VIRY.CZ

Zdravím, moc prosím o preventívní kontrolu po dlouhé době, ntb je pomalejší a myslím, že za tu dobu bude dost šmejdů.
Hlavně celkem dlouho po spuštění ntb se vytěžuje HDD na 99% .

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.04.2019
Ran by Jara (administrator) on DESKTOP-R8SE3GV (ASUSTeK COMPUTER INC. X751LJ) (30-04-2019 15:19:36)
Running from C:\Users\Jara\Desktop
Loaded Profiles: Jara (Available Profiles: Jara)
Platform: Windows 10 Home Version 1709 16299.611 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19021.10411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Software602 a.s. -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (Canon Inc. -> CANON INC.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Run: [BingSvc] => C:\Users\Jara\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-01] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2052328 2018-07-24] (TomTom International BV -> TomTom)
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\RunOnce: [Uninstall 19.067.0404.0004\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\RunOnce: [Uninstall 19.067.0404.0004] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004"
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.108\Installer\chrmstp.exe [2019-04-30] (Google LLC -> Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09F3E5DC-C6A5-4FF6-8E12-8E781F2B3F91} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {107EA2E4-E368-4F15-AB85-5E6510271302} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-09] (Adobe Inc. -> Adobe)
Task: {25EBA759-DA85-4813-9C37-440FEA3D1C80} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {4691E769-7F6C-468D-8A92-CEC785F7C7F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-21] (Google Inc -> Google Inc.)
Task: {46994559-7642-488F-8044-5CA53436ED15} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-08] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {47692884-3771-4F24-8736-06E54567EA07} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5D005512-CCB4-4843-BF53-654C10D99BFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-21] (Google Inc -> Google Inc.)
Task: {69594331-51A6-477E-9D74-94F5618F3766} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {80B17154-DCAE-4738-AD98-54AC7BD5FE48} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-09] (Adobe Inc. -> Adobe)
Task: {86CC8FE8-73F4-46D7-872C-11771F1B4B0F} - System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Jara\AppData\Local\BrowserAir\Application\unins000.exe
Task: {86D7EE4F-62E2-42E2-81BD-3FC037E63EF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {96F180FA-E783-4F47-A241-DC1A4FD8C3AF} - System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE} => C:\WINDOWS\system32\pcalua.exe -a G:\17.exe -d G:\
Task: {9790162E-CE7F-40DC-B1F4-FFBF874D6D2D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2380088 2019-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {9CCE8484-C075-48C8-A93F-D7E0F97E2718} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5} - System32\Tasks\KMS_VL_ALL => C:\Users\Jara\Desktop\KMS_VL_ALL_6.8.2\KMS_VL_ALL.cmd
Task: {AF7E7051-3CE0-41A5-B41C-4932AF0F5638} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1618080 2015-05-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {BEBFE4E3-7C8F-4FA9-9304-8B078D0C7909} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {CDEFE595-2270-490A-8C0B-8AD04F47297F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16165632 2015-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {D110610B-0905-41D0-B682-9265A6CB5D3E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [141011376 2016-11-09] (Microsoft Windows -> Microsoft Corporation)
Task: {E4BDCB1E-40E2-4704-8B15-6941169A07F3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5c0e7e6f-408e-4def-9ea2-26116764a284}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6e2fa8ae-9eff-47be-9d0f-089e19944db2}: [DhcpNameServer] 192.168.0.1
HKLM\System\...\Parameters\PersistentRoutes: [137.116.81.24,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.30.202,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.185.70,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [77.67.29.176,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.39.10,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.29.238,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.93,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.92,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.71,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 65 PersistentRoutes.

Internet Explorer:
==================
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bi ... earchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)

FireFox:
========
FF DefaultProfile: 61qldhz4.default-1508666986359
FF ProfilePath: C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 [2019-03-19]
FF Homepage: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> hxxps://www.seznam.cz/?clid=22668
FF NewTab: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> about:newtab
FF HomepageOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
FF Extension: (Avast Online Security) - C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359\Extensions\wrc@avast.com.xpi [2018-07-19]
FF SearchPlugin: C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359\searchplugins\seznam-avast.xml [2018-06-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default [2019-04-30]
CHR Extension: (Prezentace) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-29]
CHR Extension: (Dokumenty) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-29]
CHR Extension: (Disk Google) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (YouTube) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-05]
CHR Extension: (Tabulky) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-16]
CHR Extension: (Gmail) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-04] (Intel(R) Software -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2017-09-29] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [601624 2015-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [19976 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel(R) Software -> Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-01] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
R4 RapportCerberus_1930415; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930415.sys [1659544 2019-04-08] (IBM -> IBM Corp.)
S3 RSUSBCCID; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBCCID; C:\Windows\SysWOW64\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [222720 2009-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek Semiconductor Corp -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2016-11-29] (Nemea Mjukvaruutveckling AB -> Basil)
U3 avgbdisk; no ImagePath
R4 RapportAegle64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [X]
R4 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-30 15:19 - 2019-04-30 15:21 - 000025348 _____ C:\Users\Jara\Desktop\FRST.txt
2019-04-30 15:18 - 2019-04-30 15:19 - 000000000 ____D C:\FRST
2019-04-30 15:15 - 2019-04-30 15:15 - 002429952 _____ (Farbar) C:\Users\Jara\Desktop\FRST64.exe
2019-04-30 11:08 - 2014-03-12 15:40 - 000070224 ____N (CANON INC.) C:\WINDOWS\SysWOW64\IJRMF.exe
2019-04-30 10:37 - 2019-02-13 08:33 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-04-14 09:13 - 2019-04-14 09:13 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-30 15:11 - 2018-02-07 23:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-30 11:42 - 2016-02-24 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-04-30 11:36 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2019-04-30 11:35 - 2018-02-08 00:29 - 000000000 ___RD C:\Users\Jara\OneDrive
2019-04-30 11:32 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-30 11:32 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-04-30 11:32 - 2016-02-23 14:49 - 000000000 ____D C:\Program Files\Microsoft Office
2019-04-30 11:08 - 2019-03-15 19:20 - 000000000 ____D C:\Program Files\CUAssistant
2019-04-30 11:08 - 2017-09-30 13:19 - 000000000 ____D C:\Program Files\rempl
2019-04-30 11:08 - 2016-02-24 10:02 - 000000000 ____D C:\Program Files (x86)\Canon
2019-04-30 11:01 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2019-04-30 10:54 - 2018-10-16 18:22 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-30 10:54 - 2018-02-08 00:11 - 002889262 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-30 10:54 - 2017-09-30 16:31 - 001309506 _____ C:\WINDOWS\system32\perfh005.dat
2019-04-30 10:54 - 2017-09-30 16:31 - 000316654 _____ C:\WINDOWS\system32\perfc005.dat
2019-04-30 10:54 - 2017-03-21 10:25 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-30 10:48 - 2016-10-06 14:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-04-30 10:48 - 2016-02-23 10:19 - 000000000 __SHD C:\Users\Jara\IntelGraphicsProfiles
2019-04-30 10:47 - 2018-02-08 00:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-30 10:47 - 2016-02-23 17:06 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-30 10:46 - 2017-09-29 10:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-30 10:43 - 2018-02-07 23:54 - 000000000 ____D C:\Users\Jara\AppData\Local\Packages
2019-04-30 10:43 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-30 10:43 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-30 10:41 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-30 10:37 - 2016-11-29 18:38 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-04-14 09:14 - 2016-03-15 14:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-10 15:03 - 2018-03-14 11:48 - 000003818 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-10 15:03 - 2018-02-08 00:20 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-04-10 15:03 - 2018-02-08 00:20 - 000003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-10 15:03 - 2018-02-08 00:20 - 000003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-04-10 15:03 - 2018-02-08 00:20 - 000003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-10 15:03 - 2018-02-08 00:20 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2019-04-10 15:03 - 2018-02-08 00:20 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2019-04-10 15:03 - 2018-02-08 00:20 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2019-04-10 15:03 - 2018-02-08 00:20 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-04-10 15:03 - 2018-02-08 00:20 - 000002270 _____ C:\WINDOWS\System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9}
2019-04-10 15:03 - 2018-02-08 00:20 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2019-04-10 15:03 - 2018-02-08 00:20 - 000002198 _____ C:\WINDOWS\System32\Tasks\KMS_VL_ALL
2019-04-10 15:03 - 2018-02-08 00:20 - 000002176 _____ C:\WINDOWS\System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE}
2019-04-10 15:03 - 2018-02-08 00:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-04-09 16:52 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-04-09 16:52 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-04-02 01:42 - 2018-04-12 10:32 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-02 01:42 - 2018-04-12 10:32 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-09-25 15:09 - 2017-09-25 15:09 - 007142416 _____ (AVAST Software) C:\Users\Jara\avast_internet_security_setup_online.exe
2018-06-05 20:15 - 2018-06-05 20:15 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jara\avg_antivirus_free_setup.exe
2018-12-02 10:59 - 2018-12-02 10:59 - 000488952 _____ (IBM Corp.) C:\Users\Jara\RapportSetup.exe
2016-03-13 13:16 - 2016-03-13 13:16 - 043828520 _____ () C:\Users\Jara\Seznam.cz.exe
2017-12-18 16:00 - 2017-12-18 16:00 - 085821536 _____ () C:\Users\Jara\software602_form_filler.exe
2017-06-29 16:23 - 2017-06-29 16:23 - 093663848 _____ (Acresso Software Inc. ) C:\Users\Jara\software602_form_filler_portable.exe
2017-06-29 16:25 - 2011-06-13 10:42 - 000000049 _____ () C:\Users\Jara\start.cmd
2017-06-15 13:57 - 2017-06-15 13:57 - 012024848 _____ (TeamViewer) C:\Users\Jara\TeamViewerQS.exe
2018-10-12 13:58 - 2018-10-12 14:01 - 000000294 _____ () C:\Users\Jara\AppData\Local\config.ini
2018-10-12 13:57 - 2018-10-12 14:01 - 000000000 _____ () C:\Users\Jara\AppData\Local\simedit.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-04-30 11:49
==================== End of FRST.txt ============================

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019
Ran by Jara (30-04-2019 15:21:38)
Running from C:\Users\Jara\Desktop
Windows 10 Home Version 1709 16299.611 (X64) (2018-02-07 22:22:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3330780853-3320950359-2519976978-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3330780853-3320950359-2519976978-503 - Limited - Disabled)
Guest (S-1-5-21-3330780853-3320950359-2519976978-501 - Limited - Disabled)
Jara (S-1-5-21-3330780853-3320950359-2519976978-1001 - Administrator - Enabled) => C:\Users\Jara
WDAGUtilityAccount (S-1-5-21-3330780853-3320950359-2519976978-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.91 - ICEpower a/s)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.57.1049 - Webteh, d.o.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon MG6600 series On-screen Manual (HKLM-x32\...\Canon MG6600 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
eObčanka (HKLM\...\{368DA93C-9B3A-4140-9D20-569C4948D99A}) (Version: 3.1.0.18314 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.108 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 65.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 65.0.2 (x64 cs)) (Version: 65.0.2 - Mozilla)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 369.09 - NVIDIA Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30103 - Realtek Semiconductor Corp.)
Seznam prohlížeč (HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Seznam Browser) (Version: 4.4.10 - Seznam.cz a.s.)
Software602 Form Filler (HKLM-x32\...\{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}) (Version: 4.70 - Software602 a.s.)
TomTom MyDrive Connect 4.2.2.3561 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.2.3561 - TomTom)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-12-18 16:05 - 2015-07-14 13:27 - 000036864 _____ (Windows (R) Win 7 DDK provider) [File not signed] C:\WINDOWS\System32\602localmon.dll
2015-07-29 21:36 - 2015-07-29 21:36 - 000323152 _____ (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
2015-05-19 10:11 - 2015-05-19 10:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2019-01-09 15:22 - 000004967 _____ C:\WINDOWS\system32\drivers\etc\hosts

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com

There are 93 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Control Panel\Desktop\\Wallpaper -> G:\DCIM\100NIKON\DSCN0981.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45D52FC9-11ED-404D-AA12-98D33D0EA3F5}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{101C64C9-CAC8-44AC-841C-86CB1043E945}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{9BDEB4DA-C1F7-4507-BE52-D1FB7C51BCB8}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [UDP Query User{D7428E16-0403-40EF-8F42-6942B28BA08B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{29729BA3-2FB6-44FC-8CC6-07A0128958D6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{3C8A7324-AB91-4438-80EE-FA087D60D36D}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{9CFFF001-18D5-4A28-B564-2E22411704F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0B75F049-F169-48BE-AD83-8707EB45733B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{356CA582-6CBA-4D99-8A09-14ECECF9B817}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{64C773EB-2376-48FB-8BD0-C4ABBB439521}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{646FD863-EC87-45C2-AA58-FE3C87E1B4B1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{4B903569-C33C-443B-9B7D-FF946DE78ED1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{490F45C7-DA06-462C-9F9D-31FB88F72F83}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{EBD201EB-4BCC-4A9F-A85C-E19402A9123C}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{0819CF5C-C53A-474A-9462-C95853243364}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

30-04-2019 12:42:12 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2019 03:11:49 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 11:06:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (04/30/2019 10:48:35 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-R8SE3GV$ přes https://INTC-KeyId-145126d0fdb53e99907d ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(4016ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswVmm.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswStm.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
Systém nemůže nalézt uvedený soubor.
.

System errors:
=============
Error: (04/30/2019 03:12:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R8SE3GV)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-R8SE3GV\Jara (SID: S-1-5-21-3330780853-3320950359-2519976978-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/30/2019 12:48:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/30/2019 12:48:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/30/2019 12:48:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/30/2019 12:48:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/30/2019 12:22:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (04/30/2019 11:12:45 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R8SE3GV)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-R8SE3GV\Jara (SID: S-1-5-21-3330780853-3320950359-2519976978-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/30/2019 11:07:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby sedsvc bylo dosaženo časového limitu (30000 ms).

Windows Defender:
===================================
Date: 2019-04-30 10:50:09.123
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.121
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 116.1.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Systém kontroly sítě
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 2.1.13804.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.066
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.065
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.063
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X751LJ.704 08/10/2015
Motherboard: ASUSTeK COMPUTER INC. X751LJ
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 8062.7 MB
Available physical RAM: 4735.6 MB
Total Virtual: 9342.7 MB
Available Virtual: 5954.36 MB

==================== Drives ================================

Drive c: (WIN 10 Home) (Fixed) (Total:371.5 GB) (Free:300.58 GB) NTFS
Drive d: (Disco ) (Fixed) (Total:558.91 GB) (Free:515.56 GB) NTFS

\\?\Volume{d3b41536-0f9d-4742-a7a3-ce4821d484f2}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{4f68855c-3527-4e09-985d-462cc0b14762}\ () (Fixed) (Total:0.83 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81052E31)

Partition: GPT.

==================== End of Addition.txt ============================

Ahoj

System nebol aktualizovany od 08/2018, odporucam doinstalovat aktualizacie cez Windows Update.

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
Nechaj zaskrtnute vsetky nalezy
Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
Otvori sa log, jeho obsah sem skopiruj

Ahoj, aktualizace jsem právě provedl, ale zoblo si to asi jen 2 a dále pokud dám vyhledat nové, tak hlásí
Zařízení je aktuální. Poslední kontrola proběhla: dnes v 22:32

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-30-2019
# Duration: 00:00:05
# OS: Windows 10 Home
# Cleaned: 10
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Jara\AppData\Local\Seznam.cz

***** [ Files ] *****

Deleted C:\Windows\rsrcs.dll

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKCU\Software\Conduit
Deleted HKCU\Software\Seznam.cz
Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
Deleted HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\AmazonAppIE.dll
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2066 octets] - [30/04/2019 22:30:48]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uvidime pokial sa to aktualizovalo. Poprosim o obidva nove logy z FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05.2019
Ran by Jara (administrator) on DESKTOP-R8SE3GV (ASUSTeK COMPUTER INC. X751LJ) (01-05-2019 16:32:59)
Running from C:\Users\Jara\Desktop
Loaded Profiles: Jara (Available Profiles: Jara)
Platform: Windows 10 Home Version 1709 16299.611 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.541_none_16e8222032163850\TiWorker.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Software602 a.s. -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (Canon Inc. -> CANON INC.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Run: [BingSvc] => C:\Users\Jara\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-01] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2052328 2018-07-24] (TomTom International BV -> TomTom)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-01] (Google LLC -> Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09F3E5DC-C6A5-4FF6-8E12-8E781F2B3F91} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {107EA2E4-E368-4F15-AB85-5E6510271302} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-09] (Adobe Inc. -> Adobe)
Task: {25EBA759-DA85-4813-9C37-440FEA3D1C80} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {3B46A185-4072-48F2-9940-5B9F88540FB9} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe [258568 2019-03-11] (Microsoft Windows -> Microsoft Corporation)
Task: {4691E769-7F6C-468D-8A92-CEC785F7C7F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-21] (Google Inc -> Google Inc.)
Task: {46994559-7642-488F-8044-5CA53436ED15} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-08] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {47692884-3771-4F24-8736-06E54567EA07} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5D005512-CCB4-4843-BF53-654C10D99BFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-21] (Google Inc -> Google Inc.)
Task: {69594331-51A6-477E-9D74-94F5618F3766} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {80B17154-DCAE-4738-AD98-54AC7BD5FE48} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-09] (Adobe Inc. -> Adobe)
Task: {86CC8FE8-73F4-46D7-872C-11771F1B4B0F} - System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Jara\AppData\Local\BrowserAir\Application\unins000.exe
Task: {86D7EE4F-62E2-42E2-81BD-3FC037E63EF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {96F180FA-E783-4F47-A241-DC1A4FD8C3AF} - System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE} => C:\WINDOWS\system32\pcalua.exe -a G:\17.exe -d G:\
Task: {9790162E-CE7F-40DC-B1F4-FFBF874D6D2D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2380088 2019-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5} - System32\Tasks\KMS_VL_ALL => C:\Users\Jara\Desktop\KMS_VL_ALL_6.8.2\KMS_VL_ALL.cmd
Task: {AF7E7051-3CE0-41A5-B41C-4932AF0F5638} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1618080 2015-05-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {BEBFE4E3-7C8F-4FA9-9304-8B078D0C7909} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {CDEFE595-2270-490A-8C0B-8AD04F47297F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16165632 2015-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {D110610B-0905-41D0-B682-9265A6CB5D3E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [141011376 2016-11-09] (Microsoft Windows -> Microsoft Corporation)
Task: {E4BDCB1E-40E2-4704-8B15-6941169A07F3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5c0e7e6f-408e-4def-9ea2-26116764a284}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6e2fa8ae-9eff-47be-9d0f-089e19944db2}: [DhcpNameServer] 192.168.0.1
HKLM\System\...\Parameters\PersistentRoutes: [137.116.81.24,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.30.202,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.185.70,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [77.67.29.176,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.39.10,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.29.238,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.93,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.92,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.71,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 65 PersistentRoutes.

Internet Explorer:
==================
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bi ... earchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)

FireFox:
========
FF DefaultProfile: 61qldhz4.default-1508666986359
FF ProfilePath: C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 [2019-04-30]
FF Homepage: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> hxxps://www.seznam.cz/?clid=22668
FF NewTab: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> about:newtab
FF HomepageOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
FF Extension: (Avast Online Security) - C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359\Extensions\wrc@avast.com.xpi [2018-07-19]
FF SearchPlugin: C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359\searchplugins\seznam-avast.xml [2018-06-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default [2019-05-01]
CHR Extension: (Prezentace) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-29]
CHR Extension: (Dokumenty) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-29]
CHR Extension: (Disk Google) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (YouTube) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-05]
CHR Extension: (Tabulky) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-16]
CHR Extension: (Gmail) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-04] (Intel(R) Software -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2017-09-29] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [601624 2015-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [19976 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel(R) Software -> Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-01] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RSUSBCCID; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBCCID; C:\Windows\SysWOW64\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [222720 2009-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek Semiconductor Corp -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2016-11-29] (Nemea Mjukvaruutveckling AB -> Basil)
U3 avgbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-01 16:32 - 2019-05-01 16:34 - 000023772 _____ C:\Users\Jara\Desktop\FRST.txt
2019-05-01 16:32 - 2019-05-01 16:32 - 000000000 ____D C:\Users\Jara\Desktop\FRST-OlderVersion
2019-04-30 22:30 - 2019-04-30 22:30 - 000000066 _____ C:\Users\Jara\Desktop\j.txt
2019-04-30 22:28 - 2019-04-30 22:31 - 000000000 ____D C:\AdwCleaner
2019-04-30 16:49 - 2019-05-01 16:30 - 000000000 ___RD C:\Users\Jara\Desktop\Nová složka
2019-04-30 15:18 - 2019-05-01 16:32 - 000000000 ____D C:\FRST
2019-04-30 15:15 - 2019-05-01 16:32 - 002430464 _____ (Farbar) C:\Users\Jara\Desktop\FRST64.exe
2019-04-30 10:37 - 2019-02-13 08:33 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-04-14 09:13 - 2019-04-14 09:13 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-01 16:32 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2019-05-01 16:30 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-01 16:30 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-01 16:26 - 2016-10-06 14:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-05-01 16:26 - 2016-02-23 10:19 - 000000000 __SHD C:\Users\Jara\IntelGraphicsProfiles
2019-05-01 08:57 - 2018-10-16 18:22 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-01 08:57 - 2017-03-21 10:25 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-30 22:36 - 2018-02-08 00:11 - 002921912 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-30 22:36 - 2017-09-30 16:31 - 001325776 _____ C:\WINDOWS\system32\perfh005.dat
2019-04-30 22:36 - 2017-09-30 16:31 - 000321510 _____ C:\WINDOWS\system32\perfc005.dat
2019-04-30 22:33 - 2018-02-07 23:48 - 000406576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-30 22:32 - 2018-02-08 00:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-30 22:31 - 2017-09-29 10:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-30 22:25 - 2019-03-15 19:20 - 000000000 ____D C:\Program Files\CUAssistant
2019-04-30 22:25 - 2017-09-30 13:19 - 000000000 ____D C:\Program Files\rempl
2019-04-30 22:23 - 2018-02-07 23:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-30 17:04 - 2018-08-21 07:22 - 000000000 ____D C:\ProgramData\Packages
2019-04-30 16:26 - 2018-02-07 23:54 - 000000000 ____D C:\Users\Jara\AppData\Local\Packages
2019-04-30 16:23 - 2016-09-28 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2019-04-30 15:26 - 2016-11-20 10:30 - 000000000 ____D C:\Users\Jara\AppData\LocalLow\Mozilla
2019-04-30 11:42 - 2016-02-24 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-04-30 11:36 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2019-04-30 11:35 - 2018-02-08 00:29 - 000000000 ___RD C:\Users\Jara\OneDrive
2019-04-30 11:32 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-30 11:32 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-04-30 11:08 - 2016-02-24 10:02 - 000000000 ____D C:\Program Files (x86)\Canon
2019-04-30 10:47 - 2016-02-23 17:06 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-30 10:41 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-30 10:37 - 2016-11-29 18:38 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-04-14 09:14 - 2016-03-15 14:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-10 15:03 - 2018-03-14 11:48 - 000003818 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-10 15:03 - 2018-02-08 00:20 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-04-10 15:03 - 2018-02-08 00:20 - 000003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-10 15:03 - 2018-02-08 00:20 - 000003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-04-10 15:03 - 2018-02-08 00:20 - 000003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-10 15:03 - 2018-02-08 00:20 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2019-04-10 15:03 - 2018-02-08 00:20 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2019-04-10 15:03 - 2018-02-08 00:20 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2019-04-10 15:03 - 2018-02-08 00:20 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-04-10 15:03 - 2018-02-08 00:20 - 000002270 _____ C:\WINDOWS\System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9}
2019-04-10 15:03 - 2018-02-08 00:20 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2019-04-10 15:03 - 2018-02-08 00:20 - 000002198 _____ C:\WINDOWS\System32\Tasks\KMS_VL_ALL
2019-04-10 15:03 - 2018-02-08 00:20 - 000002176 _____ C:\WINDOWS\System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE}
2019-04-10 15:03 - 2018-02-08 00:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-04-09 16:52 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-04-09 16:52 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-04-02 01:42 - 2018-04-12 10:32 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-02 01:42 - 2018-04-12 10:32 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-09-25 15:09 - 2017-09-25 15:09 - 007142416 _____ (AVAST Software) C:\Users\Jara\avast_internet_security_setup_online.exe
2018-06-05 20:15 - 2018-06-05 20:15 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jara\avg_antivirus_free_setup.exe
2018-12-02 10:59 - 2018-12-02 10:59 - 000488952 _____ (IBM Corp.) C:\Users\Jara\RapportSetup.exe
2016-03-13 13:16 - 2016-03-13 13:16 - 043828520 _____ () C:\Users\Jara\Seznam.cz.exe
2017-12-18 16:00 - 2017-12-18 16:00 - 085821536 _____ () C:\Users\Jara\software602_form_filler.exe
2017-06-29 16:23 - 2017-06-29 16:23 - 093663848 _____ (Acresso Software Inc. ) C:\Users\Jara\software602_form_filler_portable.exe
2017-06-29 16:25 - 2011-06-13 10:42 - 000000049 _____ () C:\Users\Jara\start.cmd
2017-06-15 13:57 - 2017-06-15 13:57 - 012024848 _____ (TeamViewer) C:\Users\Jara\TeamViewerQS.exe
2018-10-12 13:58 - 2018-10-12 14:01 - 000000294 _____ () C:\Users\Jara\AppData\Local\config.ini
2018-10-12 13:57 - 2018-10-12 14:01 - 000000000 _____ () C:\Users\Jara\AppData\Local\simedit.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-04-30 11:49
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05.2019
Ran by Jara (01-05-2019 16:34:57)
Running from C:\Users\Jara\Desktop
Windows 10 Home Version 1709 16299.611 (X64) (2018-02-07 22:22:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3330780853-3320950359-2519976978-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3330780853-3320950359-2519976978-503 - Limited - Disabled)
Guest (S-1-5-21-3330780853-3320950359-2519976978-501 - Limited - Disabled)
Jara (S-1-5-21-3330780853-3320950359-2519976978-1001 - Administrator - Enabled) => C:\Users\Jara
WDAGUtilityAccount (S-1-5-21-3330780853-3320950359-2519976978-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.91 - ICEpower a/s)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.57.1049 - Webteh, d.o.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon MG6600 series On-screen Manual (HKLM-x32\...\Canon MG6600 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
eObčanka (HKLM\...\{368DA93C-9B3A-4140-9D20-569C4948D99A}) (Version: 3.1.0.18314 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 65.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 65.0.2 (x64 cs)) (Version: 65.0.2 - Mozilla)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 369.09 - NVIDIA Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30103 - Realtek Semiconductor Corp.)
Seznam prohlížeč (HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Seznam Browser) (Version: 4.4.10 - Seznam.cz a.s.)
Software602 Form Filler (HKLM-x32\...\{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}) (Version: 4.70 - Software602 a.s.)
TomTom MyDrive Connect 4.2.2.3561 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.2.3561 - TomTom)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-12-18 16:05 - 2015-07-14 13:27 - 000036864 _____ (Windows (R) Win 7 DDK provider) [File not signed] C:\WINDOWS\System32\602localmon.dll
2015-07-29 21:36 - 2015-07-29 21:36 - 000323152 _____ (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
2015-05-19 10:11 - 2015-05-19 10:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2016-02-24 10:07 - 2014-01-17 17:51 - 000588288 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2016-02-24 10:07 - 2013-11-07 20:35 - 000561152 _____ (CANON INC. ) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2019-01-09 15:22 - 000004967 _____ C:\WINDOWS\system32\drivers\etc\hosts

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com

There are 93 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Control Panel\Desktop\\Wallpaper -> G:\DCIM\100NIKON\DSCN0981.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45D52FC9-11ED-404D-AA12-98D33D0EA3F5}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{101C64C9-CAC8-44AC-841C-86CB1043E945}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{9BDEB4DA-C1F7-4507-BE52-D1FB7C51BCB8}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [UDP Query User{D7428E16-0403-40EF-8F42-6942B28BA08B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{29729BA3-2FB6-44FC-8CC6-07A0128958D6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{3C8A7324-AB91-4438-80EE-FA087D60D36D}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{9CFFF001-18D5-4A28-B564-2E22411704F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0B75F049-F169-48BE-AD83-8707EB45733B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{356CA582-6CBA-4D99-8A09-14ECECF9B817}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{64C773EB-2376-48FB-8BD0-C4ABBB439521}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{646FD863-EC87-45C2-AA58-FE3C87E1B4B1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{4B903569-C33C-443B-9B7D-FF946DE78ED1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{490F45C7-DA06-462C-9F9D-31FB88F72F83}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{EBD201EB-4BCC-4A9F-A85C-E19402A9123C}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{A6F6C7C9-37EB-4DF9-B101-AD8BB3BE42BD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

30-04-2019 12:42:12 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2019 04:26:27 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (05/01/2019 08:54:42 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 03:42:01 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 03:11:49 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 11:06:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (04/30/2019 10:48:35 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-R8SE3GV$ přes https://INTC-KeyId-145126d0fdb53e99907d ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(4016ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

System errors:
=============
Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 08:57:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 08:55:52 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R8SE3GV)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-R8SE3GV\Jara (SID: S-1-5-21-3330780853-3320950359-2519976978-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Windows Defender:
===================================
Date: 2019-04-30 17:18:05.056
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Detplock
ID: 2147680291
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Jara\Desktop\CrystalDiskInfo8_0_0.exe;webfile:_C:\Users\Jara\Desktop\CrystalDiskInfo8_0_0.exe|https://ftp.stahuj.cz/dl/6c192d6907c7b2 ... chrome.exe
Původ zjišťování: Internet
Typ zjišťování: FastPath
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: Unknown
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 16:18:24.861
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\Microsoft Office\KMS_VL_ALL_6.8.2\64-bit\SppExtComObjPatcher.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 16:18:12.254
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\Microsoft Office\KMS_VL_ALL_6.8.2\64-bit\SppExtComObjPatcher.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 16:17:55.235
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\Microsoft Office\KMS_VL_ALL_6.8.2\64-bit\SppExtComObjPatcher.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 10:50:09.123
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.121
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 116.1.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Systém kontroly sítě
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 2.1.13804.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.066
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.065
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.063
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X751LJ.704 08/10/2015
Motherboard: ASUSTeK COMPUTER INC. X751LJ
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 29%
Total physical RAM: 8062.7 MB
Available physical RAM: 5702.42 MB
Total Virtual: 9342.7 MB
Available Virtual: 7010.87 MB

==================== Drives ================================

Drive c: (WIN 10 Home) (Fixed) (Total:371.5 GB) (Free:300.61 GB) NTFS
Drive d: (Disco ) (Fixed) (Total:558.91 GB) (Free:515.56 GB) NTFS

\\?\Volume{d3b41536-0f9d-4742-a7a3-ce4821d484f2}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{4f68855c-3527-4e09-985d-462cc0b14762}\ () (Fixed) (Total:0.83 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81052E31)

Partition: GPT.

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05.2019
Ran by Jara (administrator) on DESKTOP-R8SE3GV (ASUSTeK COMPUTER INC. X751LJ) (01-05-2019 16:32:59)
Running from C:\Users\Jara\Desktop
Loaded Profiles: Jara (Available Profiles: Jara)
Platform: Windows 10 Home Version 1709 16299.611 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.541_none_16e8222032163850\TiWorker.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Software602 a.s. -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (Canon Inc. -> CANON INC.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Run: [BingSvc] => C:\Users\Jara\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-01] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2052328 2018-07-24] (TomTom International BV -> TomTom)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-01] (Google LLC -> Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09F3E5DC-C6A5-4FF6-8E12-8E781F2B3F91} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {107EA2E4-E368-4F15-AB85-5E6510271302} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-09] (Adobe Inc. -> Adobe)
Task: {25EBA759-DA85-4813-9C37-440FEA3D1C80} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {3B46A185-4072-48F2-9940-5B9F88540FB9} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe [258568 2019-03-11] (Microsoft Windows -> Microsoft Corporation)
Task: {4691E769-7F6C-468D-8A92-CEC785F7C7F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-21] (Google Inc -> Google Inc.)
Task: {46994559-7642-488F-8044-5CA53436ED15} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-08] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {47692884-3771-4F24-8736-06E54567EA07} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5D005512-CCB4-4843-BF53-654C10D99BFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-21] (Google Inc -> Google Inc.)
Task: {69594331-51A6-477E-9D74-94F5618F3766} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {80B17154-DCAE-4738-AD98-54AC7BD5FE48} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-09] (Adobe Inc. -> Adobe)
Task: {86CC8FE8-73F4-46D7-872C-11771F1B4B0F} - System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Jara\AppData\Local\BrowserAir\Application\unins000.exe
Task: {86D7EE4F-62E2-42E2-81BD-3FC037E63EF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {96F180FA-E783-4F47-A241-DC1A4FD8C3AF} - System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE} => C:\WINDOWS\system32\pcalua.exe -a G:\17.exe -d G:\
Task: {9790162E-CE7F-40DC-B1F4-FFBF874D6D2D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2380088 2019-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5} - System32\Tasks\KMS_VL_ALL => C:\Users\Jara\Desktop\KMS_VL_ALL_6.8.2\KMS_VL_ALL.cmd
Task: {AF7E7051-3CE0-41A5-B41C-4932AF0F5638} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1618080 2015-05-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {BEBFE4E3-7C8F-4FA9-9304-8B078D0C7909} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {CDEFE595-2270-490A-8C0B-8AD04F47297F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16165632 2015-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {D110610B-0905-41D0-B682-9265A6CB5D3E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [141011376 2016-11-09] (Microsoft Windows -> Microsoft Corporation)
Task: {E4BDCB1E-40E2-4704-8B15-6941169A07F3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5c0e7e6f-408e-4def-9ea2-26116764a284}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6e2fa8ae-9eff-47be-9d0f-089e19944db2}: [DhcpNameServer] 192.168.0.1
HKLM\System\...\Parameters\PersistentRoutes: [137.116.81.24,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.30.202,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.185.70,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [77.67.29.176,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.39.10,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.29.238,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.93,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.92,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [134.170.165.253,255.255.255.255,0.0.0.0,1]
HKLM\System\...\Parameters\PersistentRoutes: [65.55.252.71,255.255.255.255,0.0.0.0,1]
PersistentRoutes: There are 65 PersistentRoutes.

Internet Explorer:
==================
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bi ... earchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)

FireFox:
========
FF DefaultProfile: 61qldhz4.default-1508666986359
FF ProfilePath: C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 [2019-04-30]
FF Homepage: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> hxxps://www.seznam.cz/?clid=22668
FF NewTab: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> about:newtab
FF HomepageOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
FF Extension: (Avast Online Security) - C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359\Extensions\wrc@avast.com.xpi [2018-07-19]
FF SearchPlugin: C:\Users\Jara\AppData\Roaming\Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359\searchplugins\seznam-avast.xml [2018-06-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-09] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default [2019-05-01]
CHR Extension: (Prezentace) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-29]
CHR Extension: (Dokumenty) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-29]
CHR Extension: (Disk Google) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (YouTube) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-05]
CHR Extension: (Tabulky) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-16]
CHR Extension: (Gmail) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Jara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-04] (Intel(R) Software -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2017-09-29] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [601624 2015-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-04] (Intel(R) Software -> Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [19976 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel(R) Software -> Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-01] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RSUSBCCID; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBCCID; C:\Windows\SysWOW64\DRIVERS\RtsUCcid.sys [50176 2009-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [222720 2009-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek Semiconductor Corp -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2016-11-29] (Nemea Mjukvaruutveckling AB -> Basil)
U3 avgbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-01 16:32 - 2019-05-01 16:34 - 000023772 _____ C:\Users\Jara\Desktop\FRST.txt
2019-05-01 16:32 - 2019-05-01 16:32 - 000000000 ____D C:\Users\Jara\Desktop\FRST-OlderVersion
2019-04-30 22:30 - 2019-04-30 22:30 - 000000066 _____ C:\Users\Jara\Desktop\j.txt
2019-04-30 22:28 - 2019-04-30 22:31 - 000000000 ____D C:\AdwCleaner
2019-04-30 16:49 - 2019-05-01 16:30 - 000000000 ___RD C:\Users\Jara\Desktop\Nová složka
2019-04-30 15:18 - 2019-05-01 16:32 - 000000000 ____D C:\FRST
2019-04-30 15:15 - 2019-05-01 16:32 - 002430464 _____ (Farbar) C:\Users\Jara\Desktop\FRST64.exe
2019-04-30 10:37 - 2019-02-13 08:33 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-04-14 09:13 - 2019-04-14 09:13 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-01 16:32 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2019-05-01 16:30 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-01 16:30 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-01 16:26 - 2016-10-06 14:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-05-01 16:26 - 2016-02-23 10:19 - 000000000 __SHD C:\Users\Jara\IntelGraphicsProfiles
2019-05-01 08:57 - 2018-10-16 18:22 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-01 08:57 - 2017-03-21 10:25 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-30 22:36 - 2018-02-08 00:11 - 002921912 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-30 22:36 - 2017-09-30 16:31 - 001325776 _____ C:\WINDOWS\system32\perfh005.dat
2019-04-30 22:36 - 2017-09-30 16:31 - 000321510 _____ C:\WINDOWS\system32\perfc005.dat
2019-04-30 22:33 - 2018-02-07 23:48 - 000406576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-30 22:32 - 2018-02-08 00:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-30 22:31 - 2017-09-29 10:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-04-30 22:25 - 2019-03-15 19:20 - 000000000 ____D C:\Program Files\CUAssistant
2019-04-30 22:25 - 2017-09-30 13:19 - 000000000 ____D C:\Program Files\rempl
2019-04-30 22:23 - 2018-02-07 23:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-30 17:04 - 2018-08-21 07:22 - 000000000 ____D C:\ProgramData\Packages
2019-04-30 16:26 - 2018-02-07 23:54 - 000000000 ____D C:\Users\Jara\AppData\Local\Packages
2019-04-30 16:23 - 2016-09-28 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2019-04-30 15:26 - 2016-11-20 10:30 - 000000000 ____D C:\Users\Jara\AppData\LocalLow\Mozilla
2019-04-30 11:42 - 2016-02-24 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-04-30 11:36 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2019-04-30 11:35 - 2018-02-08 00:29 - 000000000 ___RD C:\Users\Jara\OneDrive
2019-04-30 11:32 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-30 11:32 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-04-30 11:08 - 2016-02-24 10:02 - 000000000 ____D C:\Program Files (x86)\Canon
2019-04-30 10:47 - 2016-02-23 17:06 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-30 10:41 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-30 10:37 - 2016-11-29 18:38 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-04-14 09:14 - 2016-03-15 14:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-10 15:03 - 2018-03-14 11:48 - 000003818 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-10 15:03 - 2018-02-08 00:20 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-04-10 15:03 - 2018-02-08 00:20 - 000003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-10 15:03 - 2018-02-08 00:20 - 000003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-04-10 15:03 - 2018-02-08 00:20 - 000003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-10 15:03 - 2018-02-08 00:20 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2019-04-10 15:03 - 2018-02-08 00:20 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2019-04-10 15:03 - 2018-02-08 00:20 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2019-04-10 15:03 - 2018-02-08 00:20 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-04-10 15:03 - 2018-02-08 00:20 - 000002270 _____ C:\WINDOWS\System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9}
2019-04-10 15:03 - 2018-02-08 00:20 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2019-04-10 15:03 - 2018-02-08 00:20 - 000002198 _____ C:\WINDOWS\System32\Tasks\KMS_VL_ALL
2019-04-10 15:03 - 2018-02-08 00:20 - 000002176 _____ C:\WINDOWS\System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE}
2019-04-10 15:03 - 2018-02-08 00:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-04-09 16:52 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-04-09 16:52 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-04-02 01:42 - 2018-04-12 10:32 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-02 01:42 - 2018-04-12 10:32 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-09-25 15:09 - 2017-09-25 15:09 - 007142416 _____ (AVAST Software) C:\Users\Jara\avast_internet_security_setup_online.exe
2018-06-05 20:15 - 2018-06-05 20:15 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jara\avg_antivirus_free_setup.exe
2018-12-02 10:59 - 2018-12-02 10:59 - 000488952 _____ (IBM Corp.) C:\Users\Jara\RapportSetup.exe
2016-03-13 13:16 - 2016-03-13 13:16 - 043828520 _____ () C:\Users\Jara\Seznam.cz.exe
2017-12-18 16:00 - 2017-12-18 16:00 - 085821536 _____ () C:\Users\Jara\software602_form_filler.exe
2017-06-29 16:23 - 2017-06-29 16:23 - 093663848 _____ (Acresso Software Inc. ) C:\Users\Jara\software602_form_filler_portable.exe
2017-06-29 16:25 - 2011-06-13 10:42 - 000000049 _____ () C:\Users\Jara\start.cmd
2017-06-15 13:57 - 2017-06-15 13:57 - 012024848 _____ (TeamViewer) C:\Users\Jara\TeamViewerQS.exe
2018-10-12 13:58 - 2018-10-12 14:01 - 000000294 _____ () C:\Users\Jara\AppData\Local\config.ini
2018-10-12 13:57 - 2018-10-12 14:01 - 000000000 _____ () C:\Users\Jara\AppData\Local\simedit.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-04-30 11:49
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05.2019
Ran by Jara (01-05-2019 16:34:57)
Running from C:\Users\Jara\Desktop
Windows 10 Home Version 1709 16299.611 (X64) (2018-02-07 22:22:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3330780853-3320950359-2519976978-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3330780853-3320950359-2519976978-503 - Limited - Disabled)
Guest (S-1-5-21-3330780853-3320950359-2519976978-501 - Limited - Disabled)
Jara (S-1-5-21-3330780853-3320950359-2519976978-1001 - Administrator - Enabled) => C:\Users\Jara
WDAGUtilityAccount (S-1-5-21-3330780853-3320950359-2519976978-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.91 - ICEpower a/s)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.57.1049 - Webteh, d.o.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon MG6600 series On-screen Manual (HKLM-x32\...\Canon MG6600 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
eObčanka (HKLM\...\{368DA93C-9B3A-4140-9D20-569C4948D99A}) (Version: 3.1.0.18314 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 65.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 65.0.2 (x64 cs)) (Version: 65.0.2 - Mozilla)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 369.09 - NVIDIA Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30103 - Realtek Semiconductor Corp.)
Seznam prohlížeč (HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\Seznam Browser) (Version: 4.4.10 - Seznam.cz a.s.)
Software602 Form Filler (HKLM-x32\...\{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}) (Version: 4.70 - Software602 a.s.)
TomTom MyDrive Connect 4.2.2.3561 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.2.3561 - TomTom)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-12-18 16:05 - 2015-07-14 13:27 - 000036864 _____ (Windows (R) Win 7 DDK provider) [File not signed] C:\WINDOWS\System32\602localmon.dll
2015-07-29 21:36 - 2015-07-29 21:36 - 000323152 _____ (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
2015-05-19 10:11 - 2015-05-19 10:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2016-02-24 10:07 - 2014-01-17 17:51 - 000588288 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2016-02-24 10:07 - 2013-11-07 20:35 - 000561152 _____ (CANON INC. ) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\amazon.com -> hxxps://amazon.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2019-01-09 15:22 - 000004967 _____ C:\WINDOWS\system32\drivers\etc\hosts

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com

There are 93 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Control Panel\Desktop\\Wallpaper -> G:\DCIM\100NIKON\DSCN0981.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45D52FC9-11ED-404D-AA12-98D33D0EA3F5}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{101C64C9-CAC8-44AC-841C-86CB1043E945}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{9BDEB4DA-C1F7-4507-BE52-D1FB7C51BCB8}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe (TomTom International BV -> TomTom)
FirewallRules: [UDP Query User{D7428E16-0403-40EF-8F42-6942B28BA08B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{29729BA3-2FB6-44FC-8CC6-07A0128958D6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{3C8A7324-AB91-4438-80EE-FA087D60D36D}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{9CFFF001-18D5-4A28-B564-2E22411704F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0B75F049-F169-48BE-AD83-8707EB45733B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{356CA582-6CBA-4D99-8A09-14ECECF9B817}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{64C773EB-2376-48FB-8BD0-C4ABBB439521}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{646FD863-EC87-45C2-AA58-FE3C87E1B4B1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{4B903569-C33C-443B-9B7D-FF946DE78ED1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{490F45C7-DA06-462C-9F9D-31FB88F72F83}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{EBD201EB-4BCC-4A9F-A85C-E19402A9123C}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{A6F6C7C9-37EB-4DF9-B101-AD8BB3BE42BD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

30-04-2019 12:42:12 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2019 04:26:27 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (05/01/2019 08:54:42 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 03:42:01 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 03:11:49 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

DPTF Build Version: 8.1.10602.174
DPTF Build Date: Jul 23 2015 11:24:10
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/30/2019 11:06:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (04/30/2019 10:48:35 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\DESKTOP-R8SE3GV$ přes https://INTC-KeyId-145126d0fdb53e99907d ... s/Aik/scep se nepovedla:

GetCACaps

Metoda: GET(4016ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (04/30/2019 10:40:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

System errors:
=============
Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 04:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 08:57:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/01/2019 08:55:52 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-R8SE3GV)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli DESKTOP-R8SE3GV\Jara (SID: S-1-5-21-3330780853-3320950359-2519976978-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Windows Defender:
===================================
Date: 2019-04-30 17:18:05.056
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Detplock
ID: 2147680291
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Jara\Desktop\CrystalDiskInfo8_0_0.exe;webfile:_C:\Users\Jara\Desktop\CrystalDiskInfo8_0_0.exe|https://ftp.stahuj.cz/dl/6c192d6907c7b2 ... chrome.exe
Původ zjišťování: Internet
Typ zjišťování: FastPath
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: Unknown
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 16:18:24.861
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\Microsoft Office\KMS_VL_ALL_6.8.2\64-bit\SppExtComObjPatcher.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 16:18:12.254
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\Microsoft Office\KMS_VL_ALL_6.8.2\64-bit\SppExtComObjPatcher.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 16:17:55.235
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
ID: 2147685180
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Program Files\Microsoft Office\KMS_VL_ALL_6.8.2\64-bit\SppExtComObjPatcher.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-R8SE3GV\Jara
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Verze podpisu: AV: 1.293.510.0, AS: 1.293.510.0, NIS: 119.0.0.0
Verze modulu: AM: 1.1.15900.4, NIS: 2.1.14600.4

Date: 2019-04-30 10:50:09.123
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.121
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 116.1.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Systém kontroly sítě
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 2.1.13804.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.066
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.065
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-04-30 10:50:09.063
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.233.884.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13303.0
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X751LJ.704 08/10/2015
Motherboard: ASUSTeK COMPUTER INC. X751LJ
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 29%
Total physical RAM: 8062.7 MB
Available physical RAM: 5702.42 MB
Total Virtual: 9342.7 MB
Available Virtual: 7010.87 MB

==================== Drives ================================

Drive c: (WIN 10 Home) (Fixed) (Total:371.5 GB) (Free:300.61 GB) NTFS
Drive d: (Disco ) (Fixed) (Total:558.91 GB) (Free:515.56 GB) NTFS

\\?\Volume{d3b41536-0f9d-4742-a7a3-ce4821d484f2}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{4f68855c-3527-4e09-985d-462cc0b14762}\ () (Fixed) (Total:0.83 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81052E31)

Partition: GPT.

==================== End of Addition.txt ============================

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Users\Jara\Seznam.cz.exe
CMD: type "C:\Users\Jara\start.cmd"
CMD: type "C:\Users\Jara\AppData\Local\config.ini"
ExportKey: HKEY_USERS\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Seznam Browser

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Task: {46994559-7642-488F-8044-5CA53436ED15} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-08] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {47692884-3771-4F24-8736-06E54567EA07} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {86CC8FE8-73F4-46D7-872C-11771F1B4B0F} - System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Jara\AppData\Local\BrowserAir\Application\unins000.exe
Task: {96F180FA-E783-4F47-A241-DC1A4FD8C3AF} - System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE} => C:\WINDOWS\system32\pcalua.exe -a G:\17.exe -d G:\
Task: {9790162E-CE7F-40DC-B1F4-FFBF874D6D2D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2380088 2019-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5} - System32\Tasks\KMS_VL_ALL => C:\Users\Jara\Desktop\KMS_VL_ALL_6.8.2\KMS_VL_ALL.cmd 
Task: {E4BDCB1E-40E2-4704-8B15-6941169A07F3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
FF Homepage: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> hxxps://www.seznam.cz/?clid=22668
FF HomepageOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
U3 avgbdisk; no ImagePath
2019-05-01 16:32 - 2019-05-01 16:32 - 000000000 ____D C:\Users\Jara\Desktop\FRST-OlderVersion
2017-09-25 15:09 - 2017-09-25 15:09 - 007142416 _____ (AVAST Software) C:\Users\Jara\avast_internet_security_setup_online.exe
2018-06-05 20:15 - 2018-06-05 20:15 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jara\avg_antivirus_free_setup.exe
2018-12-02 10:59 - 2018-12-02 10:59 - 000488952 _____ (IBM Corp.) C:\Users\Jara\RapportSetup.exe
2016-03-13 13:16 - 2016-03-13 13:16 - 043828520 _____ () C:\Users\Jara\Seznam.cz.exe
2017-06-15 13:57 - 2017-06-15 13:57 - 012024848 _____ (TeamViewer) C:\Users\Jara\TeamViewerQS.exe
2018-10-12 13:57 - 2018-10-12 14:01 - 000000000 _____ () C:\Users\Jara\AppData\Local\simedit.log
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "BingSvc"

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

tady je fix....

co to bylo smetí časem? Snad nee nic zásadního

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-05.2019
Ran by Jara (02-05-2019 18:10:15) Run:1
Running from C:\Users\Jara\Desktop
Loaded Profiles: Jara (Available Profiles: Jara)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Users\Jara\Seznam.cz.exe
CMD: type "C:\Users\Jara\start.cmd"
CMD: type "C:\Users\Jara\AppData\Local\config.ini"
ExportKey: HKEY_USERS\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Seznam Browser

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Task: {46994559-7642-488F-8044-5CA53436ED15} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-08] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {47692884-3771-4F24-8736-06E54567EA07} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {86CC8FE8-73F4-46D7-872C-11771F1B4B0F} - System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Jara\AppData\Local\BrowserAir\Application\unins000.exe
Task: {96F180FA-E783-4F47-A241-DC1A4FD8C3AF} - System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE} => C:\WINDOWS\system32\pcalua.exe -a G:\17.exe -d G:\
Task: {9790162E-CE7F-40DC-B1F4-FFBF874D6D2D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2380088 2019-04-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5} - System32\Tasks\KMS_VL_ALL => C:\Users\Jara\Desktop\KMS_VL_ALL_6.8.2\KMS_VL_ALL.cmd
Task: {E4BDCB1E-40E2-4704-8B15-6941169A07F3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
FF Homepage: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> hxxps://www.seznam.cz/?clid=22668
FF HomepageOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _qlMembers_@free.cryptopricesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
U3 avgbdisk; no ImagePath
2019-05-01 16:32 - 2019-05-01 16:32 - 000000000 ____D C:\Users\Jara\Desktop\FRST-OlderVersion
2017-09-25 15:09 - 2017-09-25 15:09 - 007142416 _____ (AVAST Software) C:\Users\Jara\avast_internet_security_setup_online.exe
2018-06-05 20:15 - 2018-06-05 20:15 - 007391672 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jara\avg_antivirus_free_setup.exe
2018-12-02 10:59 - 2018-12-02 10:59 - 000488952 _____ (IBM Corp.) C:\Users\Jara\RapportSetup.exe
2016-03-13 13:16 - 2016-03-13 13:16 - 043828520 _____ () C:\Users\Jara\Seznam.cz.exe
2017-06-15 13:57 - 2017-06-15 13:57 - 012024848 _____ (TeamViewer) C:\Users\Jara\TeamViewerQS.exe
2018-10-12 13:57 - 2018-10-12 14:01 - 000000000 _____ () C:\Users\Jara\AppData\Local\simedit.log
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jara\AppData\Local\Microsoft\OneDrive\19.067.0404.0004\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\...\StartupApproved\Run: => "BingSvc"

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========

Count : 27
Average :
Sum : 81027097
Maximum :
Minimum :
Property : Length

========= End of Powershell: =========

========================= File: C:\Users\Jara\Seznam.cz.exe ========================

C:\Users\Jara\Seznam.cz.exe
File is digitally signed
MD5: BD77A11E5D6C7C94E134739026C7F6E6
Creation and modification date: 2016-03-13 13:16 - 2016-03-13 13:16
Size: 043828520
Attributes: ----A
Company Name: Seznam.cz, a.s. ->
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

========= type "C:\Users\Jara\start.cmd" =========

.\FormFillerPortable\FormFillerPortable.exe

========= End of CMD: =========

========= type "C:\Users\Jara\AppData\Local\config.ini" =========

[SimEdit]
PhonebookPath=C:\Users\Jara\AppData\Local\Phonebook.txt
SmsPath=C:\Users\Jara\AppData\Local\SMS.txt
EnableCardDetect=0
DefaultDriverSupport=1
LogCategory=0
AutoSelectPhonebook=1
WindowMaxmized=0
WindowPosTop=137
WindowPosLeft=154
WindowPosBottom=884
WindowPosRight=1594

========= End of CMD: =========

================== ExportKey: ===================

[HKEY_USERS\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Seznam Browser]
"EstimatedSize"="124102"
"DisplayName"="Seznam prohlížeč"
"DisplayIcon"="C:\Users\Jara\AppData\Roaming\Seznam Browser\Seznam.cz.exe,0"
"UninstallString"=""C:\Users\Jara\AppData\Roaming\Seznam Browser\uninstall.exe""
"QuietUninstallString"=""C:\Users\Jara\AppData\Roaming\Seznam Browser\uninstall.exe" /S""
"Publisher"="Seznam.cz a.s."
"NoModify"="1"
"NoRepair"="1"
"DisplayVersion"="4.4.10"
"HelpLink"="https://napoveda.seznam.cz/cz/aplikace/ ... mcz-pro-pc"
"URLInfoAbout"="https://www.seznam.cz/prohlizec"
"URLUpdateInfo"="https://www.seznam.cz/prohlizec/historie-zmen"

=== End of ExportKey ===
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{46994559-7642-488F-8044-5CA53436ED15}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46994559-7642-488F-8044-5CA53436ED15}" => removed successfully
C:\WINDOWS\System32\Tasks\AVG\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{47692884-3771-4F24-8736-06E54567EA07}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47692884-3771-4F24-8736-06E54567EA07}" => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86CC8FE8-73F4-46D7-872C-11771F1B4B0F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86CC8FE8-73F4-46D7-872C-11771F1B4B0F}" => removed successfully
C:\WINDOWS\System32\Tasks\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{87BFD2ED-8BF2-48B6-988C-E31E2ABEF8C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96F180FA-E783-4F47-A241-DC1A4FD8C3AF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96F180FA-E783-4F47-A241-DC1A4FD8C3AF}" => removed successfully
C:\WINDOWS\System32\Tasks\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9A5B6951-D0A3-496E-983B-EB77D4B9CCBE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9790162E-CE7F-40DC-B1F4-FFBF874D6D2D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9790162E-CE7F-40DC-B1F4-FFBF874D6D2D}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0CEDFC4-1B45-4923-A47F-4001C8C2D5F5}" => removed successfully
C:\WINDOWS\System32\Tasks\KMS_VL_ALL => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMS_VL_ALL" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4BDCB1E-40E2-4704-8B15-6941169A07F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4BDCB1E-40E2-4704-8B15-6941169A07F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"Firefox homepage" => removed successfully
"Firefox HomepageOverride (_qlMembers_@free.cryptopricesearch.com) " => removed successfully
"Firefox NewTabOverride (_qlMembers_@free.cryptopricesearch.com) " => removed successfully
"Firefox NewTabOverride (_j5Members_@ext.ask.com) " => removed successfully
HKLM\System\CurrentControlSet\Services\avgbdisk => removed successfully
avgbdisk => service removed successfully
C:\Users\Jara\Desktop\FRST-OlderVersion => moved successfully
C:\Users\Jara\avast_internet_security_setup_online.exe => moved successfully
C:\Users\Jara\avg_antivirus_free_setup.exe => moved successfully
C:\Users\Jara\RapportSetup.exe => moved successfully
C:\Users\Jara\Seznam.cz.exe => moved successfully
C:\Users\Jara\TeamViewerQS.exe => moved successfully
C:\Users\Jara\AppData\Local\simedit.log => moved successfully
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F} => removed successfully
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-3330780853-3320950359-2519976978-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKU\\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BingSvc" => removed successfully
"HKU\S-1-5-21-3330780853-3320950359-2519976978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BingSvc" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 63744955 B
Java, Flash, Steam htmlcache => 19383 B
Windows/system/drivers => 8031072 B
Edge => 1019276 B
Chrome => 422114204 B
Firefox => 1091312231 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 19639814 B
NetworkService => 279499106 B
Jara => 46079797 B

RecycleBin => 43860965 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 18:16:53 ====

V podstate ano, vyzera to ciste, len este tie aktualizacie skusime opravit, kedze sa to stale neaktualizovalo.

Poznas C:\Users\Jara\start.cmd? Prehliadac Seznam Browser mas nainstalovany umyselne?

Spusti kontrolu integrity systemovych suborov:

Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca

Skopiruj a spusti prikaz:

Kód: Vybrat vše

DISM.exe /Online /Cleanup-image /Restorehealth

Po dokonceni skopiruj a spusti druhy prikaz:
Kód: Vybrat vše
```
sfc /scannow
```

Po dokonceni obidvoch prikazov skopiruj a spusti tento prikaz:

Kód: Vybrat vše

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt" && copy %windir%\logs\dism\dism.log %userprofile%\desktop\dism.txt

Na ploche sa vytvoria subory sfcdetails.txt a dism.txt, tieto subory zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
Restartuj PC a napis ako sa chova PC

C:\Users\Jara\start.cmd? Prehliadac Seznam Browser .......na nic nepotřebuji , můžeme odstranit

ntb se chová celkem v pohodě hdd po restartu spadne na 0% i když by to mohli trvat méně, ale to bude asi hardwarem, stačí spustit google prohlížeč a hned začně šrotit na 99% , ale po kratším čase si zase lehne, tak asi ok........asi by to chtělo SSD HDD

Seznam Browser by sa mal dat normalne odinstalovat cez Start -> Nastavenia -> Aplikacie (pripadne Win+R -> appwiz.cpl -> enter).

V PC su zbytky po Avast a AVG antivirusoch, ktore boli zrejme odinstalovane. Precisti PC cez odinstalatory (nechaj PC restartovat do nudzoveho rezimu):
Avast - https://www.avast.com/uninstall-utility
AVG - https://www.avg.com/sk-sk/avg-remover

Skus znovu vyhladat aktualizacie, ak to nejake najde a nechaj ich nainstalovat a restartovat PC. Napis ako to dopadlo.

Nasledne posli nove logy z FRST.

Tak myslím, že aktualizace funkcí na windows 10 verze 1803 to nainstalovalo i to celkem trvalo.
Dále jsem odinstaloval ten seznam prohlížeč a smazal C:\Users\Jara\start.cmd
Vyčistil v nouzáku AVG,AVAST zbytky
Ještě otravuje hláška sada pro místní prostředí v češtině se nedaří nainstalovat, zkusíme to za chvíli znova,.... atak dokola.....
ntb zdá se chodí.... ok

Ta hlaska sa kde ukazuje? Vies poslat screenshot?

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
2017-12-18 16:00 - 2017-12-18 16:00 - 085821536 _____ () C:\Users\Jara\software602_form_filler.exe
2017-06-29 16:23 - 2017-06-29 16:23 - 093663848 _____ (Acresso Software Inc.                                        ) C:\Users\Jara\software602_form_filler_portable.exe
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Ta hláška už je ok, nějak se doinstalovala, bylo to tohle i když nevím na co to je pořádně. Pořád to otravovalo a najednou se to samo doinstalovalo

. snad to není na škodu

https://www.microsoft.com/cs-cz/p/sada- ... verviewtab

Celkově ntb se chová OK

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-05.2019
Ran by Jara (06-05-2019 23:16:20) Run:2
Running from C:\Users\Jara\Desktop
Loaded Profiles: Jara (Available Profiles: Jara)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

FF NewTabOverride: Mozilla\Firefox\Profiles\61qldhz4.default-1508666986359 -> Enabled: _j5Members_@ext.ask.com
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
2017-12-18 16:00 - 2017-12-18 16:00 - 085821536 _____ () C:\Users\Jara\software602_form_filler.exe
2017-06-29 16:23 - 2017-06-29 16:23 - 093663848 _____ (Acresso Software Inc. ) C:\Users\Jara\software602_form_filler_portable.exe
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"Firefox NewTabOverride (_j5Members_@ext.ask.com) " => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
C:\Users\Jara\software602_form_filler.exe => moved successfully
C:\Users\Jara\software602_form_filler_portable.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18979968 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2203269 B
Edge => 1956581 B
Chrome => 40977831 B
Firefox => 17505443 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 8278 B
NetworkService => 0 B
Jara => 3514377 B

RecycleBin => 0 B
EmptyTemp: => 87 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 23:17:49 ====

Super, logy vyzeraju tiez ok. Ak uz teda nie su ziadne problemy, tak este upraceme po pouzitych nastrojoch:

Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
Uloz na plochu a spusti
Nechaj oznacenu moznost "Remove disinfection tools"
Klikni na "Run"

VIRY.CZ

Moc prosím o preventívní kontrolu po dlouhé době.

Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.

Re: Moc prosím o preventívní kontrolu po dlouhé době.