Prosím o kontrolu logu. Trojan?

[Bramby]

Zdravím. Prosím o kontrolu logu. Omylem se mi povedlo kliknout na přílohu mailu ......pdf.iso

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-09-2019
Ran by Brambor (administrator) on BRAMBOR-PC (GBT___ AWRDACPI) (04-09-2019 13:13:39)
Running from C:\Users\Brambor\Desktop
Loaded Profiles: Brambor (Available Profiles: Brambor)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\PCSVC.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1919342834-516617278-753571488-1000\...\Run: [Google Update] => C:\Users\Brambor\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-07-08] (Google Inc -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Select a coupon.lnk [2019-07-08]
ShortcutTarget: Select a coupon.lnk -> C:\Program Files\epson\TMCommandEmulator\PopupWindow.exe (Seiko Epson Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TM-T70II Utility(Automatic Restore).lnk [2019-07-08]
ShortcutTarget: TM-T70II Utility(Automatic Restore).lnk -> C:\Program Files (x86)\EPSON\TM-T70II Software\TMT70IIUTL\TMRESTOREAPP.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {530D3412-118D-4BCB-A901-D1EB554567E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1919342834-516617278-753571488-1000UA => C:\Users\Brambor\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-07-08] (Google Inc -> Google LLC)
Task: {61899872-AA61-4F25-9881-B46556497194} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1919342834-516617278-753571488-1000Core => C:\Users\Brambor\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-07-08] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{7FBA8EA4-F420-42CA-A016-1CF19604EB4E}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1919342834-516617278-753571488-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/cs-cz/?ocid=iehp
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF Plugin HKU\S-1-5-21-1919342834-516617278-753571488-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Brambor\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-08] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1919342834-516617278-753571488-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Brambor\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-08] (Google Inc -> Google LLC)

Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com
CHR StartupUrls: Default -> "hxxp://www.cyklosportsr.cz/"
CHR NewTab: Default -> Active:"chrome-extension://bhloflhklmhfpedakmangadcdofhnnoh/index.html"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default [2019-09-04]
CHR Extension: (Prezentace) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-08]
CHR Extension: (Learn English - Beelingo.com) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeefohgoiafgjjpihnoeofgijggpbmmf [2019-07-08]
CHR Extension: (Duolingo on the Web) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2019-07-08]
CHR Extension: (Dokumenty) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-08]
CHR Extension: (Disk Google) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-08]
CHR Extension: (Earth View from Google Earth) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2019-07-08]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-09-04]
CHR Extension: (YouTube) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-08]
CHR Extension: (Vocabla - budovat svou slovní zásobu) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnfmoippfkddcakmbeaglgjcfcfcfmk [2019-07-08]
CHR Extension: (AVG Secure Search) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2019-07-08]
CHR Extension: (uBlock Origin) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-07-24]
CHR Extension: (Alexa Traffic Rank) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2019-08-02]
CHR Extension: (Plná Peněženka Lištička) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmgkhgjmodembdmiimbacpjgcdimiek [2019-07-09]
CHR Extension: (Tabulky) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-08]
CHR Extension: (Tlačítko Uložit) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-09-04]
CHR Extension: (SearchPreview) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2019-07-08]
CHR Extension: (Webcam Toy) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2019-07-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-08]
CHR Extension: (Prohlížeč dokumentů ve formátu PDF/PowerPoint (od společnosti Google)) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2019-07-08]
CHR Extension: (Learn English) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogeblbgokjljbcoipfmbphbmcdbbnfjc [2019-07-08]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2019-09-04]
CHR Extension: (Gmail) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-08]
CHR Extension: (Chrome Media Router) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR Profile: C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-04]
StartMenuInternet: Google Chrome.LQOUDH7BTQRSAFFJJZSKLMUYKU - C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [408064 2017-12-08] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [582144 2017-12-08] (SEIKO EPSON CORPORATION) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [21640 2017-12-08] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [867328 2009-06-10] (Microsoft Windows -> Ralink Technology Corp.)
R3 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [67408 2017-10-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-04 13:13 - 2019-09-04 13:15 - 000012297 _____ C:\Users\Brambor\Desktop\FRST.txt
2019-09-04 13:13 - 2019-09-04 13:13 - 000000000 ____D C:\FRST
2019-09-04 13:03 - 2019-09-04 13:03 - 000000000 ____D C:\viry
2019-09-04 12:54 - 2019-09-04 12:57 - 001615360 _____ (Farbar) C:\Users\Brambor\Desktop\FRST64.exe
2019-08-26 13:53 - 2019-08-26 13:58 - 000000000 ____D C:\Tetování
2019-08-14 10:43 - 2019-08-14 10:43 - 000072291 _____ C:\Users\Brambor\Desktop\FH-RM66-3251.pdf
2019-08-14 10:42 - 2019-08-14 10:42 - 002902375 _____ C:\Users\Brambor\Desktop\FH-RM33-3650A.pdf
2019-08-14 10:41 - 2019-08-14 10:41 - 000252062 _____ C:\Users\Brambor\Desktop\FH-RM33-3650.pdf
2019-08-14 10:40 - 2019-08-14 10:40 - 000472494 _____ C:\Users\Brambor\Desktop\FH-MC30-1370.pdf
2019-08-05 15:00 - 2019-08-05 15:00 - 000000000 ____D C:\Users\Brambor\AppData\Roaming\LibreOffice
2019-08-05 14:54 - 2019-08-05 14:54 - 000001418 _____ C:\Users\Public\Desktop\LibreOffice 6.2.lnk
2019-08-05 14:54 - 2019-08-05 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.2
2019-08-05 14:52 - 2019-08-05 14:53 - 000000000 ____D C:\Program Files\LibreOffice
2019-08-05 14:41 - 2019-08-05 14:41 - 000000000 ____D C:\2020

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-04 11:56 - 2009-07-14 06:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-04 11:56 - 2009-07-14 06:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-04 11:33 - 2019-07-08 12:45 - 000000000 ____D C:\Users\Brambor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-09-04 11:33 - 2019-07-08 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-09-04 10:29 - 2019-05-22 10:49 - 000000000 ____D C:\Motorky
2019-09-04 09:54 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-28 10:13 - 2019-07-08 11:37 - 000002413 _____ C:\Users\Brambor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-28 10:13 - 2019-07-08 11:37 - 000002376 _____ C:\Users\Brambor\Desktop\Google Chrome.lnk
2019-08-13 10:11 - 2019-07-08 14:53 - 000000000 ____D C:\Users\Brambor\AppData\Local\ElevatedDiagnostics
2019-08-08 16:29 - 2019-07-08 11:16 - 000095936 _____ C:\Users\Brambor\AppData\Local\GDIPFONTCACHEV1.DAT
2019-08-06 12:59 - 2009-07-14 06:45 - 000428168 _____ C:\Windows\system32\FNTCACHE.DAT

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2010-11-21 05:24] - 001008640 _____ (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2019-07-08 12:46] - [2019-07-08 12:46] - 000833024 _____ (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356


LastRegBack: 2019-08-21 11:05
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-09-2019
Ran by Brambor (04-09-2019 13:15:43)
Running from C:\Users\Brambor\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2019-07-08 09:09:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1919342834-516617278-753571488-500 - Administrator - Disabled)
Brambor (S-1-5-21-1919342834-516617278-753571488-1000 - Administrator - Enabled) => C:\Users\Brambor
Guest (S-1-5-21-1919342834-516617278-753571488-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1919342834-516617278-753571488-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

EPSON Advanced Printer Driver for TM-T70II Ver.5 (HKLM-x32\...\EPSON Advanced Printer Driver 5 For TM-T70II) (Version: 5.10.1.0 - Seiko Epson Corporation)
EPSON APD5 Plugin for TM-T70II (HKLM\...\{92613647-44A6-4619-98DF-7D2737D7B401}) (Version: 5.10.0.0 - Seiko Epson Corporation)
EPSON APD5 PrinterReg for TM-T70II (HKLM\...\{92C9EE1F-F04E-4748-9E97-963752606C1F}) (Version: 5.10.0.0 - Seiko Epson Corporation)
EPSON Port Communication Service (HKLM\...\{8B933A2E-4C01-4681-821D-F055F455F6C0}) (Version: 3.20.0 - SEIKO EPSON CORPORATION)
EPSON TM Bluetooth Connector (HKLM-x32\...\{78758F5A-1778-49F0-B4CE-B83B789B2D90}) (Version: 2.03.0000 - Seiko Epson Corporation)
EPSON TM Coupon Package (HKLM-x32\...\{60ED98A7-BE97-4F26-B32E-5087337C6044}) (Version: 3.50.0000 - Seiko Epson Corporation)
EPSON TM-T70II Utility (HKLM-x32\...\{F10F979D-6000-41FC-9CBC-5375E0DDE0FC}) (Version: 1.3.1.0 - Seiko Epson Corporation)
Google Chrome (HKU\S-1-5-21-1919342834-516617278-753571488-1000\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
LibreOffice 6.2.5.2 (HKLM\...\{207F3229-8AA5-4544-BDB7-7995538A5ED5}) (Version: 6.2.5.2 - The Document Foundation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.7.2 - Mozilla)
Mozilla Thunderbird 60.8.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.8.0 (x86 cs)) (Version: 60.8.0 - Mozilla)
STORMWARE POHODA CZ Jazz (HKLM-x32\...\{55989711-DB0C-4EA1-A5EA-FF9D78647CBD}) (Version: 12200.239 - STORMWARE)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1919342834-516617278-753571488-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Brambor\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1919342834-516617278-753571488-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Brambor\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2010-11-21 05:24 - 2010-11-21 05:24 - 001008640 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\USER32.dll
2019-07-08 12:46 - 2019-07-08 12:46 - 000833024 _____ (Microsoft Corporation) [File not signed] C:\Windows\syswow64\USER32.dll
2019-07-08 14:52 - 2018-07-26 11:27 - 000420864 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\Advanced Printer Tool\PrintManagementTool\EAPPrtMgr.dll
2017-12-08 10:54 - 2017-12-08 10:54 - 000158720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\BluetoothIO.dll
2017-12-08 10:54 - 2017-12-08 10:54 - 000101376 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\PortCommunicationService\DeviceControlLogLibrary.dll
2017-12-08 10:54 - 2017-12-08 10:54 - 000237568 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\EthernetDHCPIO.dll
2017-12-08 10:56 - 2017-12-08 10:56 - 000226304 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\EthernetIO31.dll
2017-12-08 10:56 - 2017-12-08 10:56 - 000175104 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\ParallelIO31.dll
2017-12-08 10:55 - 2017-12-08 10:55 - 000209408 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\PortCommunicationService\PCSIF.DLL
2017-12-08 10:54 - 2017-12-08 10:54 - 000343552 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\PortCommunicationService\PortConfig.DLL
2017-12-08 10:55 - 2017-12-08 10:55 - 000133632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\PortConnector31.DLL
2017-12-08 10:56 - 2017-12-08 10:56 - 000158720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\SerialIO31.dll
2017-12-08 10:56 - 2017-12-08 10:56 - 000206848 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\USBIO31.dll
2019-07-08 14:52 - 2018-10-01 05:32 - 000599040 _____ (Seiko Epson Corporation) [File not signed] C:\Windows\System32\EA5LMTMT70II.DLL
2019-07-08 14:51 - 2018-06-07 11:26 - 000245248 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\EAPPHPM.dll
2019-07-08 14:52 - 2018-10-01 05:32 - 001227776 _____ (Seiko Epson Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EA5UIPTMT70II.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-07-08 12:46 - 000000921 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1919342834-516617278-753571488-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brambor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C90F6984-70E4-48C9-AADE-4E74545725CD}C:\users\brambor\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\brambor\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{5EE4B39C-52FD-4E17-B84B-820C8A60FE55}C:\users\brambor\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\brambor\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3A926019-6B2B-4B77-9894-38C2C42C76EA}] => (Allow) C:\Program Files (x86)\EPSON\TM-T70II Software\TMT70IIUTL\TMT70IIUTL.EXE (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{CB648779-8D00-48DB-AB98-06311FD2D1B6}] => (Allow) C:\Program Files (x86)\EPSON\TM-T70II Software\TMT70IIUTL\TMT70IIUTL.EXE (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{A49B10F3-CA5D-4C80-9CD2-98F5375F5518}] => (Allow) C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 5\NetworkSettingTool\APDNetSetting.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{DD0845DA-432A-4E20-BF59-41BB2D1226A9}] => (Allow) C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 5\NetworkSettingTool\APDNetSetting.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [TCP Query User{3ABFC6FB-85DB-49F9-AECE-B10857286336}C:\users\brambor\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\brambor\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{6333DFDA-FD9B-454E-99DA-CEFD39749F8B}C:\users\brambor\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\brambor\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-07-2019 10:03:45 Naplánovaný kontrolní bod
18-07-2019 10:04:16 Windows Update
25-07-2019 12:22:50 Naplánovaný kontrolní bod
02-08-2019 10:57:50 Windows Update
05-08-2019 14:50:30 Installed LibreOffice 6.2.5.2
13-08-2019 10:11:42 Naplánovaný kontrolní bod
21-08-2019 11:12:07 Naplánovaný kontrolní bod
29-08-2019 12:34:22 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2019 09:55:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/04/2019 09:54:06 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error: (09/04/2019 09:54:06 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error: (09/03/2019 01:07:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/03/2019 01:05:51 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error: (09/03/2019 01:05:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error: (09/02/2019 10:03:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/02/2019 10:02:15 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.


System errors:
=============
Error: (09/02/2019 12:27:47 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Firmware platformy při předchozím přechodu systémového napájení poškodil paměť. Zkontrolujte dostupnost aktualizovaného firmwaru pro váš systém.

Error: (08/30/2019 01:09:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.

Error: (08/30/2019 12:15:09 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Firmware platformy při předchozím přechodu systémového napájení poškodil paměť. Zkontrolujte dostupnost aktualizovaného firmwaru pro váš systém.

Error: (08/30/2019 12:14:06 PM) (Source: atapi) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error: (08/29/2019 03:39:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Netman bylo dosaženo časového limitu (30000 ms).

Error: (08/29/2019 03:27:21 PM) (Source: atapi) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error: (08/29/2019 03:27:21 PM) (Source: atapi) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.

Error: (08/29/2019 12:41:59 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Firmware platformy při předchozím přechodu systémového napájení poškodil paměť. Zkontrolujte dostupnost aktualizovaného firmwaru pro váš systém.


Windows Defender:
===================================
Date: 2019-09-04 13:11:22.047
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{C581C544-110D-42C1-AF07-DA22FB7218DF}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Brambor-PC\Brambor

Date: 2019-09-04 13:11:07.836
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{3CD7BFAA-4917-4149-8C65-E574FABBD9BC}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:Brambor-PC\Brambor

Date: 2019-09-04 11:51:42.621
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{455E7277-4FAE-48FC-B8BB-4E1CCD6BBB02}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Brambor-PC\Brambor

Date: 2019-07-18 10:05:17.055
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu:1.1.16100.4
Předchozí verze modulu:1.1.6402.0
Zdroj aktualizace:Uživatel
Uživatel:NT AUTHORITY\SYSTEM
Kód chyby:0x8050800c
Popis chyby:Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2019-09-04 13:13:11.565
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 12:54:03.336
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 12:47:06.967
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 12:37:40.784
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 12:16:55.467
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 11:32:48.858
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 11:16:30.488
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 10:57:26.925
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Award Software International, Inc. GBT - 42302e31 08/29/2006
Motherboard: Gigabyte Technology Co., Ltd. 965GM-S2
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
Percentage of memory in use: 92%
Total physical RAM: 3071.55 MB
Available physical RAM: 220.22 MB
Total Virtual: 6141.31 MB
Available Virtual: 1414.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:168.79 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 38F138F0)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[Bramby]

Projel jsem to a nabídlo mi to pouze možnosti zrušit nebo karanténa.

[JaRon]

zaskocim - dak karantenu a vloz log

[Bramby]

Zdravím. Tak tady je.
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-09-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-04-2019
# Duration: 00:00:04
# OS: Windows 7 Home Premium
# Cleaned: 4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted AVG Web TuneUp
Deleted Alexa Traffic Rank
Deleted Seznam doplněk - Esko

***** [ Chromium URLs ] *****

Deleted DAEMON Search

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1462 octets] - [04/09/2019 14:05:52]
AdwCleaner[S01].txt - [1523 octets] - [04/09/2019 14:07:47]
AdwCleaner[S02].txt - [1584 octets] - [04/09/2019 14:15:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

[Rudy]

OK. Dejte nové logy FRST+Addition.

[Bramby]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-09-2019
Ran by Brambor (04-09-2019 14:59:51)
Running from C:\Users\Brambor\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2019-07-08 09:09:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1919342834-516617278-753571488-500 - Administrator - Disabled)
Brambor (S-1-5-21-1919342834-516617278-753571488-1000 - Administrator - Enabled) => C:\Users\Brambor
Guest (S-1-5-21-1919342834-516617278-753571488-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1919342834-516617278-753571488-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

EPSON Advanced Printer Driver for TM-T70II Ver.5 (HKLM-x32\...\EPSON Advanced Printer Driver 5 For TM-T70II) (Version: 5.10.1.0 - Seiko Epson Corporation)
EPSON APD5 Plugin for TM-T70II (HKLM\...\{92613647-44A6-4619-98DF-7D2737D7B401}) (Version: 5.10.0.0 - Seiko Epson Corporation)
EPSON APD5 PrinterReg for TM-T70II (HKLM\...\{92C9EE1F-F04E-4748-9E97-963752606C1F}) (Version: 5.10.0.0 - Seiko Epson Corporation)
EPSON Port Communication Service (HKLM\...\{8B933A2E-4C01-4681-821D-F055F455F6C0}) (Version: 3.20.0 - SEIKO EPSON CORPORATION)
EPSON TM Bluetooth Connector (HKLM-x32\...\{78758F5A-1778-49F0-B4CE-B83B789B2D90}) (Version: 2.03.0000 - Seiko Epson Corporation)
EPSON TM Coupon Package (HKLM-x32\...\{60ED98A7-BE97-4F26-B32E-5087337C6044}) (Version: 3.50.0000 - Seiko Epson Corporation)
EPSON TM-T70II Utility (HKLM-x32\...\{F10F979D-6000-41FC-9CBC-5375E0DDE0FC}) (Version: 1.3.1.0 - Seiko Epson Corporation)
Google Chrome (HKU\S-1-5-21-1919342834-516617278-753571488-1000\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
LibreOffice 6.2.5.2 (HKLM\...\{207F3229-8AA5-4544-BDB7-7995538A5ED5}) (Version: 6.2.5.2 - The Document Foundation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.7.2 - Mozilla)
Mozilla Thunderbird 60.8.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.8.0 (x86 cs)) (Version: 60.8.0 - Mozilla)
STORMWARE POHODA CZ Jazz (HKLM-x32\...\{55989711-DB0C-4EA1-A5EA-FF9D78647CBD}) (Version: 12200.239 - STORMWARE)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1919342834-516617278-753571488-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Brambor\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1919342834-516617278-753571488-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Brambor\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll (Google Inc -> Google LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2010-11-21 05:24 - 2010-11-21 05:24 - 001008640 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\USER32.dll
2019-07-08 12:46 - 2019-07-08 12:46 - 000833024 _____ (Microsoft Corporation) [File not signed] C:\Windows\syswow64\USER32.dll
2019-07-08 14:52 - 2018-07-26 11:27 - 000420864 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\Advanced Printer Tool\PrintManagementTool\EAPPrtMgr.dll
2017-12-08 10:54 - 2017-12-08 10:54 - 000158720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\BluetoothIO.dll
2017-12-08 10:54 - 2017-12-08 10:54 - 000101376 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\PortCommunicationService\DeviceControlLogLibrary.dll
2017-12-08 10:54 - 2017-12-08 10:54 - 000237568 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\EthernetDHCPIO.dll
2017-12-08 10:56 - 2017-12-08 10:56 - 000226304 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\EthernetIO31.dll
2017-12-08 10:56 - 2017-12-08 10:56 - 000175104 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\ParallelIO31.dll
2017-12-08 10:55 - 2017-12-08 10:55 - 000209408 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\PortCommunicationService\PCSIF.DLL
2017-12-08 10:54 - 2017-12-08 10:54 - 000343552 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\EPSON\PortCommunicationService\PortConfig.DLL
2017-12-08 10:55 - 2017-12-08 10:55 - 000133632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\PortConnector31.DLL
2017-12-08 10:56 - 2017-12-08 10:56 - 000158720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\SerialIO31.dll
2017-12-08 10:56 - 2017-12-08 10:56 - 000206848 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\USBIO31.dll
2019-07-08 14:52 - 2018-10-01 05:32 - 000599040 _____ (Seiko Epson Corporation) [File not signed] C:\Windows\System32\EA5LMTMT70II.DLL
2019-07-08 14:51 - 2018-06-07 11:26 - 000245248 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\EAPPHPM.dll
2019-07-08 14:52 - 2018-10-01 05:32 - 001227776 _____ (Seiko Epson Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\EA5UIPTMT70II.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2019-07-08 12:46 - 000000921 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1919342834-516617278-753571488-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brambor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C90F6984-70E4-48C9-AADE-4E74545725CD}C:\users\brambor\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\brambor\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{5EE4B39C-52FD-4E17-B84B-820C8A60FE55}C:\users\brambor\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\brambor\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3A926019-6B2B-4B77-9894-38C2C42C76EA}] => (Allow) C:\Program Files (x86)\EPSON\TM-T70II Software\TMT70IIUTL\TMT70IIUTL.EXE (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{CB648779-8D00-48DB-AB98-06311FD2D1B6}] => (Allow) C:\Program Files (x86)\EPSON\TM-T70II Software\TMT70IIUTL\TMT70IIUTL.EXE (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{A49B10F3-CA5D-4C80-9CD2-98F5375F5518}] => (Allow) C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 5\NetworkSettingTool\APDNetSetting.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{DD0845DA-432A-4E20-BF59-41BB2D1226A9}] => (Allow) C:\Program Files (x86)\EPSON\EPSON Advanced Printer Driver 5\NetworkSettingTool\APDNetSetting.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [TCP Query User{3ABFC6FB-85DB-49F9-AECE-B10857286336}C:\users\brambor\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\brambor\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{6333DFDA-FD9B-454E-99DA-CEFD39749F8B}C:\users\brambor\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\brambor\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-07-2019 10:03:45 Naplánovaný kontrolní bod
18-07-2019 10:04:16 Windows Update
25-07-2019 12:22:50 Naplánovaný kontrolní bod
02-08-2019 10:57:50 Windows Update
05-08-2019 14:50:30 Installed LibreOffice 6.2.5.2
13-08-2019 10:11:42 Naplánovaný kontrolní bod
21-08-2019 11:12:07 Naplánovaný kontrolní bod
29-08-2019 12:34:22 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2019 02:44:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/04/2019 02:42:18 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error: (09/04/2019 02:42:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error: (09/04/2019 01:58:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Windows\System32\systemcpl.dll se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="*",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (09/04/2019 09:55:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/04/2019 09:54:06 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error: (09/04/2019 09:54:06 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error: (09/03/2019 01:07:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (09/04/2019 02:41:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (09/04/2019 02:41:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba EPSON Port Communication Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/04/2019 02:41:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba EPSON Device Control Log Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/04/2019 02:41:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (09/02/2019 12:27:47 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Firmware platformy při předchozím přechodu systémového napájení poškodil paměť. Zkontrolujte dostupnost aktualizovaného firmwaru pro váš systém.

Error: (08/30/2019 01:09:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.

Error: (08/30/2019 12:15:09 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Firmware platformy při předchozím přechodu systémového napájení poškodil paměť. Zkontrolujte dostupnost aktualizovaného firmwaru pro váš systém.

Error: (08/30/2019 12:14:06 PM) (Source: atapi) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Ide\IdePort0.


Windows Defender:
===================================
Date: 2019-09-04 13:11:22.047
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{C581C544-110D-42C1-AF07-DA22FB7218DF}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Brambor-PC\Brambor

Date: 2019-09-04 13:11:07.836
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{3CD7BFAA-4917-4149-8C65-E574FABBD9BC}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Úplné prohledávání
Uživatel:Brambor-PC\Brambor

Date: 2019-09-04 11:51:42.621
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{455E7277-4FAE-48FC-B8BB-4E1CCD6BBB02}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:Brambor-PC\Brambor

Date: 2019-07-18 10:05:17.055
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu:1.1.16100.4
Předchozí verze modulu:1.1.6402.0
Zdroj aktualizace:Uživatel
Uživatel:NT AUTHORITY\SYSTEM
Kód chyby:0x8050800c
Popis chyby:Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2019-09-04 14:57:55.465
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 14:42:16.031
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 14:37:23.476
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 14:20:31.797
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 14:14:14.125
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 13:53:11.652
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 13:13:11.565
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-09-04 12:54:03.336
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Award Software International, Inc. GBT - 42302e31 08/29/2006
Motherboard: Gigabyte Technology Co., Ltd. 965GM-S2
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
Percentage of memory in use: 92%
Total physical RAM: 3071.55 MB
Available physical RAM: 245.69 MB
Total Virtual: 6141.31 MB
Available Virtual: 1892.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:168.76 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 38F138F0)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-09-2019
Ran by Brambor (administrator) on BRAMBOR-PC (GBT___ AWRDACPI) (04-09-2019 14:58:19)
Running from C:\Users\Brambor\Desktop
Loaded Profiles: Brambor (Available Profiles: Brambor)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files\epson\portcommunicationservice\PCSVC.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1919342834-516617278-753571488-1000\...\Run: [Google Update] => C:\Users\Brambor\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe [410920 2019-07-08] (Google Inc -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Select a coupon.lnk [2019-07-08]
ShortcutTarget: Select a coupon.lnk -> C:\Program Files\epson\TMCommandEmulator\PopupWindow.exe (Seiko Epson Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TM-T70II Utility(Automatic Restore).lnk [2019-07-08]
ShortcutTarget: TM-T70II Utility(Automatic Restore).lnk -> C:\Program Files (x86)\EPSON\TM-T70II Software\TMT70IIUTL\TMRESTOREAPP.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {530D3412-118D-4BCB-A901-D1EB554567E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1919342834-516617278-753571488-1000UA => C:\Users\Brambor\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-07-08] (Google Inc -> Google LLC)
Task: {61899872-AA61-4F25-9881-B46556497194} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1919342834-516617278-753571488-1000Core => C:\Users\Brambor\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-07-08] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{7FBA8EA4-F420-42CA-A016-1CF19604EB4E}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1919342834-516617278-753571488-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/cs-cz/?ocid=iehp
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF Plugin HKU\S-1-5-21-1919342834-516617278-753571488-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Brambor\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-08] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1919342834-516617278-753571488-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Brambor\AppData\Local\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-08] (Google Inc -> Google LLC)

Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com
CHR StartupUrls: Default -> "hxxp://www.cyklosportsr.cz/"
CHR NewTab: Default -> Active:"chrome-extension://bhloflhklmhfpedakmangadcdofhnnoh/index.html"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default [2019-09-04]
CHR Extension: (Prezentace) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-08]
CHR Extension: (Learn English - Beelingo.com) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeefohgoiafgjjpihnoeofgijggpbmmf [2019-07-08]
CHR Extension: (Duolingo on the Web) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2019-07-08]
CHR Extension: (Dokumenty) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-08]
CHR Extension: (Disk Google) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-08]
CHR Extension: (Earth View from Google Earth) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2019-07-08]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-09-04]
CHR Extension: (YouTube) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-08]
CHR Extension: (Vocabla - budovat svou slovní zásobu) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnfmoippfkddcakmbeaglgjcfcfcfmk [2019-07-08]
CHR Extension: (AVG Secure Search) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2019-09-04]
CHR Extension: (uBlock Origin) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-07-24]
CHR Extension: (Alexa Traffic Rank) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2019-09-04]
CHR Extension: (Plná Peněženka Lištička) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmgkhgjmodembdmiimbacpjgcdimiek [2019-07-09]
CHR Extension: (Tabulky) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-08]
CHR Extension: (Tlačítko Uložit) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-09-04]
CHR Extension: (SearchPreview) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2019-07-08]
CHR Extension: (Webcam Toy) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2019-07-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-08]
CHR Extension: (Prohlížeč dokumentů ve formátu PDF/PowerPoint (od společnosti Google)) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2019-07-08]
CHR Extension: (Learn English) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogeblbgokjljbcoipfmbphbmcdbbnfjc [2019-07-08]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2019-09-04]
CHR Extension: (Gmail) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-08]
CHR Extension: (Chrome Media Router) - C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR Profile: C:\Users\Brambor\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-04]
StartMenuInternet: Google Chrome.LQOUDH7BTQRSAFFJJZSKLMUYKU - C:\Users\Brambor\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [408064 2017-12-08] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [582144 2017-12-08] (SEIKO EPSON CORPORATION) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [21640 2017-12-08] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [867328 2009-06-10] (Microsoft Windows -> Ralink Technology Corp.)
R3 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [67408 2017-10-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-04 14:04 - 2019-09-04 14:41 - 000000000 ____D C:\AdwCleaner
2019-09-04 14:04 - 2019-09-04 14:04 - 007623880 _____ (Malwarebytes) C:\Users\Brambor\Desktop\adwcleaner_7.4.exe
2019-09-04 13:15 - 2019-09-04 13:20 - 000019917 _____ C:\Users\Brambor\Desktop\Addition.txt
2019-09-04 13:13 - 2019-09-04 14:59 - 000012120 _____ C:\Users\Brambor\Desktop\FRST.txt
2019-09-04 13:13 - 2019-09-04 14:58 - 000000000 ____D C:\FRST
2019-09-04 13:03 - 2019-09-04 13:03 - 000000000 ____D C:\viry
2019-09-04 12:54 - 2019-09-04 12:57 - 001615360 _____ (Farbar) C:\Users\Brambor\Desktop\FRST64.exe
2019-08-26 13:53 - 2019-08-26 13:58 - 000000000 ____D C:\Tetování
2019-08-14 10:43 - 2019-08-14 10:43 - 000072291 _____ C:\Users\Brambor\Desktop\FH-RM66-3251.pdf
2019-08-14 10:42 - 2019-08-14 10:42 - 002902375 _____ C:\Users\Brambor\Desktop\FH-RM33-3650A.pdf
2019-08-14 10:41 - 2019-08-14 10:41 - 000252062 _____ C:\Users\Brambor\Desktop\FH-RM33-3650.pdf
2019-08-14 10:40 - 2019-08-14 10:40 - 000472494 _____ C:\Users\Brambor\Desktop\FH-MC30-1370.pdf
2019-08-05 15:00 - 2019-08-05 15:00 - 000000000 ____D C:\Users\Brambor\AppData\Roaming\LibreOffice
2019-08-05 14:54 - 2019-08-05 14:54 - 000001418 _____ C:\Users\Public\Desktop\LibreOffice 6.2.lnk
2019-08-05 14:54 - 2019-08-05 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.2
2019-08-05 14:52 - 2019-08-05 14:53 - 000000000 ____D C:\Program Files\LibreOffice
2019-08-05 14:41 - 2019-08-05 14:41 - 000000000 ____D C:\2020

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-04 14:42 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-04 14:41 - 2009-07-14 06:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-04 14:41 - 2009-07-14 06:45 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-04 11:33 - 2019-07-08 12:45 - 000000000 ____D C:\Users\Brambor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-09-04 11:33 - 2019-07-08 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-09-04 10:29 - 2019-05-22 10:49 - 000000000 ____D C:\Motorky
2019-08-28 10:13 - 2019-07-08 11:37 - 000002413 _____ C:\Users\Brambor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-28 10:13 - 2019-07-08 11:37 - 000002376 _____ C:\Users\Brambor\Desktop\Google Chrome.lnk
2019-08-13 10:11 - 2019-07-08 14:53 - 000000000 ____D C:\Users\Brambor\AppData\Local\ElevatedDiagnostics
2019-08-08 16:29 - 2019-07-08 11:16 - 000095936 _____ C:\Users\Brambor\AppData\Local\GDIPFONTCACHEV1.DAT
2019-08-06 12:59 - 2009-07-14 06:45 - 000428168 _____ C:\Windows\system32\FNTCACHE.DAT

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2010-11-21 05:24] - 001008640 _____ (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2019-07-08 12:46] - [2019-07-08 12:46] - 000833024 _____ (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356


LastRegBack: 2019-08-21 11:05
==================== End of FRST.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
Task: {530D3412-118D-4BCB-A901-D1EB554567E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1919342834-516617278-753571488-1000UA => C:\Users\Brambor\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-07-08] (Google Inc -> Google LLC)
Task: {61899872-AA61-4F25-9881-B46556497194} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1919342834-516617278-753571488-1000Core => C:\Users\Brambor\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-07-08] (Google Inc -> Google LLC)
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1

EmptyTemp:
Hosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Bramby]

Zdravím. Uložil jsem soubor, a dal FIX, ale log nevyběhl. Pouze hláška "ukončeno" restartujte počítač.

[Bramby]

Omlouvám se. Našel jsem ho.
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-09-2019
Ran by Brambor (05-09-2019 09:48:38) Run:1
Running from C:\Users\Brambor\Desktop
Loaded Profiles: Brambor (Available Profiles: Brambor)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
Task: {530D3412-118D-4BCB-A901-D1EB554567E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1919342834-516617278-753571488-1000UA => C:\Users\Brambor\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-07-08] (Google Inc -> Google LLC)
Task: {61899872-AA61-4F25-9881-B46556497194} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1919342834-516617278-753571488-1000Core => C:\Users\Brambor\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-07-08] (Google Inc -> Google LLC)
CHR HomePage: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{530D3412-118D-4BCB-A901-D1EB554567E2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{530D3412-118D-4BCB-A901-D1EB554567E2}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1919342834-516617278-753571488-1000UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1919342834-516617278-753571488-1000UA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61899872-AA61-4F25-9881-B46556497194}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61899872-AA61-4F25-9881-B46556497194}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1919342834-516617278-753571488-1000Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1919342834-516617278-753571488-1000Core" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20631251 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3907414 B
Edge => 0 B
Chrome => 539671754 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83565 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 116452 B
Brambor => 575974798 B

RecycleBin => 3650343 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:49:16 ====

[Rudy]

Smazáno, žádný troják jste neměl.

[Bramby]

Super.Moc děkuji za váš čas. Jen poslední otázka. Pořád vidím ten soubor v ovládacích panelech v ikony oznámení. je to ten DHL........exe uplně dole. Dá se to nějak odstranit?

[Rudy]

Vypnete si zobrazení ikon a upozornění přímo u toho souboru. Tím se přestane zobrazovat na tray.

[Bramby]

To jsem zkoušel, ale je tam pořád. Ten soubor by neměl nikde v počítači ale vůbec bejt. Mail jsem smazal, a uložený ho nikde nemam.

[Bramby]

Tak vyřešeno. Vyčistil jsem systray icon cache, a je to ok. Ještě jednou dík za trpělivost se mnou, a hezkej zbytek dne. B