:15 - 2019-05-01 16:32 - 002430464 _____ (Farbar) C:\Users\Jara\Desktop\FRST64.exe
2019-04-30 10:37 - 2019-02-13 08:33 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-04-14 09:13 - 2019-04-14 09:13 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-01 16:32 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2019-05-01 16:30 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-01 16:30 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-01 16:26 - 2016-10-06 14:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-05-01 16:26 - 2016-02-23 10:19 - 000000000 __SHD C:\Users\Jara\IntelGraphicsProfiles
2019-05-01 08:57 - 2018-10-16 18:22 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-01 08:57 - 2017-03-21 10:25 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-30 22:36 - 2018-02-08 00:11 - 002921912 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-30 22:36 - 2017-09-30 16:31 - 001325776 _____ C:\WINDOWS\system32\perfh005.dat
2019-04-30 22:36 - 2017-09-30 16:31 - 000321510 _____ C:\WINDOWS\system32\perfc005.dat
2019-04-30 22:33 - 2018-02-07 23:48 - 000406576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-30 22:32 - 2018-02-08 00:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-30 22:31 - 2017-09-29 10:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-30 22:25 - 2019-03-15 19:20 - 000000000 ____D C:\Program Files\CUAssistant
2019-04-30 22:25 - 2017-09-30 13:19 - 000000000 ____D C:\Program Files\rempl
2019-04-30 22:23 - 2018-02-07 23:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-30 17:04 - 2018-08-21 07:22 - 000000000 ____D C:\ProgramData\Packages
2019-04-30 16:26 - 2018-02-07 23:54 - 000000000 ____D C:\Users\Jara\AppData\Local\Packages
2019-04-30 16:23 - 2016-09-28 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2019-04-30 15:26 - 2016-11-20 10:30 - 000000000 ____D C:\Users\Jara\AppData\LocalLow\Mozilla
2019-04-30 11:42 - 2016-02-24 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-04-30 11:36 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2019-04-30 11:35 - 2018-02-08 00:29 - 000000000 ___RD C:\Users\Jara\OneDrive
2019-04-30 11:32 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-30 11:32 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-04-30 11:08 - 2016-02-24 10:02 - 000000000 ____D C:\Program Files (x86)\Canon
2019-04-30 10:47 - 2016-02-23 17:06 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-30 10:41 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-30 10:37 - 2016-11-29 18:38 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-04-14 09:14 - 2016-03-15 14:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-10 15:03 - 2018-03-14 11:48 - 000003818 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-10 15:03 - 2018-02-08 00:20 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-04-10 15:03 - 2018-02-08 00:20 - 000003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-10 15:03 - 2018-02-08 00:20 - 000003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-04-10 15:03 - 2018-02-08 00:20 - 000003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-10 15:03 - 2018-02-08 00:20 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2019-04-10 15:03 - 2018-02-08 00:20 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2019-04-10 15:03 - 2018-02-08 00:20 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2019-04-10 15:03 - 2018-02-08 00:20 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-04-10 15:03 - 2018-02-08 00:20 - 000002270 _____ C:\WINDOWS\System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9}
2019-04-10 15:03 - 2018-02-08 00:20 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2019-04-10 15:03 - 2018-02-08 00:20 - 000002198 _____ C:\WINDOWS\System32\Tasks\KMS_VL_ALL
2019-04-10 15:03 - 2018-02-08 00:20 - 000002176 _____ C:\WINDOWS\System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE}
2019-04-10 15:03 - 2018-02-08 00:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-04-09 16:52 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-04-09 16:52 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-04-02 01:42 - 2018-04-12 10:32 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-02 01:42 - 2018-04-12 10:32 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-09-25 15:09 - 2017-09-25 15:09 - 007142416 _____ (AVAST Software) C:\Users\Jara\avast_internet_security_setup_online.exe
2018-06-05 20:15 - 2018-06-05 20:15 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jara\avg_antivirus_free_setup.exe
2018-12-02 10:59 - 2018-12-02 10:59 - 000488952 _____ (IBM Corp.) C:\Users\Jara\RapportSetup.exe
2016-03-13 13:16 - 2016-03-13 13:16 - 043828520 _____ () C:\Users\Jara\Seznam.cz.exe
2017-12-18 16:00 - 2017-12-18 16:00 - 085821536 _____ () C:\Users\Jara\software602_form_filler.exe
2017-06-29 16:23 - 2017-06-29 16:23 - 093663848 _____ (Acresso Software Inc. ) C:\Users\Jara\software602_form_filler_portable.exe
2017-06-29 16:25 - 2011-06-13 10:42 - 000000049 _____ () C:\Users\Jara\start.cmd
2017-06-15 13:57 - 2017-06-15 13:57 - 012024848 _____ (TeamViewer) C:\Users\Jara\TeamViewerQS.exe
2018-10-12 13:58 - 2018-10-12 14:01 - 000000294 _____ () C:\Users\Jara\AppData\Local\config.ini
2018-10-12 13:57 - 2018-10-12 14:01 - 000000000 _____ () C:\Users\Jara\AppData\Local\simedit.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-04-30 11:49
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05.2019
Ran by Jara (01-05-2019 16:34:57)
Running from C:\Users\Jara\Desktop
Windows 10 Home Version 1709 16299.611 (X64) (2018-02-07 22:22:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3330780853-3320950359-2519976978-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3330780853-3320950359-2519976978-503 - Limited - Disabled)
Guest (S-1-5-21-3330780853-3320950359-2519976978-501 - Limited - Disabled)
Jara (S-1-5-21-3330780853-3320950359-2519976978-1001 - Administrator - Enabled) => C:\Users\Jara
WDAGUtilityAccount (S-1-5-21-3330780853-3320950359-2519976978-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.91 - ICEpower a/s)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.57.1049 - Webteh, d.o.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon MG6600 series On-screen Manual (HKLM-x32\...\Canon MG6600 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
eObčanka (HKLM\...\{368DA93C-9B3A-4140-9D20-569C4948D99A}) (Version: 3.1.0.18314 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 65.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 65.0.2 (x64 cs)) (Version: 65.0.2 - Mozilla)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 369.09 - NVIDIA Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30103 - Realtek Semiconductor Corp.)
Seznam prohlížeč (HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Seznam Browser) (Version: 4.4.10 - Seznam.cz a.s.)
Software602 Form Filler (HKLM-x32\...\{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}) (Version: 4.70 - Software602 a.s.)
TomTom MyDrive Connect 4.2.2.3561 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.2.3561 - TomTom)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-12-18 16:05 - 2015-07-14 13:27 - 000036864 _____ (Windows (R) Win 7 DDK provider) [File not signed] C:\WINDOWS\System32\602localmon.dll
2015-07-29 21:36 - 2015-07-29 21:36 - 000323152 _____ (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
2015-05-19 10:11 - 2015-05-19 10:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2016-02-24 10:07 - 2014-01-17 17:51 - 000588288 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2016-02-24 10:07 - 2013-11-07 20:35 - 000561152 _____ (CANON INC. ) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2019-01-09 15:22 - 000004967 _____ C:\WINDOWS\system32\drivers\etc\hosts

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com

There are 93 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Control Panel\Desktop\\Wallpaper -> G:\DCIM\100NIKON\DSCN0981.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45D52FC9-11ED-404D-AA12-98D33D0EA3F5}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{101C64C9-CAC8-44AC-841C-86CB1043E945}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{9BDEB4DA-C1F7-4507-BE52-D1FB7C51BCB8}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [UDP Query User{D7428E16-0403-40EF-8F42-6942B28BA08B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{29729BA3-2FB6-44FC-8CC6-07A0128958D6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{3C8A7324-AB91-4438-80EE-FA087D60D36D}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{9CFFF001-18D5-4A28-B564-2E22411704F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0B75F049-F169-48BE-AD83-8707EB45733B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{356CA582-6CBA-4D99-8A09-14ECECF9B817}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{64C773EB-2376-48FB-8BD0-C4ABBB439521}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{646FD863-EC87-45C2-AA58-FE3C87E1B4B1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{4B903569-C33C-443B-9B7D-FF946DE78ED1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{490F45C7-DA06-462C-9F9D-31FB88F72F83}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{EBD201EB-4BCC-4A9F-A85C-E19402A9123C}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{A6F6C7C9-37EB-4DF9-B101-AD8BB3BE42BD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

30-04-2019 12:42:12 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2019 04:26:27 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (05/01/2019 08:54:42 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 03:42:01 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 03:11:49 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 11:06:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (04/30/2019 10:48:35 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-R8SE3GV$ přes https://INTC-KeyId-145126d0fdb53e99907d ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(4016ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

System errors:
=============
Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 08:57:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 08:55:52 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R8SE3GV)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-R8SE3GV\Jara (SID: S-1-5-21-3330780853-3320950359-2519976978-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Windows Defender:
===================================
Date: 2019-04-30 17:18:05.056
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Detplock
ID: 2147680291
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Jara\Desktop\CrystalDiskInfo8_0_0.exe;webfile:_C:\Users\Jara\Desktop\CrystalDiskInfo8_0_0.exe|https://ftp.stahuj.cz/dl/6c192d6907c7b2 ... chrome.exe
Původ zjišťování: Internet
Typ zjišťování: FastPath
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: Unknown
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 16:18:24.861
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\Microsoft Office\KMS_VL_ALL_6.8.2\64-bit\SppExtComObjPatcher.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 16:18:12.254
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\Microsoft Office\KMS_VL_ALL_6.8.2\64-bit\SppExtComObjPatcher.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 16:17:55.235
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\Microsoft Office\KMS_VL_ALL_6.8.2\64-bit\SppExtComObjPatcher.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 10:50:09.123
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.121
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 116.1.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Systém kontroly sítě
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 2.1.13804.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.066
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.065
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.063
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X751LJ.704 08/10/2015
Motherboard: ASUSTeK COMPUTER INC. X751LJ
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 29%
Total physical RAM: 8062.7 MB
Available physical RAM: 5702.42 MB
Total Virtual: 9342.7 MB
Available Virtual: 7010.87 MB

==================== Drives ================================

Drive c: (WIN 10 Home) (Fixed) (Total:371.5 GB) (Free:300.61 GB) NTFS
Drive d: (Disco ) (Fixed) (Total:558.91 GB) (Free:515.56 GB) NTFS

\\?\Volume{d3b41536-0f9d-4742-a7a3-ce4821d484f2}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{4f68855c-3527-4e09-985d-462cc0b14762}\ () (Fixed) (Total:0.83 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81052E31)

Partition: GPT.

==================== End of Addition.txt ============================

#7 Příspěvek od **Conder** » 02 kvě 2019 15:44

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Users\Jara\Seznam.cz.exe
CMD: type "C:\Users\Jara\start.cmd"
CMD: type "C:\Users\Jara\AppData\Local\config.ini"
ExportKey: HKEY_USERS\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Seznam Browser

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Task: {46994559-7642-488F-8044-5CA53436ED15} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-08] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {47692884-3771-4F24-8736-06E54567EA07} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {86CC8FE8-73F4-46D7-872C-11771F1B4B0F} - System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Jara\AppData\Local\BrowserAir\Application\unins000.exe
Task: {96F180FA-E783-4F47-A241-DC1A4FD8C3AF} - System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE} => C:\WINDOWS\system32\pcalua.exe -a G:\17.exe -d G:\
Task: {9790162E-CE7F-40DC-B1F4-FFBF874D6D2D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2380088 2019-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5} - System32\Tasks\KMS_VL_ALL => C:\Users\Jara\Desktop\KMS_VL_ALL_6.8.2\KMS_VL_ALL.cmd 
Task: {E4BDCB1E-40E2-4704-8B15-6941169A07F3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
FF Homepage: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> hxxps://www.seznam.cz/?clid=22668
FF HomepageOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
U3 avgbdisk; no ImagePath
2019-05-01 16:32 - 2019-05-01 16:32 - 000000000 ____D C:\Users\Jara\Desktop\FRST-OlderVersion
2017-09-25 15:09 - 2017-09-25 15:09 - 007142416 _____ (AVAST Software) C:\Users\Jara\avast_internet_security_setup_online.exe
2018-06-05 20:15 - 2018-06-05 20:15 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jara\avg_antivirus_free_setup.exe
2018-12-02 10:59 - 2018-12-02 10:59 - 000488952 _____ (IBM Corp.) C:\Users\Jara\RapportSetup.exe
2016-03-13 13:16 - 2016-03-13 13:16 - 043828520 _____ () C:\Users\Jara\Seznam.cz.exe
2017-06-15 13:57 - 2017-06-15 13:57 - 012024848 _____ (TeamViewer) C:\Users\Jara\TeamViewerQS.exe
2018-10-12 13:57 - 2018-10-12 14:01 - 000000000 _____ () C:\Users\Jara\AppData\Local\simedit.log
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "BingSvc"

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Tenda · #8 Příspěvek od **Tenda** » 02 kvě 2019 17:24

tady je fix....

co to bylo smetí časem? Snad nee nic zásadního

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-05.2019
Ran by Jara (02-05-2019 18:10:15) Run:1
Running from C:\Users\Jara\Desktop
Loaded Profiles: Jara (Available Profiles: Jara)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Users\Jara\Seznam.cz.exe
CMD: type "C:\Users\Jara\start.cmd"
CMD: type "C:\Users\Jara\AppData\Local\config.ini"
ExportKey: HKEY_USERS\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Seznam Browser

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Task: {46994559-7642-488F-8044-5CA53436ED15} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-08] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {47692884-3771-4F24-8736-06E54567EA07} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {86CC8FE8-73F4-46D7-872C-11771F1B4B0F} - System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Jara\AppData\Local\BrowserAir\Application\unins000.exe
Task: {96F180FA-E783-4F47-A241-DC1A4FD8C3AF} - System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE} => C:\WINDOWS\system32\pcalua.exe -a G:\17.exe -d G:\
Task: {9790162E-CE7F-40DC-B1F4-FFBF874D6D2D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2380088 2019-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5} - System32\Tasks\KMS_VL_ALL => C:\Users\Jara\Desktop\KMS_VL_ALL_6.8.2\KMS_VL_ALL.cmd
Task: {E4BDCB1E-40E2-4704-8B15-6941169A07F3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
FF Homepage: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> hxxps://www.seznam.cz/?clid=22668
FF HomepageOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
U3 avgbdisk; no ImagePath
2019-05-01 16:32 - 2019-05-01 16:32 - 000000000 ____D C:\Users\Jara\Desktop\FRST-OlderVersion
2017-09-25 15:09 - 2017-09-25 15:09 - 007142416 _____ (AVAST Software) C:\Users\Jara\avast_internet_security_setup_online.exe
2018-06-05 20:15 - 2018-06-05 20:15 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jara\avg_antivirus_free_setup.exe
2018-12-02 10:59 - 2018-12-02 10:59 - 000488952 _____ (IBM Corp.) C:\Users\Jara\RapportSetup.exe
2016-03-13 13:16 - 2016-03-13 13:16 - 043828520 _____ () C:\Users\Jara\Seznam.cz.exe
2017-06-15 13:57 - 2017-06-15 13:57 - 012024848 _____ (TeamViewer) C:\Users\Jara\TeamViewerQS.exe
2018-10-12 13:57 - 2018-10-12 14:01 - 000000000 _____ () C:\Users\Jara\AppData\Local\simedit.log
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "BingSvc"

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========

Count : 27
Average :
Sum : 81027097
Maximum :
Minimum :
Property : Length

========= End of Powershell: =========

========================= File: C:\Users\Jara\Seznam.cz.exe ========================

C:\Users\Jara\Seznam.cz.exe
File is digitally signed
MD5: BD77A11E5D6C7C94E134739026C7F6E6
Creation and modification date: 2016-03-13 13:16 - 2016-03-13 13:16
Size: 043828520
Attributes: ----A
Company Name: Seznam.cz, a.s. ->
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

========= type "C:\Users\Jara\start.cmd" =========

.\FormFillerPortable\FormFillerPortable.exe

========= End of CMD: =========

========= type "C:\Users\Jara\AppData\Local\config.ini" =========

[SimEdit]
PhonebookPath=C:\Users\Jara\AppData\Local\Phonebook.txt
SmsPath=C:\Users\Jara\AppData\Local\SMS.txt
EnableCardDetect=0
DefaultDriverSupport=1
LogCategory=0
AutoSelectPhonebook=1
WindowMaxmized=0
WindowPosTop=137
WindowPosLeft=154
WindowPosBottom=884
WindowPosRight=1594

========= End of CMD: =========

================== ExportKey: ===================

[HKEY_USERS\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Seznam Browser]
"EstimatedSize"="124102"
"DisplayName"="Seznam prohlížeč"
"DisplayIcon"="C:\Users\Jara\AppData\Roaming\Seznam Browser\Seznam.cz.exe,0"
"UninstallString"=""C:\Users\Jara\AppData\Roaming\Seznam Browser\uninstall.exe""
"QuietUninstallString"=""C:\Users\Jara\AppData\Roaming\Seznam Browser\uninstall.exe" /S""
"Publisher"="Seznam.cz a.s."
"NoModify"="1"
"NoRepair"="1"
"DisplayVersion"="4.4.10"
"HelpLink"="https://napoveda.seznam.cz/cz/aplikace/ ... mcz-pro-pc"
"URLInfoAbout"="https://www.seznam.cz/prohlizec"
"URLUpdateInfo"="https://www.seznam.cz/prohlizec/historie-zmen"

=== End of ExportKey ===
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{46994559-7642-488F-8044-5CA53436ED15}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46994559-7642-488F-8044-5CA53436ED15}" => removed successfully
C:\WINDOWS\System32\Tasks\AVG\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{47692884-3771-4F24-8736-06E54567EA07}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47692884-3771-4F24-8736-06E54567EA07}" => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86CC8FE8-73F4-46D7-872C-11771F1B4B0F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86CC8FE8-73F4-46D7-872C-11771F1B4B0F}" => removed successfully
C:\WINDOWS\System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96F180FA-E783-4F47-A241-DC1A4FD8C3AF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96F180FA-E783-4F47-A241-DC1A4FD8C3AF}" => removed successfully
C:\WINDOWS\System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9790162E-CE7F-40DC-B1F4-FFBF874D6D2D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9790162E-CE7F-40DC-B1F4-FFBF874D6D2D}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5}" => removed successfully
C:\WINDOWS\System32\Tasks\KMS_VL_ALL => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMS_VL_ALL" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4BDCB1E-40E2-4704-8B15-6941169A07F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4BDCB1E-40E2-4704-8B15-6941169A07F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"Firefox homepage" => removed successfully
"Firefox HomepageOverride (_qlMembers_@free.cryptopricesearch.com) " => removed successfully
"Firefox NewTabOverride (_qlMembers_@free.cryptopricesearch.com) " => removed successfully
"Firefox NewTabOverride (_j5Members_@ext.ask.com) " => removed successfully
HKLM\System\CurrentControlSet\Services\avgbdisk => removed successfully
avgbdisk => service removed successfully
C:\Users\Jara\Desktop\FRST-OlderVersion => moved successfully
C:\Users\Jara\avast_internet_security_setup_online.exe => moved successfully
C:\Users\Jara\avg_antivirus_free_setup.exe => moved successfully
C:\Users\Jara\RapportSetup.exe => moved successfully
C:\Users\Jara\Seznam.cz.exe => moved successfully
C:\Users\Jara\TeamViewerQS.exe => moved successfully
C:\Users\Jara\AppData\Local\simedit.log => moved successfully
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F} => removed successfully
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKU\\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BingSvc" => removed successfully
"HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BingSvc" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 63744955 B
Java, Flash, Steam htmlcache => 19383 B
Windows/system/drivers => 8031072 B
Edge => 1019276 B
Chrome => 422114204 B
Firefox => 1091312231 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 19639814 B
NetworkService => 279499106 B
Jara => 46079797 B

RecycleBin => 43860965 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 18:16:53 ====

#9 Příspěvek od **Conder** » 03 kvě 2019 17:56

V podstate ano, vyzera to ciste, len este tie aktualizacie skusime opravit, kedze sa to stale neaktualizovalo.

Poznas C:\Users\Jara\start.cmd? Prehliadac Seznam Browser mas nainstalovany umyselne?

Spusti kontrolu integrity systemovych suborov:

Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca

Skopiruj a spusti prikaz:

Kód: Vybrat vše

DISM.exe /Online /Cleanup-image /Restorehealth

Po dokonceni skopiruj a spusti druhy prikaz:
Kód: Vybrat vše
```
sfc /scannow
```

Po dokonceni obidvoch prikazov skopiruj a spusti tento prikaz:

Kód: Vybrat vše

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt" && copy %windir%\logs\dism\dism.log %userprofile%\desktop\dism.txt

Na ploche sa vytvoria subory sfcdetails.txt a dism.txt, tieto subory zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
Restartuj PC a napis ako sa chova PC

Tenda · #10 Příspěvek od **Tenda** » 03 kvě 2019 23:32

C:\Users\Jara\start.cmd? Prehliadac Seznam Browser .......na nic nepotřebuji , můžeme odstranit

ntb se chová celkem v pohodě hdd po restartu spadne na 0% i když by to mohli trvat méně, ale to bude asi hardwarem, stačí spustit google prohlížeč a hned začně šrotit na 99% , ale po kratším čase si zase lehne, tak asi ok........asi by to chtělo SSD HDD

#11 Příspěvek od **Conder** » 04 kvě 2019 21:36

Seznam Browser by sa mal dat normalne odinstalovat cez Start -> Nastavenia -> Aplikacie (pripadne Win+R -> appwiz.cpl -> enter).

V PC su zbytky po Avast a AVG antivirusoch, ktore boli zrejme odinstalovane. Precisti PC cez odinstalatory (nechaj PC restartovat do nudzoveho rezimu):
Avast - https://www.avast.com/uninstall-utility
AVG - https://www.avg.com/sk-sk/avg-remover

Skus znovu vyhladat aktualizacie, ak to nejake najde a nechaj ich nainstalovat a restartovat PC. Napis ako to dopadlo.

Nasledne posli nove logy z FRST.

Tenda · #12 Příspěvek od **Tenda** » 05 kvě 2019 23:52

Tak myslím, že aktualizace funkcí na windows 10 verze 1803 to nainstalovalo i to celkem trvalo.
Dále jsem odinstaloval ten seznam prohlížeč a smazal C:\Users\Jara\start.cmd
Vyčistil v nouzáku AVG,AVAST zbytky
Ještě otravuje hláška sada pro místní prostředí v češtině se nedaří nainstalovat, zkusíme to za chvíli znova,.... atak dokola.....
ntb zdá se chodí.... ok

#13 Příspěvek od **Conder** » 06 kvě 2019 21:36

Ta hlaska sa kde ukazuje? Vies poslat screenshot?

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
2017-12-18 16:00 - 2017-12-18 16:00 - 085821536 _____ () C:\Users\Jara\software602_form_filler.exe
2017-06-29 16:23 - 2017-06-29 16:23 - 093663848 _____ (Acresso Software Inc.                                        ) C:\Users\Jara\software602_form_filler_portable.exe
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Tenda · #14 Příspěvek od **Tenda** » 06 kvě 2019 23:20

Ta hláška už je ok, nějak se doinstalovala, bylo to tohle i když nevím na co to je pořádně. Pořád to otravovalo a najednou se to samo doinstalovalo

. snad to není na škodu

https://www.microsoft.com/cs-cz/p/sada- ... verviewtab

Celkově ntb se chová OK

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-05.2019
Ran by Jara (06-05-2019 23:16:20) Run:2
Running from C:\Users\Jara\Desktop
Loaded Profiles: Jara (Available Profiles: Jara)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
2017-12-18 16:00 - 2017-12-18 16:00 - 085821536 _____ () C:\Users\Jara\software602_form_filler.exe
2017-06-29 16:23 - 2017-06-29 16:23 - 093663848 _____ (Acresso Software Inc. ) C:\Users\Jara\software602_form_filler_portable.exe
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"Firefox NewTabOverride (_j5Members_@ext.ask.com) " => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
C:\Users\Jara\software602_form_filler.exe => moved successfully
C:\Users\Jara\software602_form_filler_portable.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18979968 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2203269 B
Edge => 1956581 B
Chrome => 40977831 B
Firefox => 17505443 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 8278 B
NetworkService => 0 B
Jara => 3514377 B

RecycleBin => 0 B
EmptyTemp: => 87 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 23:17:49 ====

#15 Příspěvek od **Conder** » 08 kvě 2019 03:38

Super, logy vyzeraju tiez ok. Ak uz teda nie su ziadne problemy, tak este upraceme po pouzitych nastrojoch:

Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
Uloz na plochu a spusti
Nechaj oznacenu moznost "Remove disinfection tools"
Klikni na "Run"

VIRY.CZ

Moc prosím o preventívní kontrolu po dlouhé době.

Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.