Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Zlobivá myš; proklikávání ikon na ploše atd.

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Mankind
Návštěvník
Návštěvník
Příspěvky: 285
Registrován: 08 led 2012 15:33

Zlobivá myš; proklikávání ikon na ploše atd.

#1 Příspěvek od Mankind »

Dobrý den, po delší době Vás zdravím a rád bych Vás požádal o pomoc s notebookem.

Mám ho poměrně nedávno koupený a potřeboval bych zkontrolovat zdali tam nemám viry, protože se občas dívám na online seriály a vyskakují mi tu různá okna, problikávají ikony na ploše a myš jaksi zlobí. Kliknu jednou, ale ona to chápe jako bych klikal vícekrát, nebo kliknu levé tlačítko a ona to chápe jako pravé apod...

Dále jak mám ten notebook nový, tak v něm mám možná zaplé programy, které ani nepotřebuji nebo zpomalují počítač. Mám legální Win 10 a nechtěl jsem do ničeho moc vrtat, tak píšu Vám. Také se mi občas stává, že je notebook hodně pomalý a když vyvolám Správce úloh, tak procesor, paměť nebo disk ukazuje, že je vytížen na 100 %, i když by nemělo být z čeho.

Děkuji za pomoc a omlouvám se, jestli je to před koncem roku drzé :)


Logfile of random's system information tool 1.10 (written by random/random)
Run by marti at 2019-12-30 16:57:06
Microsoft Windows 10 Home
System drive C: has 316 GB (66%) free of 476 GB
Total RAM: 3982 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:57:17, on 30.12.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17763.0771)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
C:\Program Files\trend micro\marti.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp17win10.msn.com/?pc=HCTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp17win10.msn.com/?pc=HCTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp17win10.msn.com/?pc=HCTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp17win10.msn.com/?pc=HCTE
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Comm Recovery (HP Comm Recover) - HP Inc. - C:\Program Files\HPCommRecovery\HPCommRecovery.exe
O23 - Service: @oem23.inf,%ServiceAppHelperDesc%;HP App Helper HSA Service (HPAppHelperCap) - HP Inc. - C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\AppHelperCap.exe
O23 - Service: HP JumpStart Bridge (HPJumpStartBridge) - HP Inc. - c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
O23 - Service: @oem23.inf,%ServiceNetworkDesc%;HP Network HSA Service (HPNetworkCap) - HP Inc. - C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\NetworkCap.exe
O23 - Service: @oem23.inf,%ServiceSysInfoDesc%;HP System Info HSA Service (HPSysInfoCap) - HP Inc. - C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\SysInfoCap.exe
O23 - Service: @oem25.inf,%hpanalyticscomp%;HP Analytics service (HpTouchpointAnalyticsService) - HP Inc. - C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_714bb34a8e64bfef\x64\TouchpointAnalyticsClientService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @oem17.inf,%RtkBtManServ.SvcDesc%;Realtek Bluetooth Device Manager Service (RtkBtManServ) - Realtek Semiconductor Corp. - C:\windows\RtkBtManServ.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9537 bytes

======Listing Processes======








C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch -p -s PlugPlay
"fontdrvhost.exe"
C:\windows\system32\svchost.exe -k DcomLaunch -p
C:\windows\system32\svchost.exe -k RPCSS -p
C:\windows\system32\svchost.exe -k DcomLaunch -p -s LSM
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
C:\windows\system32\svchost.exe -k LocalService -p -s bthserv
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -s BTAGService
C:\windows\system32\svchost.exe -k LocalService -p -s nsi
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
C:\windows\system32\svchost.exe -k LocalService -p
C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\AppHelperCap.exe
C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\NetworkCap.exe
C:\windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_714bb34a8e64bfef\x64\TouchpointAnalyticsClientService.exe
C:\windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
C:\windows\system32\svchost.exe -k LocalService -p -s FontCache
C:\windows\System32\svchost.exe -k LocalService -p -s netprofm
C:\windows\system32\svchost.exe -k NetworkService -p -s Dnscache
C:\windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atiesrxx.exe
C:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\windows\system32\svchost.exe -k LocalService -p -s EventSystem

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain
C:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\windows\System32\svchost.exe -k netsvcs -p -s Themes

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\windows\system32\WLANExt.exe 1991751738880
\??\C:\windows\system32\conhost.exe 0x4
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
C:\windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\windows\System32\svchost.exe -k utcsvc -p
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
C:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
C:\windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
C:\windows\RtkBtManServ.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
C:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
C:\windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
C:\windows\system32\svchost.exe -k LocalService -p -s SstpSvc
C:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService
C:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
C:\windows\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc


C:\windows\System32\svchost.exe -k LocalService -p -s LicenseManager
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
"C:\Program Files\HPCommRecovery\HPCommRecovery.exe"
"c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe"

C:\windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
C:\windows\system32\svchost.exe -k appmodel -p -s camsvc

C:\windows\System32\svchost.exe -k netsvcs -p
C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
dashost.exe {ad417be6-1420-4077-9d080b520394fd12}
C:\windows\System32\svchost.exe -k LocalServicePeerNet -s p2pimsvc
C:\windows\System32\svchost.exe -k LocalServicePeerNet -s PNRPsvc

AvastUI.exe /nogui
C:\windows\system32\svchost.exe -k netsvcs -p -s seclogon
C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\SysInfoCap.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost

C:\windows\System32\WinLogon.exe -SpecialSession
"dwm.exe"
"fontdrvhost.exe"
atieclxx
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
sihost.exe
C:\windows\system32\svchost.exe -k BthAppGroup -p -s BluetoothUserService
C:\windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\windows\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe"
"ctfmon.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\windows\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19112.111.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca
C:\windows\system32\SettingSyncHost.exe -Embedding
"C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Windows\System32\SecurityHealthSystray.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe"
"C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
"C:\Program Files\Mozilla Firefox\firefox.exe" -os-restarted
AvastUI.exe /nogui
"C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe"
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="16140.0.16314946\254325037" -parentBuildID 20191202093317 -prefsHandle 1552 -prefMapHandle 1544 -prefsLen 1 -prefMapSize 214458 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 16140 "\\.\pipe\gecko-crash-server-pipe.16140" 1632 gpu
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="16140.3.142855755\1994045014" -childID 1 -isForBrowser -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 145 -prefMapSize 214458 -parentBuildID 20191202093317 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 16140 "\\.\pipe\gecko-crash-server-pipe.16140" 2424 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="16140.20.1822090444\125331018" -childID 3 -isForBrowser -prefsHandle 4172 -prefMapHandle 3804 -prefsLen 6557 -prefMapSize 214458 -parentBuildID 20191202093317 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 16140 "\\.\pipe\gecko-crash-server-pipe.16140" 4188 tab
C:\windows\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.0.39.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe" LaunchedBySysInfo
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=gpu-process --field-trial-handle=2372,15095277027922766769,12884715633948830269,131072 --no-sandbox --log-file="C:\Users\marti\AppData\Roaming\AVAST Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (19.8.2393)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAMAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --service-request-channel-token=12084331344911129086 --mojo-platform-channel-handle=8084 /prefetch:2
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
C:\windows\system32\ApplicationFrameHost.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\windows\system32\browser_broker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\System32\MicrosoftEdgeCP.exe" -ServerName:Windows.Internal.WebRuntime.ContentProcessServer
C:\windows\system32\MicrosoftEdgeSH.exe SCODEF:10540 CREDAT:9730 APH:46440000000014 JITHOST /prefetch:2
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe" -ServerName:App.AppXagta193n5rpf7mheremt3yyfa1g555vc.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\windows\system32\AUDIODG.EXE 0x450
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="16140.48.1346246611\623730057" -childID 7 -isForBrowser -prefsHandle 7740 -prefMapHandle 7628 -prefsLen 9600 -prefMapSize 214458 -parentBuildID 20191202093317 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 16140 "\\.\pipe\gecko-crash-server-pipe.16140" 3288 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="16140.55.1917669585\1132298311" -childID 8 -isForBrowser -prefsHandle 9868 -prefMapHandle 10000 -prefsLen 9600 -prefMapSize 214458 -parentBuildID 20191202093317 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 16140 "\\.\pipe\gecko-crash-server-pipe.16140" 9852 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="16140.62.1031119905\2020772459" -childID 9 -isForBrowser -prefsHandle 9640 -prefMapHandle 9956 -prefsLen 9600 -prefMapSize 214458 -parentBuildID 20191202093317 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 16140 "\\.\pipe\gecko-crash-server-pipe.16140" 3940 tab

C:\windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
"C:\windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
C:\windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\windows\system32\PrintIsolationHost.exe -Embedding
"C:\Users\marti\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\marti\AppData\Roaming\Mozilla\Firefox\Profiles\ljz9emvj.default-release-1573334089114

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2019-12-17 439160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2019-12-17 414584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\windows\system32\SecurityHealthSystray.exe [2018-09-15 83968]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2018-09-28 9279328]
"RtlS5Wake"=C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2018-04-18 2097600]
"HPSEU_Host_Launcher"=C:\System.sav\util\HpseuHostLauncher.exe [2018-09-07 449064]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2018-11-13 4532264]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2019-10-10 268680]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner64.exe [2019-10-14 24552064]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcapexe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-12-30 16:57:07 ----D---- C:\Program Files\trend micro
2019-12-30 16:57:06 ----D---- C:\rsit
2019-12-29 21:38:39 ----D---- C:\AdwCleaner
2019-12-29 21:26:47 ----D---- C:\Program Files\Malwarebytes
2019-12-25 14:04:49 ----D---- C:\ze stareho mobilu
2019-12-10 22:11:43 ----A---- C:\windows\system32\mfmpeg2srcsnk.dll
2019-12-10 22:11:40 ----A---- C:\windows\SYSWOW64\edgehtml.dll
2019-12-10 22:11:34 ----A---- C:\windows\system32\edgehtml.dll
2019-12-10 22:11:31 ----A---- C:\windows\SYSWOW64\vbscript.dll
2019-12-10 22:11:28 ----A---- C:\windows\SYSWOW64\fontsub.dll
2019-12-10 22:11:27 ----A---- C:\windows\SYSWOW64\gdi32full.dll
2019-12-10 22:11:26 ----A---- C:\windows\SYSWOW64\t2embed.dll
2019-12-10 22:11:26 ----A---- C:\windows\SYSWOW64\GdiPlus.dll
2019-12-10 22:11:25 ----A---- C:\windows\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-10 22:11:25 ----A---- C:\windows\SYSWOW64\user32.dll
2019-12-10 22:11:24 ----A---- C:\windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2019-12-10 22:11:23 ----A---- C:\windows\SYSWOW64\Windows.ApplicationModel.Store.dll
2019-12-10 22:11:22 ----A---- C:\windows\SYSWOW64\Windows.Devices.Enumeration.dll
2019-12-10 22:11:20 ----A---- C:\windows\SYSWOW64\Windows.Data.Pdf.dll
2019-12-10 22:11:19 ----A---- C:\windows\system32\t2embed.dll
2019-12-10 22:11:19 ----A---- C:\windows\system32\GdiPlus.dll
2019-12-10 22:11:17 ----A---- C:\windows\system32\gdi32full.dll
2019-12-10 22:11:16 ----A---- C:\windows\system32\fontsub.dll
2019-12-10 22:11:14 ----A---- C:\windows\system32\KernelBase.dll
2019-12-10 22:11:13 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2019-12-10 22:11:13 ----A---- C:\windows\system32\winload.exe
2019-12-10 22:11:07 ----A---- C:\windows\system32\sppsvc.exe
2019-12-10 22:11:07 ----A---- C:\windows\system32\SppExtComObj.Exe
2019-12-10 22:11:06 ----A---- C:\windows\system32\vbscript.dll
2019-12-10 22:11:06 ----A---- C:\windows\system32\services.exe
2019-12-10 22:11:04 ----A---- C:\windows\system32\ntoskrnl.exe
2019-12-10 22:11:03 ----A---- C:\windows\system32\user32.dll
2019-12-10 22:11:02 ----A---- C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-12-10 22:11:02 ----A---- C:\windows\system32\win32kfull.sys
2019-12-10 22:11:01 ----A---- C:\windows\system32\Windows.ApplicationModel.Store.dll
2019-12-10 22:11:00 ----A---- C:\windows\system32\Windows.Devices.Enumeration.dll
2019-12-10 22:10:59 ----A---- C:\windows\system32\Windows.Data.Pdf.dll
2019-12-10 22:10:58 ----A---- C:\windows\system32\wow64win.dll
2019-12-10 22:10:58 ----A---- C:\windows\system32\Windows.Media.Protection.PlayReady.dll
2019-12-10 22:10:57 ----A---- C:\windows\system32\AppXDeploymentServer.dll
2019-12-10 22:10:56 ----A---- C:\windows\system32\DevQueryBroker.dll
2019-12-10 22:10:56 ----A---- C:\windows\system32\AppXDeploymentExtensions.onecore.dll
2019-12-10 22:10:55 ----A---- C:\windows\system32\printfilterpipelinesvc.exe
2019-12-10 22:10:54 ----A---- C:\windows\system32\MusNotification.exe
2019-12-10 22:10:53 ----A---- C:\windows\system32\usocore.dll
2019-12-10 22:10:53 ----A---- C:\windows\system32\MusUpdateHandlers.dll
2019-12-10 22:10:53 ----A---- C:\windows\system32\MusNotificationUx.exe
2019-12-10 22:10:52 ----A---- C:\windows\system32\updatehandlers.dll
2019-12-10 22:10:51 ----A---- C:\windows\system32\diagtrack.dll
2019-12-10 22:10:50 ----A---- C:\windows\system32\tcbloader.dll
2019-12-10 22:10:50 ----A---- C:\windows\system32\tcblaunch.exe
2019-12-10 22:10:49 ----A---- C:\windows\SYSWOW64\oleaut32.dll
2019-12-10 22:10:48 ----A---- C:\windows\system32\oleaut32.dll
2019-12-10 22:10:45 ----A---- C:\windows\SYSWOW64\win32kfull.sys
2019-12-10 22:10:42 ----A---- C:\windows\system32\hvax64.exe
2019-12-10 22:10:41 ----A---- C:\windows\system32\hvix64.exe
2019-12-10 22:10:40 ----A---- C:\windows\system32\rdpudd.dll
2019-12-10 22:10:40 ----A---- C:\windows\system32\rdpcorets.dll
2019-12-03 22:31:17 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2019-12-30 16:57:07 ----RD---- C:\Program Files
2019-12-30 16:52:47 ----D---- C:\windows\Temp
2019-12-30 16:43:18 ----D---- C:\windows\Prefetch
2019-12-30 16:32:23 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-12-30 16:26:03 ----D---- C:\windows\system32\sru
2019-12-30 15:36:40 ----D---- C:\windows\Logs
2019-12-30 11:42:35 ----D---- C:\windows\system32\SleepStudy
2019-12-30 11:02:48 ----D---- C:\XY
2019-12-30 00:46:15 ----D---- C:\Users\marti\AppData\Roaming\vlc
2019-12-29 21:44:29 ----HD---- C:\ProgramData
2019-12-29 21:44:29 ----D---- C:\windows\system32\drivers
2019-12-29 21:43:41 ----D---- C:\windows\AppReadiness
2019-12-29 21:27:31 ----HD---- C:\windows\ELAMBKUP
2019-12-29 21:27:30 ----D---- C:\windows\system32\catroot2
2019-12-29 12:41:50 ----RD---- C:\windows\Microsoft.NET
2019-12-29 12:25:12 ----D---- C:\Filmy
2019-12-29 12:17:00 ----D---- C:\windows\Tasks
2019-12-29 12:17:00 ----D---- C:\windows\system32\Tasks
2019-12-28 13:18:03 ----D---- C:\Users\marti\AppData\Roaming\uTorrent
2019-12-27 13:56:56 ----SHD---- C:\System Volume Information
2019-12-26 08:59:43 ----D---- C:\windows\system32\LogFiles
2019-12-25 17:48:18 ----D---- C:\Škola
2019-12-24 12:55:21 ----D---- C:\windows\system32\config
2019-12-23 20:44:14 ----D---- C:\Users\marti\AppData\Roaming\dvdcss
2019-12-23 13:20:54 ----D---- C:\Z plochy
2019-12-22 20:48:51 ----D---- C:\windows\System32
2019-12-22 20:48:51 ----D---- C:\windows\INF
2019-12-22 20:48:51 ----A---- C:\windows\system32\PerfStringBackup.INI
2019-12-22 20:38:08 ----HD---- C:\Program Files\WindowsApps
2019-12-21 10:38:01 ----SD---- C:\ProgramData\Microsoft
2019-12-20 13:26:43 ----SHD---- C:\windows\Installer
2019-12-20 13:25:55 ----D---- C:\windows\SysWOW64
2019-12-18 14:53:05 ----D---- C:\Telefon
2019-12-16 09:16:18 ----D---- C:\windows\WinSxS
2019-12-12 12:23:20 ----D---- C:\windows\system32\MRT
2019-12-12 12:18:38 ----D---- C:\windows\debug
2019-12-12 12:18:30 ----AC---- C:\windows\system32\MRT.exe
2019-12-10 23:08:49 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2019-12-10 22:55:01 ----D---- C:\windows\system32\uk-UA
2019-12-10 22:55:00 ----D---- C:\windows\system32\pl-PL
2019-12-10 22:55:00 ----D---- C:\windows\system32\en-GB
2019-12-10 22:55:00 ----D---- C:\windows\system32\Boot
2019-12-10 22:54:59 ----D---- C:\windows\ShellExperiences
2019-12-10 22:54:59 ----D---- C:\windows\bcastdvr
2019-12-10 22:54:56 ----D---- C:\windows\system32\DriverStore
2019-12-10 22:24:52 ----D---- C:\windows\CbsTemp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdpsp;@oem7.inf,%amdpsp.SVCDESC%;AMD PSP Service; C:\windows\System32\drivers\amdpsp.sys [2018-11-17 137688]
R0 aswArDisk;aswArDisk; C:\windows\system32\drivers\aswArDisk.sys [2019-10-10 37616]
R0 aswbidsh;aswbidsh; C:\windows\system32\drivers\aswbidsh.sys [2019-10-10 209552]
R0 aswbuniv;aswbuniv; C:\windows\system32\drivers\aswbuniv.sys [2019-10-10 65120]
R0 aswElam;aswElam; C:\windows\system32\drivers\aswElam.sys [2019-10-10 16304]
R0 aswRvrt;aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [2019-10-10 83792]
R0 aswVmm;aswVmm; C:\windows\system32\drivers\aswVmm.sys [2019-10-10 316528]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\windows\system32\drivers\iorate.sys [2019-04-14 55608]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\windows\system32\drivers\SgrmAgent.sys [2018-09-15 87552]
R1 afunix;afunix; C:\windows\system32\drivers\afunix.sys [2018-09-15 40960]
R1 aswArPot;aswArPot; C:\windows\system32\drivers\aswArPot.sys [2019-10-10 204824]
R1 aswbidsdriver;aswbidsdriver; C:\windows\system32\drivers\aswbidsdriver.sys [2019-10-10 274456]
R1 aswHdsKe;aswHdsKe; C:\windows\system32\drivers\aswHdsKe.sys [2019-10-10 276952]
R1 aswKbd;aswKbd; C:\windows\system32\drivers\aswKbd.sys [2019-10-10 42736]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2019-10-10 110320]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2019-10-10 848432]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2019-10-10 460448]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\windows\system32\drivers\bam.sys [2018-09-15 63288]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\windows\system32\drivers\filecrypt.sys [2018-09-15 60416]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\windows\System32\drivers\gpuenergydrv.sys [2018-09-15 8704]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2019-11-02 161544]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2019-10-10 236024]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\windows\system32\drivers\cldflt.sys [2019-09-28 452096]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\windows\system32\drivers\mmcss.sys [2019-04-14 51712]
R3 AmdAS4;@oem4.inf,%AmdAS4.SVCDESC%;AmdAS4 service; C:\windows\System32\drivers\AmdAS4.sys [2018-11-17 26888]
R3 amdkmdag;amdkmdag; C:\windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atikmdag.sys [2018-11-17 47412224]
R3 amdkmdap;amdkmdap; C:\windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atikmpag.sys [2018-11-17 589312]
R3 AtiHDAudioService;@oem5.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\windows\system32\drivers\AtihdWT6.sys [2018-11-17 107400]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\windows\System32\drivers\BthEnum.sys [2019-04-14 111104]
R3 BthLEEnum;@BthLEEnum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2019-09-28 91136]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\windows\System32\drivers\bthpan.sys [2018-09-15 133120]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\drivers\BTHUSB.sys [2019-09-28 92672]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\windows\System32\drivers\CAD.sys [2018-09-15 63288]
R3 HPCustomCapDriver;@oem14.inf,%HPCustomCapDriverDesc%;HP Application Driver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [2018-07-06 23960]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2018-09-28 6392672]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\System32\drivers\rfcomm.sys [2018-09-15 202240]
R3 rt640x64;@oem8.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\windows\System32\drivers\rt640x64.sys [2018-09-06 1139424]
R3 RtkBtFilter;@oem17.inf,%BtFilt.SvcDesc%;Realtek Bluetooth Filter Driver; C:\windows\System32\drivers\RtkBtfilter.sys [2018-10-24 758312]
R3 RTWlanE;@oem21.inf,%RTWlanE.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n PCI-E Network Adapter; C:\windows\System32\drivers\rtwlane.sys [2019-03-29 11438376]
R3 SmbDrv;SmbDrv; C:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys [2018-11-13 45096]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\windows\System32\drivers\bttflt.sys [2018-09-15 42504]
S0 cht4iscsi;cht4iscsi; C:\windows\System32\drivers\cht4sx64.sys [2018-09-15 319488]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\windows\System32\drivers\iaStorAVC.sys [2018-09-15 885048]
S0 ItSas35i;ItSas35i; C:\windows\System32\drivers\ItSas35i.sys [2018-09-15 148480]
S0 LSI_SAS2i;LSI_SAS2i; C:\windows\System32\drivers\lsi_sas2i.sys [2018-09-15 124416]
S0 LSI_SAS3i;LSI_SAS3i; C:\windows\System32\drivers\lsi_sas3i.sys [2018-09-15 128512]
S0 megasas2i;megasas2i; C:\windows\System32\drivers\MegaSas2i.sys [2018-09-15 75264]
S0 megasas35i;megasas35i; C:\windows\System32\drivers\megasas35i.sys [2018-09-15 79872]
S0 percsas2i;percsas2i; C:\windows\System32\drivers\percsas2i.sys [2018-09-15 58880]
S0 percsas3i;percsas3i; C:\windows\System32\drivers\percsas3i.sys [2018-09-15 68608]
S0 Ramdisk;Windows RAM Disk Driver; C:\windows\system32\DRIVERS\ramdisk.sys [2018-09-15 41784]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\windows\System32\drivers\scmbus.sys [2019-09-28 134968]
S0 SmartSAMD;SmartSAMD; C:\windows\System32\drivers\SmartSAMD.sys [2018-09-15 219960]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\windows\System32\drivers\AcpiDev.sys [2018-09-15 19968]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\windows\system32\drivers\applockerfltr.sys [2018-09-15 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\windows\system32\drivers\bindflt.sys [2019-10-08 104464]
S3 BthMini;@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver; C:\windows\System32\drivers\BTHMINI.sys [2018-09-15 34816]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\windows\System32\drivers\BTHport.sys [2019-09-28 1232384]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\windows\System32\drivers\buttonconverter.sys [2018-09-15 40960]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\windows\System32\drivers\capimg.sys [2018-09-15 125952]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\windows\System32\drivers\genericusbfn.sys [2018-09-15 20992]
S3 H2OFFT;@oem19.inf,%WDF.SVCDESC%;WDF Insyde IO Device Driver; C:\windows\System32\drivers\H2OFFT64.sys []
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\windows\System32\drivers\hidinterrupt.sys [2018-09-15 51512]
S3 hidspi;@hidspi_km.inf,%hidspi.SVCDESC%;Microsoft SPI HID Miniport Driver; C:\windows\System32\drivers\hidspi.sys [2018-09-15 60928]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\windows\system32\drivers\hvservice.sys [2019-11-15 80400]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\windows\System32\Drivers\mshwnclx.sys [2018-09-15 27648]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\windows\System32\drivers\cht4vx64.sys [2018-09-15 1866768]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\windows\System32\drivers\iagpio.sys [2018-09-15 36352]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\windows\System32\drivers\iai2c.sys [2018-09-15 91136]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\windows\System32\drivers\iaLPSS2i_GPIO2.sys [2018-09-15 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-09-15 93184]
S3 iaLPSS2i_GPIO2_CNL;@iaLPSS2i_GPIO2_CNL.inf,%iaLPSS2i_GPIO2_CNL.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [2018-09-15 112128]
S3 iaLPSS2i_GPIO2_GLK;@iaLPSS2i_GPIO2_GLK.inf,%iaLPSS2i_GPIO2_GLK.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [2018-09-15 96256]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\windows\System32\drivers\iaLPSS2i_I2C.sys [2018-09-15 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-09-15 175104]
S3 iaLPSS2i_I2C_CNL;@iaLPSS2i_I2C_CNL.inf,%iaLPSS2i_I2C_CNL.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\windows\System32\drivers\iaLPSS2i_I2C_CNL.sys [2018-09-15 180736]
S3 iaLPSS2i_I2C_GLK;@iaLPSS2i_I2C_GLK.inf,%iaLPSS2i_I2C_GLK.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\windows\System32\drivers\iaLPSS2i_I2C_GLK.sys [2018-09-15 177664]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\windows\System32\drivers\ibbus.sys [2018-09-15 566800]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\windows\System32\drivers\IndirectKmd.sys [2018-09-15 45568]
S3 IPT;IPT; C:\windows\System32\drivers\ipt.sys [2018-09-15 42496]
S3 irda;IrDA; C:\windows\system32\drivers\irda.sys [2018-09-15 124928]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\windows\System32\drivers\mausbhost.sys [2018-09-15 515384]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\windows\System32\drivers\mausbip.sys [2018-09-15 58680]
S3 MbbCx;MBB Network Adapter Class Extension; C:\windows\system32\drivers\MbbCx.sys [2019-10-04 290304]
S3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [2018-09-15 53760]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\windows\System32\drivers\mlx4_bus.sys [2018-09-15 1150496]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\windows\System32\drivers\ndfltr.sys [2018-09-15 153616]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\windows\system32\drivers\NetAdapterCx.sys [2018-09-15 184320]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\windows\System32\drivers\nvdimm.sys [2018-09-15 148480]
S3 PktMon;Packet Monitor Driver; C:\windows\system32\drivers\PktMon.sys [2018-09-15 85504]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\windows\System32\drivers\pmem.sys [2019-09-28 117248]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\windows\System32\drivers\pnpmem.sys [2018-09-15 17408]
S3 ReFSv1;ReFSv1; C:\windows\system32\drivers\ReFSv1.sys [2019-09-28 981816]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\windows\System32\drivers\rhproxy.sys [2018-09-15 108032]
S3 RTSUER;@oem11.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\windows\system32\Drivers\RtsUer.sys [2018-09-06 434000]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\windows\System32\drivers\SDFRd.sys [2018-09-15 33080]
S3 SmbDrvI;SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [2018-11-13 46632]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\windows\System32\drivers\SpatialGraphFilter.sys [2018-09-15 73016]
S4 hvcrash;hvcrash; C:\windows\System32\drivers\hvcrash.sys [2018-09-15 33280]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2019-09-10 88136]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atiesrxx.exe [2018-11-17 507928]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2019-10-10 996880]
R2 AvastWscReporter;AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [2019-10-10 57504]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
R2 CDPUserSvc_10187a2a;Uživatelská služba platformy připojených zařízení_10187a2a; C:\windows\system32\svchost.exe [2018-09-15 51696]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\windows\system32\svchost.exe [2018-09-15 51696]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\windows\System32\svchost.exe [2018-09-15 51696]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\windows\System32\svchost.exe [2018-09-15 51696]
R2 HP Comm Recover;HP Comm Recovery; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [2018-09-06 1322120]
R2 HPAppHelperCap;@oem23.inf,%ServiceAppHelperDesc%;HP App Helper HSA Service; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\AppHelperCap.exe [2019-08-15 447248]
R2 HPJumpStartBridge;HP JumpStart Bridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [2018-06-01 478056]
R2 HPNetworkCap;@oem23.inf,%ServiceNetworkDesc%;HP Network HSA Service; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\NetworkCap.exe [2019-08-15 445712]
R2 HPSysInfoCap;@oem23.inf,%ServiceSysInfoDesc%;HP System Info HSA Service; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\SysInfoCap.exe [2019-08-15 449808]
R2 HpTouchpointAnalyticsService;@oem25.inf,%hpanalyticscomp%;HP Analytics service; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_714bb34a8e64bfef\x64\TouchpointAnalyticsClientService.exe [2019-10-08 429008]
R2 OneSyncSvc_10187a2a;Hostitel synchronizace_10187a2a; C:\windows\system32\svchost.exe [2018-09-15 51696]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2018-09-28 268128]
R2 RtkBtManServ;@oem17.inf,%RtkBtManServ.SvcDesc%;Realtek Bluetooth Device Manager Service; C:\windows\RtkBtManServ.exe [2018-10-24 740920]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\windows\system32\SgrmBroker.exe [2019-09-28 255128]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2019-12-19 6259592]
R3 BluetoothUserService_10187a2a;Služba pro podporu uživatelů Bluetooth_10187a2a; C:\windows\system32\svchost.exe [2018-09-15 51696]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\windows\system32\svchost.exe [2018-09-15 51696]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\windows\system32\svchost.exe [2018-09-15 51696]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\windows\system32\svchost.exe [2018-09-15 51696]
R3 cbdhsvc_10187a2a;Uživatelská služba schránky_10187a2a; C:\windows\system32\svchost.exe [2018-09-15 51696]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\windows\System32\svchost.exe [2018-09-15 51696]
R3 DisplayEnhancementService;@%SystemRoot%\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll,-1000; C:\windows\system32\svchost.exe [2018-09-15 51696]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\windows\System32\svchost.exe [2018-09-15 51696]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\windows\System32\svchost.exe [2018-09-15 51696]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\windows\System32\svchost.exe [2018-09-15 51696]
R3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\windows\system32\svchost.exe [2018-09-15 51696]
R3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
R3 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\windows\system32\SecurityHealthService.exe [2019-09-28 864568]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\windows\system32\svchost.exe [2018-09-15 51696]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\windows\System32\svchost.exe [2018-09-15 51696]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-10-10 153168]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\windows\System32\svchost.exe [2018-09-15 51696]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2018-09-15 52816]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 BcastDVRUserService_10187a2a;Uživatelská služba pro GameDVR a vysílání her_10187a2a; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 CaptureService_10187a2a;CaptureService_10187a2a; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 cbdhsvc;@%SystemRoot%\system32\cbdhsvc.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 ConsentUxUserSvc;@%SystemRoot%\system32\ConsentUxClient.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 ConsentUxUserSvc_10187a2a;ConsentUX_10187a2a; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 DevicePickerUserSvc_10187a2a;DevicePicker_10187a2a; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 DevicesFlowUserSvc_10187a2a;Tok zařízení_10187a2a; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2019-09-28 92672]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\windows\System32\svchost.exe [2018-09-15 51696]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\windows\System32\svchost.exe [2018-09-15 51696]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\windows\System32\svchost.exe [2018-09-15 51696]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe [2019-12-14 1113072]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\windows\System32\svchost.exe [2018-09-15 51696]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-10-10 153168]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\windows\System32\svchost.exe [2018-09-15 51696]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 MessagingService_10187a2a;Služba zasílání zpráv_10187a2a; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2019-12-03 244936]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\windows\System32\svchost.exe [2018-09-15 51696]
S3 perceptionsimulation;@%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101; C:\windows\system32\PerceptionSimulation\PerceptionSimulationService.exe [2018-09-15 78848]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 PimIndexMaintenanceSvc_10187a2a;Data kontaktů_10187a2a; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 PrintWorkflowUserSvc_10187a2a;PrintWorkflow_10187a2a; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\windows\System32\svchost.exe [2018-09-15 51696]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\windows\System32\svchost.exe [2018-09-15 51696]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\windows\System32\svchost.exe [2018-09-15 51696]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\windows\System32\SensorDataService.exe [2018-09-15 1269248]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\windows\system32\svchost.exe [2018-09-15 51696]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\windows\system32\svchost.exe [2018-09-15 51696]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\windows\System32\svchost.exe [2018-09-15 51696]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.10 2019-12-30 16:57:28

======MBR======

0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000935612FB000000000200EEFE7F8001000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-000182435289}
AMD Settings - Branding-->MsiExec.exe /I{ABE08A7A-00CF-49FA-9A71-24FD6288AC28}
AMD Software-->"C:\Program Files\AMD\CIM\BIN64\RadeonInstaller.exe" /EXPRESS_UNINSTALL /IGNORE_UPGRADE /ON_REBOOT_MESSAGE:NO
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\setup\Instup.exe /control_panel
Canon MP250 series MP Drivers-->"C:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series\DelDrv64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CzRus QWERTZ Caps 2.1-->MsiExec.exe /I{E1A0C81B-6119-4E37-97E2-9F186F08D54A}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
HP Audio Switch-->MsiExec.exe /I{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}
HP Connection Optimizer-->"C:\Program Files (x86)\InstallShield Installation Information\{6468C4A5-E47E-405F-B675-A70A70983EA6}\setup.exe" -runfromtemp -l0x0405 -removeonly
HP Documentation-->CMD /C "C:\Program Files\HP\Documentation\Doc_Uninstall.cmd"
HP JumpStart Bridge-->MsiExec.exe /I{016FBF6D-AEDE-4D33-87B4-DF6815EF674A}
HP JumpStart Launch-->MsiExec.exe /I{35556CCA-F14E-48F3-93F4-E29C4B3DBE30}
HP Registration Service-->MsiExec.exe /X{280936C6-5D40-4AE1-9C13-F44E6208DDC4}
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506-->"C:\ProgramData\Package Cache\{23daf363-3020-4059-b3ae-dc4ad39fed19}\VC_redist.x86.exe" /uninstall
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23506-->MsiExec.exe /X{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23506-->MsiExec.exe /X{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429-->"C:\ProgramData\Package Cache\{80586c77-db42-44bb-bfc8-7aebbb220c00}\VC_redist.x64.exe" /uninstall
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.14.26429-->MsiExec.exe /X{B12F584A-DE7A-3EE3-8EC4-8A64DBC0F2A7}
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.14.26429-->MsiExec.exe /X{03EBF679-E886-38AD-8E70-28658449F7F9}
Mozilla Firefox 71.0 (x64 cs)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
OEM Application Profile-->MsiExec.exe /X{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}
Realtek Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly
Realtek Ethernet Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe" -runfromtemp -removeonly
Realtek High Definition Audio Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -runfromtemp -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VLC media player-->"C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe"
WinRAR 5.31 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: AK99I7IE07J0A
Event Code: 4001
Message: Služba automatické konfigurace sítě WLAN byla úspěšně ukončena.

Record Number: 5
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20190414124127.795884-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: AK99I7IE07J0A
Event Code: 6013
Message: Doba provozu systému je 47 sekund.
Record Number: 4
Source Name: EventLog
Time Written: 20190925083242.085255-000
Event Type: Informace
User:

Computer Name: AK99I7IE07J0A
Event Code: 6005
Message: Služba Event Log byla spuštěna.
Record Number: 3
Source Name: EventLog
Time Written: 20190925083242.085255-000
Event Type: Informace
User:

Computer Name: AK99I7IE07J0A
Event Code: 6009
Message: Microsoft (R) Windows (R) 10.00. 17763 Multiprocessor Free.
Record Number: 2
Source Name: EventLog
Time Written: 20190925083242.085255-000
Event Type: Informace
User:

Computer Name: AK99I7IE07J0A
Event Code: 10002
Message: Rozšiřující modul sítě WLAN byl ukončen.

Cesta k modulu: C:\windows\system32\Rtlihvs.dll

Record Number: 1
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20190414124127.664524-000
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: AK99I7IE07J0A
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 5
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20190925083303.835443-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: AK99I7IE07J0A
Event Code: 1003
Message: Služba Ochrana softwaru dokončila kontrolu stavu licencování.
ID aplikace=55c92734-d682-4d71-983e-d6ec3f16059f
Stav licencování=
1: 0567073a-7d74-403b-b2d5-6b35da372d8d, 1, 0 [(0 )(1 )(2 [0xC004E003, 0, 0], [( 1 0xC004F034)( 1 0xC004F034)(?)(?)(?)(?)(?)(?)])(3 [0x00000000, 0, 0], [( 6 0xC004F009 0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11 0x00000000 0xC004F034)])]
2: 1b750385-9fe2-49a8-ab55-149d0546395b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
3: 1d873132-f09f-4eb2-bf5a-2e4fb48935e8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
4: 2b1f36bb-c1cd-4306-bf5c-a0367c2d97d8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
5: 30d469c6-a78f-4476-b5c8-af78d5b6a5fb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
6: 3ae2cc14-ab2d-41f4-972f-5e20142771dc, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
7: 4002e33a-524c-4100-8108-131a0d42c0ea, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
8: 411b3d4f-be6d-4a06-baaa-9cabfc256cae, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
9: 58e97c99-f377-4ef1-81d5-4ad5522b5fd8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
10: 653098ee-780d-4863-8cf2-d18399ce413b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
11: 71f411ae-7b4b-41bd-b68c-c519c499f950, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
12: 74436dbb-cc17-46de-867f-14906ba4a938, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
13: 8a292df8-d653-4057-8133-a0701792f912, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
14: 8db63db6-4f8f-46d6-a448-66444faaaa72, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
15: b0f8a518-2c58-4eb8-9319-084f0eb4ddc4, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
16: cd918a57-a41b-4c82-8dce-1a538e221a83, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
17: da9621af-f086-4244-b563-18611e51aa1a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
18: e371d89a-73e8-4b24-a7ff-23a3641dd18e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]
19: ed799377-74b8-4989-a244-14d082e65972, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)(?)(?)])(1 )(2 )(3 )]


Record Number: 4
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20190925083258.790914-000
Event Type: Informace
User:

Computer Name: AK99I7IE07J0A
Event Code: 1034
Message: Byla nalezena duplicitní definice zásady. Název zásady=Security-SPP-WriteWauMarker Priorita=500
Record Number: 3
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20190925083258.586975-000
Event Type: Informace
User:

Computer Name: AK99I7IE07J0A
Event Code: 1034
Message: Byla nalezena duplicitní definice zásady. Název zásady=AAD-WindowsCore-AddAccountRestrictions Priorita=100
Record Number: 2
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20190925083258.220287-000
Event Type: Informace
User:

Computer Name: AK99I7IE07J0A
Event Code: 1016
Message: Doklad o zakoupení byl úspěšně nainstalován.
ACID=0567073a-7d74-403b-b2d5-6b35da372d8d
ID klíče PKey=5c2c06ed-28cf-f96d-7d19-c977dbb0312e
Record Number: 1
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20190925083257.751610-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: LAPTOP-J6M1L6Q5
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
SeDelegateSessionUserImpersonatePrivilege
Record Number: 161534
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20191215114858.162512-000
Event Type: Úspěšný audit
User:

Computer Name: LAPTOP-J6M1L6Q5
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LAPTOP-J6M1L6Q5$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Informace o přihlášení:
Typ přihlášení: 5
Omezený režim správce: -
Virtuální účet: Ne
Token se zvýšeným oprávněním: Ano

Úroveň zosobnění: Zosobnění

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
ID propojeného přihlášení: 0x0
Název účtu v síti: -
Doména účtu v síti: -
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x35c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě: -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (jenom NTLM): -
Délka klíče: 0

Tato událost je vygenerována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole předmětu označují účet v místním systému, který si vyžádal přihlášení. Obvykle se jedná o službu, například serverovou službu, nebo o místní proces, například Winlogon.exe nebo Services.exe.

Pole typu přihlášení označuje druh přihlášení, které proběhlo. Nejčastější typy jsou 2 (interaktivní) a 3 (síťové).

Pole Nové přihlášení označují účet, pro který bylo vytvořeno nové přihlášení, tj. přihlášený účet.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují pomocné služby, které se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje dílčí protokol z protokolů NTLM, který byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 161533
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20191215114858.162498-000
Event Type: Úspěšný audit
User:

Computer Name: LAPTOP-J6M1L6Q5
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
SeDelegateSessionUserImpersonatePrivilege
Record Number: 161532
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20191215113733.778308-000
Event Type: Úspěšný audit
User:

Computer Name: LAPTOP-J6M1L6Q5
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LAPTOP-J6M1L6Q5$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Informace o přihlášení:
Typ přihlášení: 5
Omezený režim správce: -
Virtuální účet: Ne
Token se zvýšeným oprávněním: Ano

Úroveň zosobnění: Zosobnění

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
ID propojeného přihlášení: 0x0
Název účtu v síti: -
Doména účtu v síti: -
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x35c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě: -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (jenom NTLM): -
Délka klíče: 0

Tato událost je vygenerována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole předmětu označují účet v místním systému, který si vyžádal přihlášení. Obvykle se jedná o službu, například serverovou službu, nebo o místní proces, například Winlogon.exe nebo Services.exe.

Pole typu přihlášení označuje druh přihlášení, které proběhlo. Nejčastější typy jsou 2 (interaktivní) a 3 (síťové).

Pole Nové přihlášení označují účet, pro který bylo vytvořeno nové přihlášení, tj. přihlášený účet.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují pomocné služby, které se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje dílčí protokol z protokolů NTLM, který byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 161531
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20191215113733.778295-000
Event Type: Úspěšný audit
User:

Computer Name: LAPTOP-J6M1L6Q5
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
SeDelegateSessionUserImpersonatePrivilege
Record Number: 161530
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20191215113429.237531-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DriverData"=C:\Windows\System32\Drivers\DriverData
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PSModulePath"=%ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=21
"PROCESSOR_IDENTIFIER"=AMD64 Family 21 Model 112 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=7000
"OnlineServices"=Online Services
"platformcode"=KV
"RegionCode"=EMEA

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118348
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#2 Příspěvek od Rudy »

Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 . RSIT je pro desítky nepoužitelný.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Mankind
Návštěvník
Návštěvník
Příspěvky: 285
Registrován: 08 led 2012 15:33

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#3 Příspěvek od Mankind »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by marti (administrator) on LAPTOP-J6M1L6Q5 (HP HP Laptop 15-bw0xx) (30-12-2019 18:05:04)
Running from C:\Users\marti\Desktop
Loaded Profiles: marti (Available Profiles: marti)
Platform: Windows 10 Home Version 1809 17763.914 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atiesrxx.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_714bb34a8e64bfef\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\SysInfoCap.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.0.39.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279328 2018-09-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-04-18] (Realtek Semiconductor Corp. -> Realtek)
HKLM\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [449064 2018-09-07] (HP Inc. -> HP Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4532264 2018-11-13] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-2500698708-366820743-63615063-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-17] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A90FE7A-4BE5-425D-9010-70422933069B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {3E77D319-A7F7-4831-8225-01762993A54D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [147320 2019-12-17] (HP Inc. -> HP Inc.)
Task: {3FE1D632-80CB-4D31-89CE-650AFD7DA613} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [462696 2018-06-01] (HP Inc. -> HP Inc.)
Task: {458E5A2D-B462-4112-AAF1-453676376CF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-10] (Google Inc -> Google Inc.)
Task: {493CAC96-E308-4E93-A398-973CC7316865} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-10] (Google Inc -> Google Inc.)
Task: {4C6BE4C4-8CEC-46E7-B496-2CA1EA59F690} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [63880 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7092D299-907D-4353-9BE1-B3ECEC3A6410} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644984 2018-07-18] (HP Inc. -> HP Inc.)
Task: {88E87872-7F52-4A86-AD60-3DDEFFC09421} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {96FD7F83-58FF-43BF-8D09-DD732416B223} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
Task: {A9363F18-2B52-4C93-800B-F903CB664AF3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
Task: {ABA4813F-55E1-426B-89FE-9DAE1AB13C3B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D390F86C-090C-422B-B0D2-021ECB268BA2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{51be57f0-3ea1-4a56-8618-8900989a9c86}: [DhcpNameServer] 147.251.4.33 147.251.6.10
Tcpip\..\Interfaces\{66c17b23-b9ab-4f04-9e88-302858a5ebd5}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2500698708-366820743-63615063-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2500698708-366820743-63615063-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {6694345E-F007-4971-8F45-32BEE6AD90F7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6694345E-F007-4971-8F45-32BEE6AD90F7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2500698708-366820743-63615063-1001 -> {6694345E-F007-4971-8F45-32BEE6AD90F7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2019-12-17] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2019-12-17] (HP Inc. -> HP Inc.)

FireFox:
========
FF DefaultProfile: 0piu5vzc.default
FF ProfilePath: C:\Users\marti\AppData\Roaming\Mozilla\Firefox\Profiles\mwrwct2q.default-release-1-1569420897947 [2019-12-28]
FF Homepage: Mozilla\Firefox\Profiles\mwrwct2q.default-release-1-1569420897947 -> google.com
FF ProfilePath: C:\Users\marti\AppData\Roaming\Mozilla\Firefox\Profiles\0piu5vzc.default [2019-09-25]
FF ProfilePath: C:\Users\marti\AppData\Roaming\Mozilla\Firefox\Profiles\ljz9emvj.default-release-1573334089114 [2019-12-30]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\marti\AppData\Local\Google\Chrome\User Data\Default [2019-12-29]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\marti\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-23]
CHR Extension: (Avast Online Security) - C:\Users\marti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-12-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\marti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-14]
CHR Extension: (Chrome Media Router) - C:\Users\marti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atiesrxx.exe [507928 2018-11-17] (Advanced Micro Devices, Inc. -> AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1322120 2018-09-06] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\AppHelperCap.exe [447248 2019-08-15] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [478056 2018-06-01] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\NetworkCap.exe [445712 2019-08-15] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\SysInfoCap.exe [449808 2019-08-15] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_714bb34a8e64bfef\x64\TouchpointAnalyticsClientService.exe [429008 2019-10-08] (HP Inc. -> HP Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268128 2018-09-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 RtkBtManServ; C:\windows\RtkBtManServ.exe [740920 2018-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [399400 2018-11-13] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-09-28] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [26888 2018-11-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atikmdag.sys [47412224 2018-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atikmpag.sys [589312 2018-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\windows\System32\drivers\amdpsp.sys [137688 2018-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R0 aswArDisk; C:\windows\System32\drivers\aswArDisk.sys [37616 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [204824 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [209552 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [65120 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\windows\System32\drivers\aswElam.sys [16304 2019-10-10] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [276952 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42736 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [161544 2019-11-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110320 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [83792 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [848432 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [460448 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [236024 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [316528 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [107400 2018-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [23960 2018-07-06] (HP Inc. -> HP Inc.)
R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [1139424 2018-09-06] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\windows\System32\drivers\RtkBtfilter.sys [758312 2018-10-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [434000 2018-09-06] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\System32\drivers\rtwlane.sys [11438376 2019-03-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 SmbDrv; C:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys [45096 2018-11-13] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [46632 2018-11-13] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [35392 2019-08-06] (HP Inc. -> HP)
U1 aswbdisk; no ImagePath
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-30 18:05 - 2019-12-30 18:07 - 000021218 _____ C:\Users\marti\Desktop\FRST.txt
2019-12-30 18:04 - 2019-12-30 18:06 - 000000000 ____D C:\FRST
2019-12-30 18:02 - 2019-12-30 18:02 - 002272256 _____ (Farbar) C:\Users\marti\Desktop\FRST64.exe
2019-12-30 16:57 - 2019-12-30 16:57 - 000000000 ____D C:\rsit
2019-12-30 16:57 - 2019-12-30 16:57 - 000000000 ____D C:\Program Files\trend micro
2019-12-30 16:50 - 2019-12-30 16:50 - 001222144 _____ C:\Users\marti\Desktop\RSITx64.exe
2019-12-29 21:38 - 2019-12-29 21:39 - 000000000 ____D C:\AdwCleaner
2019-12-29 21:26 - 2019-12-29 21:26 - 000000000 ____D C:\Program Files\Malwarebytes
2019-12-25 14:04 - 2019-12-25 14:06 - 000000000 ____D C:\ze stareho mobilu
2019-12-10 22:11 - 2019-12-10 22:11 - 026807296 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 020816384 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 009668408 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-12-10 22:11 - 2019-12-10 22:11 - 006541712 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 006444032 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 004588544 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2019-12-10 22:11 - 2019-12-10 22:11 - 003638272 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2019-12-10 22:11 - 2019-12-10 22:11 - 002699768 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 002233688 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 002072384 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001702392 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-12-10 22:11 - 2019-12-10 22:11 - 001701888 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001677808 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001668960 _____ (Microsoft Corporation) C:\windows\system32\gdi32full.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001666440 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001656192 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001473088 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2019-12-10 22:11 - 2019-12-10 22:11 - 001465264 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32full.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001201128 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000678672 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2019-12-10 22:11 - 2019-12-10 22:11 - 000595968 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000578560 _____ (Microsoft Corporation) C:\windows\system32\SppExtComObj.Exe
2019-12-10 22:11 - 2019-12-10 22:11 - 000533504 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000508928 _____ (Microsoft Corporation) C:\windows\system32\Windows.Devices.Enumeration.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000408736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000312832 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000180224 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000125440 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000098816 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 007886848 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 007645384 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.Protection.PlayReady.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 003576832 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 003387392 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 002707968 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32kfull.sys
2019-12-10 22:10 - 2019-12-10 22:10 - 002192384 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.onecore.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 001676288 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 001258296 _____ (Microsoft Corporation) C:\windows\system32\hvix64.exe
2019-12-10 22:10 - 2019-12-10 22:10 - 001049400 _____ (Microsoft Corporation) C:\windows\system32\hvax64.exe
2019-12-10 22:10 - 2019-12-10 22:10 - 000981504 _____ (Microsoft Corporation) C:\windows\system32\MusUpdateHandlers.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000901120 _____ (Microsoft Corporation) C:\windows\system32\usocore.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000826880 _____ (Microsoft Corporation) C:\windows\system32\printfilterpipelinesvc.exe
2019-12-10 22:10 - 2019-12-10 22:10 - 000793824 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000764928 _____ (Microsoft Corporation) C:\windows\system32\updatehandlers.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000758688 _____ (Microsoft Corporation) C:\windows\system32\tcblaunch.exe
2019-12-10 22:10 - 2019-12-10 22:10 - 000603792 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000575488 _____ (Microsoft Corporation) C:\windows\system32\MusNotification.exe
2019-12-10 22:10 - 2019-12-10 22:10 - 000505632 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000430592 _____ (Microsoft Corporation) C:\windows\system32\MusNotificationUx.exe
2019-12-10 22:10 - 2019-12-10 22:10 - 000203064 _____ (Microsoft Corporation) C:\windows\system32\tcbloader.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000095544 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\DevQueryBroker.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth8.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth7.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth6.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth5.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth4.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth3.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth2.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth1.bin
2019-12-03 22:31 - 2019-12-10 23:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-11-30 21:25 - 2019-11-30 21:25 - 000000000 _____ C:\windows\system32\last.dump

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-30 18:01 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-30 17:49 - 2019-10-12 07:56 - 000000000 ____D C:\XY
2019-12-30 17:48 - 2019-09-25 13:47 - 000000000 ____D C:\Users\marti\AppData\Roaming\vlc
2019-12-30 15:36 - 2019-09-25 11:58 - 000000000 ____D C:\Users\marti\AppData\Local\D3DSCache
2019-12-30 15:24 - 2019-09-25 12:14 - 000000000 ____D C:\Users\marti\AppData\LocalLow\Mozilla
2019-12-30 11:42 - 2018-10-11 06:56 - 000000000 ____D C:\windows\system32\SleepStudy
2019-12-30 00:46 - 2019-11-04 22:07 - 000003194 _____ C:\windows\system32\Tasks\CCleaner Update
2019-12-30 00:46 - 2019-11-04 22:07 - 000002232 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2019-12-30 00:46 - 2019-10-10 20:34 - 000003402 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-30 00:46 - 2019-10-10 20:34 - 000003178 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-30 00:46 - 2019-10-10 20:29 - 000000000 ____D C:\windows\system32\Tasks\Avast Software
2019-12-30 00:46 - 2019-09-25 12:57 - 000003482 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2019-12-30 00:46 - 2019-09-25 12:06 - 000002850 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2500698708-366820743-63615063-1001
2019-12-30 00:46 - 2019-04-14 13:18 - 000002844 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2500698708-366820743-63615063-500
2019-12-30 00:46 - 2019-04-14 12:25 - 000002856 _____ C:\windows\system32\Tasks\HPJumpStartLaunch
2019-12-30 00:46 - 2019-04-14 12:12 - 000002202 _____ C:\windows\system32\Tasks\StartCN
2019-12-30 00:46 - 2019-04-14 12:12 - 000002116 _____ C:\windows\system32\Tasks\StartDVR
2019-12-30 00:46 - 2018-11-27 03:57 - 000002766 _____ C:\windows\system32\Tasks\HPAudioSwitch
2019-12-30 00:30 - 2019-10-10 20:29 - 000004264 _____ C:\windows\system32\Tasks\Avast Emergency Update
2019-12-29 21:44 - 2018-09-15 08:33 - 000000000 ___HD C:\windows\ELAMBKUP
2019-12-29 21:44 - 2018-09-15 08:33 - 000000000 ____D C:\windows\AppReadiness
2019-12-29 21:43 - 2019-09-25 11:57 - 000000000 ____D C:\Users\marti\AppData\Local\Packages
2019-12-29 21:28 - 2019-11-13 12:22 - 000000000 ____D C:\Users\marti\AppData\Local\cache
2019-12-29 12:25 - 2019-10-27 21:42 - 000000000 ____D C:\Filmy
2019-12-28 13:18 - 2019-11-22 10:53 - 000000000 ____D C:\Users\marti\AppData\Local\CrashDumps
2019-12-28 13:18 - 2019-09-25 14:50 - 000000000 ____D C:\Users\marti\AppData\Roaming\uTorrent
2019-12-25 17:48 - 2019-10-27 21:43 - 000000000 ____D C:\Škola
2019-12-23 20:44 - 2019-09-25 13:47 - 000000000 ____D C:\Users\marti\AppData\Roaming\dvdcss
2019-12-23 13:20 - 2019-11-17 17:28 - 000000000 ____D C:\Z plochy
2019-12-22 20:48 - 2018-11-27 11:58 - 000683780 _____ C:\windows\system32\perfh005.dat
2019-12-22 20:48 - 2018-11-27 11:58 - 000137462 _____ C:\windows\system32\perfc005.dat
2019-12-22 20:48 - 2018-10-11 07:02 - 001656392 _____ C:\windows\system32\PerfStringBackup.INI
2019-12-22 20:48 - 2018-09-15 08:31 - 000000000 ____D C:\windows\INF
2019-12-22 20:40 - 2018-10-11 06:56 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-12-22 20:39 - 2019-04-14 12:11 - 000065536 _____ C:\windows\psp_storage.bin
2019-12-22 20:39 - 2018-09-15 07:09 - 000786432 _____ C:\windows\system32\config\BBI
2019-12-22 20:38 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-20 13:26 - 2019-09-25 12:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-18 14:53 - 2019-11-02 10:01 - 000000000 ____D C:\Telefon
2019-12-17 21:51 - 2019-10-10 20:36 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-17 21:51 - 2019-10-10 20:36 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-17 15:00 - 2019-11-07 12:25 - 000000000 ____D C:\Users\marti\AppData\Local\HP_Inc
2019-12-12 12:23 - 2019-09-25 14:11 - 000000000 ____D C:\windows\system32\MRT
2019-12-12 12:18 - 2019-09-25 14:11 - 129221664 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-12-10 23:09 - 2018-10-11 06:56 - 000347232 _____ C:\windows\system32\FNTCACHE.DAT
2019-12-10 23:08 - 2019-09-25 12:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-12-10 22:54 - 2018-09-15 08:33 - 000000000 ____D C:\windows\ShellExperiences
2019-12-10 22:54 - 2018-09-15 08:33 - 000000000 ____D C:\windows\bcastdvr
2019-12-10 22:24 - 2018-09-15 08:23 - 000000000 ____D C:\windows\CbsTemp
2019-12-04 10:04 - 2019-11-08 22:18 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-12-01 21:14 - 2019-09-25 12:05 - 000000000 ____D C:\Users\marti\AppData\Local\PlaceholderTileLogoFolder
2019-11-30 16:34 - 2018-09-15 10:10 - 000000000 ____D C:\windows\OCR

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by marti (30-12-2019 18:08:55)
Running from C:\Users\marti\Desktop
Windows 10 Home Version 1809 17763.914 (X64) (2019-09-25 08:35:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2500698708-366820743-63615063-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2500698708-366820743-63615063-503 - Limited - Disabled)
Guest (S-1-5-21-2500698708-366820743-63615063-501 - Limited - Disabled)
marti (S-1-5-21-2500698708-366820743-63615063-1001 - Administrator - Enabled) => C:\Users\marti
WDAGUtilityAccount (S-1-5-21-2500698708-366820743-63615063-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
CzRus QWERTZ Caps 2.1 (HKLM\...\{E1A0C81B-6119-4E37-97E2-9F186F08D54A}) (Version: 1.0.3.40 - Doers)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
HP Audio Switch (HKLM-x32\...\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}) (Version: 1.0.154.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.12.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{016FBF6D-AEDE-4D33-87B4-DF6815EF674A}) (Version: 1.4.0.485 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{35556CCA-F14E-48F3-93F4-E29C4B3DBE30}) (Version: 1.4.485.0 - HP Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2500698708-366820743-63615063-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 cs) (HKLM\...\Mozilla Firefox 71.0 (x64 cs)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.17134.31243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.28.615.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8544 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.35.15 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2019-09-25] (Amazon.com)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.2.0_x64__xbfy0k16fey96 [2019-10-04] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2019-04-14] (HP Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.481.0_x86__v10z8vjag6ke6 [2019-04-14] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.2.0_x64__v10z8vjag6ke6 [2019-11-08] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.38.0_x64__v10z8vjag6ke6 [2019-11-06] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-16] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.6.539.0_x64__v10z8vjag6ke6 [2019-12-17] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.0.39.0_x64__v10z8vjag6ke6 [2019-09-25] (HP Inc.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-09-25] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-09-25] (CYBERLINKCOM CORP)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.15.61.0_x64__kx24dqmazqk8j [2019-09-25] (Random Salad Games LLC) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2500698708-366820743-63615063-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-10-09 11:17 - 2019-10-09 11:17 - 000141312 _____ ( ) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\4e821cd4ac0671a7a466d88a3e7df625\Interop.IWshRuntimeLibrary.ni.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-07-06 10:44 - 2018-07-06 10:44 - 002552832 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-12-11 09:46 - 2019-12-11 09:46 - 000156672 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\e97f4164e9485a34e2edbd2fcb45277e\BRIDGECommon.ni.dll
2019-12-11 09:47 - 2019-12-11 09:47 - 000121344 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\BridgeExtension\9b0c3891cf78de6e4732d22b06e6bb68\BridgeExtension.ni.dll
2019-12-11 09:48 - 2019-12-11 09:48 - 000375296 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\CleanStartController\51d9b06eddcf23fbc6d9cf290142c6cc\CleanStartController.ni.dll
2019-12-11 09:47 - 2019-12-11 09:47 - 000077824 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\NativeInterop\0bccae64575100f70fc110f326ae6cd3\NativeInterop.ni.dll
2019-12-11 09:48 - 2019-12-11 09:48 - 000139776 _____ () [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Registratio4eabc192#\d5f9bf0bbf559aca1148451ba10e00ae\RegistrationUtilities.ni.dll
2019-12-11 09:49 - 2019-12-11 09:49 - 000129536 _____ (hardcodet.net) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\18747fea2299bdc8ae28e55a568409b8\Hardcodet.Wpf.TaskbarNotification.ni.dll
2019-09-25 13:09 - 2019-09-25 13:09 - 000015360 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.0.39.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2019-12-11 09:47 - 2019-12-11 09:47 - 000131584 _____ (HP Inc.) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\CommonPortable\1be9f62d0f836b15439bbec293a92c33\CommonPortable.ni.dll
2019-12-11 09:49 - 2019-12-11 09:49 - 001555456 _____ (Mark Heath) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\NAudio\3dc95adbf21e4daf1ccd4deb0377e7e9\NAudio.ni.dll
2019-12-11 09:46 - 2019-12-11 09:46 - 002227200 _____ (Newtonsoft) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\36ee366e2d1f4d3c5ec2060c004152df\Newtonsoft.Json.ni.dll
2019-12-11 09:49 - 2019-12-11 09:49 - 002988032 _____ (Newtonsoft) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\6a7b58f49863d6cc842d5b27181d05af\Newtonsoft.Json.ni.dll
2019-12-11 09:49 - 2019-12-11 09:49 - 000765440 _____ (The Apache Software Foundation) [File not signed] C:\windows\assembly\NativeImages_v4.0.30319_32\log4net\c30933cff5eb9698236de85b8b8de090\log4net.ni.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000345600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000502272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 001412608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-11-08 05:34 - 2018-11-08 05:34 - 005812224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 006321152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 001077248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000323584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 003559424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 003700224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000359936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 076160000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 005603840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000461312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000187904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 002822144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000053248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000059904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000328192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2500698708-366820743-63615063-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{134489B1-43A2-4A29-B48B-A3A248941A06}] => (Allow) C:\Users\marti\AppData\Local\Mozilla Firefox\firefox.exe No File
FirewallRules: [TCP Query User{8BFC9709-7BD2-43CC-BBD2-3B8DCA669F33}C:\users\marti\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\marti\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{C7D27B1A-4826-4B34-AB83-3F5D04ECE9A1}C:\users\marti\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\marti\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{A09DC97E-A733-40BE-9C59-9EAF83512B4E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{56614862-CAA4-4E3A-B7FD-F23C876FFBED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{84B5EA8A-113C-49D6-8C53-38D9060E9DDF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20364.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E682C222-9ECE-419B-ACE8-368FEA8EDF04}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

12-12-2019 12:17:25 Windows Update
21-12-2019 11:41:53 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/30/2019 09:31:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program ShellExperienceHost.exe verze 10.0.17763.864 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3cec

Čas spuštění: 01d5beeb7136b863

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

ID hlášení: 20670333-ca0a-4d4e-8476-36dc344c6158

Úplný název balíčku s chybou: Microsoft.Windows.ShellExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (12/30/2019 09:30:43 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.IO.IOException: Proces nemůže přistupovat k souboru C:\Windows\Temp\signtool.exe, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode)
v _HPCommRecovery.Tools.Signtool.ExtractSignTool()
v _HPCommRecovery.Tools.Signtool.Verify(String arg)
v _HPCommRecovery.HPAHAgent.CallAgent()
v _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
v _HPCommRecovery.HPAHLogger.NewSession()
v _HPCommRecovery.HPCommRecove....

Error: (12/30/2019 09:30:31 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.IO.IOException: Proces nemůže přistupovat k souboru C:\Windows\Temp\signtool.exe, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode)
v _HPCommRecovery.Tools.Signtool.ExtractSignTool()
v _HPCommRecovery.Tools.Signtool.Verify(String arg)
v _HPCommRecovery.HPAHAgent.CallAgent()
v _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
v _HPCommRecovery.HPAHLogger.NewSession()
v _HPCommRecovery.HPCommRecove....

Error: (12/29/2019 09:43:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SysInfoCap.exe, verze: 1.15.1289.0, časové razítko: 0x5d542659
Název chybujícího modulu: MSVCP140.dll, verze: 14.16.27012.6, časové razítko: 0x5bc12a99
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000192a0
ID chybujícího procesu: 0x798
Čas spuštění chybující aplikace: 0x01d5b8ffb7193981
Cesta k chybující aplikaci: C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\SysInfoCap.exe
Cesta k chybujícímu modulu: C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\MSVCP140.dll
ID zprávy: f0046198-6cd4-4b7b-8ac4-976fb9b6ea8c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/29/2019 10:43:52 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.IO.IOException: Proces nemůže přistupovat k souboru C:\Windows\Temp\signtool.exe, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode)
v _HPCommRecovery.Tools.Signtool.ExtractSignTool()
v _HPCommRecovery.Tools.Signtool.Verify(String arg)
v _HPCommRecovery.HPAHAgent.CallAgent()
v _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
v _HPCommRecovery.HPAHLogger.NewSession()
v _HPCommRecovery.HPCommRecove....

Error: (12/28/2019 01:18:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17763.592, časové razítko: 0xabe94558
Kód výjimky: 0xc000041d
Posun chyby: 0x00005fc7
ID chybujícího procesu: 0x38f4
Čas spuštění chybující aplikace: 0x01d5bd583804f06b
Cesta k chybující aplikaci: C:\Users\marti\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\windows\System32\GDI32.dll
ID zprávy: f98a2f57-156a-4fef-8d3d-d74601f11f12
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/28/2019 09:15:35 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.IO.IOException: Proces nemůže přistupovat k souboru C:\Windows\Temp\signtool.exe, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode)
v _HPCommRecovery.Tools.Signtool.ExtractSignTool()
v _HPCommRecovery.Tools.Signtool.Verify(String arg)
v _HPCommRecovery.HPAHAgent.CallAgent()
v _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
v _HPCommRecovery.HPAHLogger.NewSession()
v _HPCommRecovery.HPCommRecove....

Error: (12/27/2019 10:05:23 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.UnauthorizedAccessException: Přístup k cestě C:\Windows\Temp\signtool.exe byl odepřen.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode)
v _HPCommRecovery.Tools.Signtool.ExtractSignTool()
v _HPCommRecovery.Tools.Signtool.Verify(String arg)
v _HPCommRecovery.HPAHAgent.CallAgent()
v _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
v _HPCommRecovery.HPAHLogger.NewSession()
v _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus p....


System errors:
=============
Error: (12/30/2019 03:23:51 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-J6M1L6Q5)
Description: Nelze spustit server DCOM: Microsoft.AAD.BrokerPlugin_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

Error: (12/30/2019 03:22:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/30/2019 03:22:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/30/2019 09:30:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/30/2019 09:30:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/30/2019 12:41:11 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/29/2019 09:44:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP System Info HSA Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (12/29/2019 09:22:29 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-J6M1L6Q5)
Description: Server {355822FC-86F1-4BE8-B5F0-A33736789641} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2019-10-17 09:24:32.962
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Verze podpisu: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

CodeIntegrity:
===================================

Date: 2019-12-29 17:04:34.713
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 17:04:34.670
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 17:04:31.470
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 17:04:31.469
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 17:04:31.374
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 17:04:31.374
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-23 19:00:38.373
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-23 19:00:38.324
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.40 11/23/2018
Motherboard: HP 8330
Processor: AMD A6-9220 RADEON R4, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 80%
Total physical RAM: 3981.68 MB
Available physical RAM: 771.14 MB
Total Virtual: 7040.09 MB
Available Virtual: 1863.23 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:464.53 GB) (Free:306.33 GB) NTFS

\\?\Volume{ce08dfbc-231f-4274-b505-a47ca4ab00c1}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.54 GB) NTFS
\\?\Volume{64e29ad9-7476-4d01-a82d-01a6234bf62a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FB125693)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118348
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#4 Příspěvek od Rudy »

Teď spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Mankind
Návštěvník
Návštěvník
Příspěvky: 285
Registrován: 08 led 2012 15:33

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#5 Příspěvek od Mankind »

# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build: 12-17-2019
# Database: 2019-12-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-30-2019
# Duration: 00:01:09
# OS: Windows 10 Home
# Cleaned: 30
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7092D299-907D-4353-9BE1-B3ECEC3A6410}
Deleted Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Deleted Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Deleted Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Deleted Preinstalled.HPCleanFLC Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Deleted Preinstalled.HPJumpStartBridge Folder C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Deleted Preinstalled.HPJumpStartLaunch Folder C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FE1D632-80CB-4D31-89CE-650AFD7DA613}
Deleted Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch
Deleted Preinstalled.HPJumpStartLaunch Task C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH
Deleted Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\marti\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F322B446-B157-4257-B44F-4F22D41F8EDB}
Deleted Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Deleted Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Deleted Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Deleted Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4860 octets] - [29/12/2019 21:39:53]
AdwCleaner[S01].txt - [4921 octets] - [30/12/2019 19:25:35]
AdwCleaner[S02].txt - [4982 octets] - [30/12/2019 19:26:51]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118348
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#6 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Mankind
Návštěvník
Návštěvník
Příspěvky: 285
Registrován: 08 led 2012 15:33

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#7 Příspěvek od Mankind »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by marti (administrator) on LAPTOP-J6M1L6Q5 (HP HP Laptop 15-bw0xx) (30-12-2019 19:55:37)
Running from C:\Users\marti\Desktop
Loaded Profiles: marti (Available Profiles: marti)
Platform: Windows 10 Home Version 1809 17763.914 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atiesrxx.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_714bb34a8e64bfef\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\BridgeCommunication.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\SysInfoCap.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279328 2018-09-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-04-18] (Realtek Semiconductor Corp. -> Realtek)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4532264 2018-11-13] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-2500698708-366820743-63615063-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-17] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A90FE7A-4BE5-425D-9010-70422933069B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {3E77D319-A7F7-4831-8225-01762993A54D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [147320 2019-12-17] (HP Inc. -> HP Inc.)
Task: {458E5A2D-B462-4112-AAF1-453676376CF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-10] (Google Inc -> Google Inc.)
Task: {493CAC96-E308-4E93-A398-973CC7316865} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-10] (Google Inc -> Google Inc.)
Task: {4C6BE4C4-8CEC-46E7-B496-2CA1EA59F690} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [63880 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {88E87872-7F52-4A86-AD60-3DDEFFC09421} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {96FD7F83-58FF-43BF-8D09-DD732416B223} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
Task: {A9363F18-2B52-4C93-800B-F903CB664AF3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
Task: {ABA4813F-55E1-426B-89FE-9DAE1AB13C3B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D390F86C-090C-422B-B0D2-021ECB268BA2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{51be57f0-3ea1-4a56-8618-8900989a9c86}: [DhcpNameServer] 147.251.4.33 147.251.6.10
Tcpip\..\Interfaces\{66c17b23-b9ab-4f04-9e88-302858a5ebd5}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2500698708-366820743-63615063-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2500698708-366820743-63615063-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {6694345E-F007-4971-8F45-32BEE6AD90F7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6694345E-F007-4971-8F45-32BEE6AD90F7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2500698708-366820743-63615063-1001 -> {6694345E-F007-4971-8F45-32BEE6AD90F7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}

FireFox:
========
FF DefaultProfile: 0piu5vzc.default
FF ProfilePath: C:\Users\marti\AppData\Roaming\Mozilla\Firefox\Profiles\mwrwct2q.default-release-1-1569420897947 [2019-12-28]
FF Homepage: Mozilla\Firefox\Profiles\mwrwct2q.default-release-1-1569420897947 -> google.com
FF ProfilePath: C:\Users\marti\AppData\Roaming\Mozilla\Firefox\Profiles\0piu5vzc.default [2019-09-25]
FF ProfilePath: C:\Users\marti\AppData\Roaming\Mozilla\Firefox\Profiles\ljz9emvj.default-release-1573334089114 [2019-12-30]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\marti\AppData\Local\Google\Chrome\User Data\Default [2019-12-29]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\marti\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-23]
CHR Extension: (Avast Online Security) - C:\Users\marti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-12-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\marti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-14]
CHR Extension: (Chrome Media Router) - C:\Users\marti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atiesrxx.exe [507928 2018-11-17] (Advanced Micro Devices, Inc. -> AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R2 HPAppHelperCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\AppHelperCap.exe [447248 2019-08-15] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\NetworkCap.exe [445712 2019-08-15] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\SysInfoCap.exe [449808 2019-08-15] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_714bb34a8e64bfef\x64\TouchpointAnalyticsClientService.exe [429008 2019-10-08] (HP Inc. -> HP Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-12-30] (Malwarebytes Inc -> Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268128 2018-09-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 RtkBtManServ; C:\windows\RtkBtManServ.exe [740920 2018-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [399400 2018-11-13] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-09-28] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S2 HPJumpStartBridge; "c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [26888 2018-11-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atikmdag.sys [47412224 2018-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atikmpag.sys [589312 2018-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\windows\System32\drivers\amdpsp.sys [137688 2018-11-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R0 aswArDisk; C:\windows\System32\drivers\aswArDisk.sys [37616 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [204824 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [209552 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [65120 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\windows\System32\drivers\aswElam.sys [16304 2019-10-10] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [276952 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42736 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [161544 2019-11-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110320 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [83792 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [848432 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [460448 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [236024 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [316528 2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [107400 2018-11-17] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 HPCustomCapDriver; C:\windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [23960 2018-07-06] (HP Inc. -> HP Inc.)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [20936 2019-12-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [1139424 2018-09-06] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\windows\System32\drivers\RtkBtfilter.sys [758312 2018-10-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [434000 2018-09-06] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\System32\drivers\rtwlane.sys [11438376 2019-03-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 SmbDrv; C:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys [45096 2018-11-13] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\windows\System32\drivers\Smb_driver_Intel.sys [46632 2018-11-13] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\System32\drivers\WirelessButtonDriver64.sys [35392 2019-08-06] (HP Inc. -> HP)
U1 aswbdisk; no ImagePath
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-30 19:40 - 2019-12-30 19:40 - 001252420 _____ C:\Users\marti\Desktop\Seznam-autorů-literárních-děl-literárních-žánrů-směrů-a-hnutí-k-DT.pdf
2019-12-30 19:39 - 2019-12-30 19:39 - 000224418 _____ C:\Users\marti\Desktop\svetlit-prehled.pdf
2019-12-30 19:23 - 2019-12-30 19:23 - 008237744 _____ (Malwarebytes) C:\Users\marti\Desktop\AdwCleaner.exe
2019-12-30 19:21 - 2019-12-30 19:21 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-12-30 19:21 - 2019-12-30 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-12-30 19:21 - 2019-12-30 19:20 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2019-12-30 19:21 - 2019-12-30 19:20 - 000020936 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamElam.sys
2019-12-30 19:20 - 2019-12-30 19:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-12-30 19:12 - 2019-12-30 19:12 - 001883976 _____ (Malwarebytes) C:\Users\marti\Desktop\MBSetup.exe
2019-12-30 18:08 - 2019-12-30 18:12 - 000036814 _____ C:\Users\marti\Desktop\Addition.txt
2019-12-30 18:05 - 2019-12-30 19:58 - 000019302 _____ C:\Users\marti\Desktop\FRST.txt
2019-12-30 18:04 - 2019-12-30 19:57 - 000000000 ____D C:\FRST
2019-12-30 18:02 - 2019-12-30 18:02 - 002272256 _____ (Farbar) C:\Users\marti\Desktop\FRST64.exe
2019-12-30 16:57 - 2019-12-30 16:57 - 000000000 ____D C:\rsit
2019-12-30 16:57 - 2019-12-30 16:57 - 000000000 ____D C:\Program Files\trend micro
2019-12-30 16:50 - 2019-12-30 16:50 - 001222144 _____ C:\Users\marti\Desktop\RSITx64.exe
2019-12-29 21:38 - 2019-12-30 19:28 - 000000000 ____D C:\AdwCleaner
2019-12-29 21:26 - 2019-12-29 21:26 - 000000000 ____D C:\Program Files\Malwarebytes
2019-12-25 14:04 - 2019-12-25 14:06 - 000000000 ____D C:\ze stareho mobilu
2019-12-10 22:11 - 2019-12-10 22:11 - 026807296 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 020816384 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 009668408 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-12-10 22:11 - 2019-12-10 22:11 - 006541712 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 006444032 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 004588544 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2019-12-10 22:11 - 2019-12-10 22:11 - 003638272 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2019-12-10 22:11 - 2019-12-10 22:11 - 002699768 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 002233688 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 002072384 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001702392 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-12-10 22:11 - 2019-12-10 22:11 - 001701888 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001677808 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001668960 _____ (Microsoft Corporation) C:\windows\system32\gdi32full.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001666440 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001656192 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001473088 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2019-12-10 22:11 - 2019-12-10 22:11 - 001465264 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32full.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 001201128 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000678672 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2019-12-10 22:11 - 2019-12-10 22:11 - 000595968 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000578560 _____ (Microsoft Corporation) C:\windows\system32\SppExtComObj.Exe
2019-12-10 22:11 - 2019-12-10 22:11 - 000533504 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000508928 _____ (Microsoft Corporation) C:\windows\system32\Windows.Devices.Enumeration.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000408736 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000312832 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000180224 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000125440 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2019-12-10 22:11 - 2019-12-10 22:11 - 000098816 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 007886848 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 007645384 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.Protection.PlayReady.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 003576832 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 003387392 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 002707968 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32kfull.sys
2019-12-10 22:10 - 2019-12-10 22:10 - 002192384 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.onecore.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 001676288 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 001258296 _____ (Microsoft Corporation) C:\windows\system32\hvix64.exe
2019-12-10 22:10 - 2019-12-10 22:10 - 001049400 _____ (Microsoft Corporation) C:\windows\system32\hvax64.exe
2019-12-10 22:10 - 2019-12-10 22:10 - 000981504 _____ (Microsoft Corporation) C:\windows\system32\MusUpdateHandlers.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000901120 _____ (Microsoft Corporation) C:\windows\system32\usocore.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000826880 _____ (Microsoft Corporation) C:\windows\system32\printfilterpipelinesvc.exe
2019-12-10 22:10 - 2019-12-10 22:10 - 000793824 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000764928 _____ (Microsoft Corporation) C:\windows\system32\updatehandlers.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000758688 _____ (Microsoft Corporation) C:\windows\system32\tcblaunch.exe
2019-12-10 22:10 - 2019-12-10 22:10 - 000603792 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000575488 _____ (Microsoft Corporation) C:\windows\system32\MusNotification.exe
2019-12-10 22:10 - 2019-12-10 22:10 - 000505632 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000430592 _____ (Microsoft Corporation) C:\windows\system32\MusNotificationUx.exe
2019-12-10 22:10 - 2019-12-10 22:10 - 000203064 _____ (Microsoft Corporation) C:\windows\system32\tcbloader.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000095544 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\DevQueryBroker.dll
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth8.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth7.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth6.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth5.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth4.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth3.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth2.bin
2019-12-10 22:10 - 2019-12-10 22:10 - 000000315 _____ C:\windows\system32\DrtmAuth1.bin
2019-12-03 22:31 - 2019-12-10 23:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-11-30 21:25 - 2019-11-30 21:25 - 000000000 _____ C:\windows\system32\last.dump

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-30 19:41 - 2018-11-27 11:58 - 000683780 _____ C:\windows\system32\perfh005.dat
2019-12-30 19:41 - 2018-11-27 11:58 - 000137462 _____ C:\windows\system32\perfc005.dat
2019-12-30 19:41 - 2018-10-11 07:02 - 001656392 _____ C:\windows\system32\PerfStringBackup.INI
2019-12-30 19:41 - 2018-09-15 08:31 - 000000000 ____D C:\windows\INF
2019-12-30 19:37 - 2019-09-25 12:14 - 000000000 ____D C:\Users\marti\AppData\LocalLow\Mozilla
2019-12-30 19:35 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-30 19:33 - 2018-10-11 06:56 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-12-30 19:32 - 2018-09-15 07:09 - 000786432 _____ C:\windows\system32\config\BBI
2019-12-30 19:31 - 2019-04-14 12:11 - 000065536 _____ C:\windows\psp_storage.bin
2019-12-30 19:29 - 2018-11-27 03:55 - 000000000 ____D C:\ProgramData\HP
2019-12-30 19:28 - 2019-09-25 12:02 - 000000000 ____D C:\Users\marti\AppData\Roaming\Hewlett-Packard
2019-12-30 19:28 - 2018-11-27 03:55 - 000000000 ____D C:\Program Files (x86)\HP
2019-12-30 19:28 - 2018-11-27 03:54 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2019-12-30 19:28 - 2018-11-27 03:54 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2019-12-30 19:28 - 2018-11-13 02:32 - 000000000 ___HD C:\hp
2019-12-30 19:21 - 2019-09-25 11:58 - 000000000 ____D C:\Users\marti\AppData\Local\D3DSCache
2019-12-30 19:21 - 2018-09-15 08:33 - 000000000 ___HD C:\windows\ELAMBKUP
2019-12-30 17:49 - 2019-10-12 07:56 - 000000000 ____D C:\XY
2019-12-30 17:48 - 2019-09-25 13:47 - 000000000 ____D C:\Users\marti\AppData\Roaming\vlc
2019-12-30 11:42 - 2018-10-11 06:56 - 000000000 ____D C:\windows\system32\SleepStudy
2019-12-30 00:46 - 2019-11-04 22:07 - 000003194 _____ C:\windows\system32\Tasks\CCleaner Update
2019-12-30 00:46 - 2019-11-04 22:07 - 000002232 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2019-12-30 00:46 - 2019-10-10 20:34 - 000003402 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-30 00:46 - 2019-10-10 20:34 - 000003178 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-30 00:46 - 2019-10-10 20:29 - 000000000 ____D C:\windows\system32\Tasks\Avast Software
2019-12-30 00:46 - 2019-09-25 12:57 - 000003482 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2019-12-30 00:46 - 2019-09-25 12:06 - 000002850 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2500698708-366820743-63615063-1001
2019-12-30 00:46 - 2019-04-14 13:18 - 000002844 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2500698708-366820743-63615063-500
2019-12-30 00:46 - 2019-04-14 12:12 - 000002202 _____ C:\windows\system32\Tasks\StartCN
2019-12-30 00:46 - 2019-04-14 12:12 - 000002116 _____ C:\windows\system32\Tasks\StartDVR
2019-12-30 00:30 - 2019-10-10 20:29 - 000004264 _____ C:\windows\system32\Tasks\Avast Emergency Update
2019-12-29 21:44 - 2018-09-15 08:33 - 000000000 ____D C:\windows\AppReadiness
2019-12-29 21:43 - 2019-09-25 11:57 - 000000000 ____D C:\Users\marti\AppData\Local\Packages
2019-12-29 21:28 - 2019-11-13 12:22 - 000000000 ____D C:\Users\marti\AppData\Local\cache
2019-12-29 12:25 - 2019-10-27 21:42 - 000000000 ____D C:\Filmy
2019-12-28 13:18 - 2019-11-22 10:53 - 000000000 ____D C:\Users\marti\AppData\Local\CrashDumps
2019-12-28 13:18 - 2019-09-25 14:50 - 000000000 ____D C:\Users\marti\AppData\Roaming\uTorrent
2019-12-25 17:48 - 2019-10-27 21:43 - 000000000 ____D C:\Škola
2019-12-23 20:44 - 2019-09-25 13:47 - 000000000 ____D C:\Users\marti\AppData\Roaming\dvdcss
2019-12-23 13:20 - 2019-11-17 17:28 - 000000000 ____D C:\Z plochy
2019-12-22 20:38 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-20 13:26 - 2019-09-25 12:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-18 14:53 - 2019-11-02 10:01 - 000000000 ____D C:\Telefon
2019-12-17 21:51 - 2019-10-10 20:36 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-17 21:51 - 2019-10-10 20:36 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-17 15:00 - 2019-11-07 12:25 - 000000000 ____D C:\Users\marti\AppData\Local\HP_Inc
2019-12-12 12:23 - 2019-09-25 14:11 - 000000000 ____D C:\windows\system32\MRT
2019-12-12 12:18 - 2019-09-25 14:11 - 129221664 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-12-10 23:09 - 2018-10-11 06:56 - 000347232 _____ C:\windows\system32\FNTCACHE.DAT
2019-12-10 23:08 - 2019-09-25 12:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-12-10 22:54 - 2018-09-15 08:33 - 000000000 ____D C:\windows\ShellExperiences
2019-12-10 22:54 - 2018-09-15 08:33 - 000000000 ____D C:\windows\bcastdvr
2019-12-10 22:24 - 2018-09-15 08:23 - 000000000 ____D C:\windows\CbsTemp
2019-12-04 10:04 - 2019-11-08 22:18 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-12-01 21:14 - 2019-09-25 12:05 - 000000000 ____D C:\Users\marti\AppData\Local\PlaceholderTileLogoFolder
2019-11-30 16:34 - 2018-09-15 10:10 - 000000000 ____D C:\windows\OCR

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by marti (30-12-2019 20:00:01)
Running from C:\Users\marti\Desktop
Windows 10 Home Version 1809 17763.914 (X64) (2019-09-25 08:35:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2500698708-366820743-63615063-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2500698708-366820743-63615063-503 - Limited - Disabled)
Guest (S-1-5-21-2500698708-366820743-63615063-501 - Limited - Disabled)
marti (S-1-5-21-2500698708-366820743-63615063-1001 - Administrator - Enabled) => C:\Users\marti
WDAGUtilityAccount (S-1-5-21-2500698708-366820743-63615063-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
CzRus QWERTZ Caps 2.1 (HKLM\...\{E1A0C81B-6119-4E37-97E2-9F186F08D54A}) (Version: 1.0.3.40 - Doers)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
HP Audio Switch (HKLM-x32\...\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}) (Version: 1.0.154.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{016FBF6D-AEDE-4D33-87B4-DF6815EF674A}) (Version: 1.4.0.485 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{35556CCA-F14E-48F3-93F4-E29C4B3DBE30}) (Version: 1.4.485.0 - HP Inc.)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2500698708-366820743-63615063-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 cs) (HKLM\...\Mozilla Firefox 71.0 (x64 cs)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 70.0.1 - Mozilla)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.17134.31243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.28.615.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8544 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.35.15 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2019-09-25] (Amazon.com)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.2.0_x64__xbfy0k16fey96 [2019-10-04] (Dropbox Inc.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2019-04-14] (HP Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.481.0_x86__v10z8vjag6ke6 [2019-04-14] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.2.0_x64__v10z8vjag6ke6 [2019-11-08] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.38.0_x64__v10z8vjag6ke6 [2019-11-06] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-16] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.6.539.0_x64__v10z8vjag6ke6 [2019-12-17] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.0.39.0_x64__v10z8vjag6ke6 [2019-09-25] (HP Inc.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-09-25] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12228.20364.0_x86__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation)
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-09-25] (CYBERLINKCOM CORP)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.15.61.0_x64__kx24dqmazqk8j [2019-09-25] (Random Salad Games LLC) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2500698708-366820743-63615063-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-10] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-07-06 10:43 - 2018-07-06 10:43 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-07-06 10:44 - 2018-07-06 10:44 - 002552832 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000345600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000502272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 001412608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-11-08 05:34 - 2018-11-08 05:34 - 005812224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 006321152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 001077248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000323584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 003559424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 003700224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000359936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 076160000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 005603840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000461312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 000187904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-07-06 10:43 - 2018-07-06 10:43 - 002822144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000053248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000059904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000328192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2018-07-06 10:44 - 2018-07-06 10:44 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2500698708-366820743-63615063-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{134489B1-43A2-4A29-B48B-A3A248941A06}] => (Allow) C:\Users\marti\AppData\Local\Mozilla Firefox\firefox.exe No File
FirewallRules: [TCP Query User{8BFC9709-7BD2-43CC-BBD2-3B8DCA669F33}C:\users\marti\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\marti\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{C7D27B1A-4826-4B34-AB83-3F5D04ECE9A1}C:\users\marti\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\marti\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{A09DC97E-A733-40BE-9C59-9EAF83512B4E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{56614862-CAA4-4E3A-B7FD-F23C876FFBED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{84B5EA8A-113C-49D6-8C53-38D9060E9DDF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12228.20364.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E682C222-9ECE-419B-ACE8-368FEA8EDF04}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

12-12-2019 12:17:25 Windows Update
21-12-2019 11:41:53 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/30/2019 07:29:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (12/30/2019 06:16:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 28.12.2019.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 241c

Čas spuštění: 01d5bf332127f542

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\marti\Desktop\FRST64.exe

ID hlášení: 5d89e558-b286-4830-8c05-852850c38375

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (12/30/2019 09:31:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program ShellExperienceHost.exe verze 10.0.17763.864 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3cec

Čas spuštění: 01d5beeb7136b863

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

ID hlášení: 20670333-ca0a-4d4e-8476-36dc344c6158

Úplný název balíčku s chybou: Microsoft.Windows.ShellExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (12/30/2019 09:30:43 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.IO.IOException: Proces nemůže přistupovat k souboru C:\Windows\Temp\signtool.exe, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode)
v _HPCommRecovery.Tools.Signtool.ExtractSignTool()
v _HPCommRecovery.Tools.Signtool.Verify(String arg)
v _HPCommRecovery.HPAHAgent.CallAgent()
v _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
v _HPCommRecovery.HPAHLogger.NewSession()
v _HPCommRecovery.HPCommRecove....

Error: (12/30/2019 09:30:31 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.IO.IOException: Proces nemůže přistupovat k souboru C:\Windows\Temp\signtool.exe, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode)
v _HPCommRecovery.Tools.Signtool.ExtractSignTool()
v _HPCommRecovery.Tools.Signtool.Verify(String arg)
v _HPCommRecovery.HPAHAgent.CallAgent()
v _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
v _HPCommRecovery.HPAHLogger.NewSession()
v _HPCommRecovery.HPCommRecove....

Error: (12/29/2019 09:43:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SysInfoCap.exe, verze: 1.15.1289.0, časové razítko: 0x5d542659
Název chybujícího modulu: MSVCP140.dll, verze: 14.16.27012.6, časové razítko: 0x5bc12a99
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000192a0
ID chybujícího procesu: 0x798
Čas spuštění chybující aplikace: 0x01d5b8ffb7193981
Cesta k chybující aplikaci: C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\SysInfoCap.exe
Cesta k chybujícímu modulu: C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_7898ab4dfb5a2c7b\x64\MSVCP140.dll
ID zprávy: f0046198-6cd4-4b7b-8ac4-976fb9b6ea8c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/29/2019 10:43:52 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.IO.IOException: Proces nemůže přistupovat k souboru C:\Windows\Temp\signtool.exe, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode)
v _HPCommRecovery.Tools.Signtool.ExtractSignTool()
v _HPCommRecovery.Tools.Signtool.Verify(String arg)
v _HPCommRecovery.HPAHAgent.CallAgent()
v _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
v _HPCommRecovery.HPAHLogger.NewSession()
v _HPCommRecovery.HPCommRecove....

Error: (12/28/2019 01:18:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17763.592, časové razítko: 0xabe94558
Kód výjimky: 0xc000041d
Posun chyby: 0x00005fc7
ID chybujícího procesu: 0x38f4
Čas spuštění chybující aplikace: 0x01d5bd583804f06b
Cesta k chybující aplikaci: C:\Users\marti\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\windows\System32\GDI32.dll
ID zprávy: f98a2f57-156a-4fef-8d3d-d74601f11f12
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (12/30/2019 07:42:38 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-J6M1L6Q5)
Description: Server {355822FC-86F1-4BE8-B5F0-A33736789641} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/30/2019 07:41:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime přestala během spouštění reagovat.

Error: (12/30/2019 07:39:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

Error: (12/30/2019 07:37:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HP Comm Recovery neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/30/2019 07:37:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Optimalizace doručení přestala během spouštění reagovat.

Error: (12/30/2019 07:36:07 PM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-J6M1L6Q5)
Description: Nelze spustit server DCOM: Microsoft.AAD.BrokerPlugin_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

Error: (12/30/2019 07:34:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (12/30/2019 07:34:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2019-10-17 09:24:32.962
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Verze podpisu: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

CodeIntegrity:
===================================

Date: 2019-12-29 17:04:34.713
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 17:04:34.670
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 17:04:31.470
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 17:04:31.469
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 17:04:31.374
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-29 17:04:31.374
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-23 19:00:38.373
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-23 19:00:38.324
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.40 11/23/2018
Motherboard: HP 8330
Processor: AMD A6-9220 RADEON R4, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 83%
Total physical RAM: 3981.68 MB
Available physical RAM: 657.31 MB
Total Virtual: 6157.68 MB
Available Virtual: 1979.54 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:464.53 GB) (Free:306.07 GB) NTFS

\\?\Volume{ce08dfbc-231f-4274-b505-a47ca4ab00c1}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.54 GB) NTFS
\\?\Volume{64e29ad9-7476-4d01-a82d-01a6234bf62a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FB125693)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118348
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {458E5A2D-B462-4112-AAF1-453676376CF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-10] (Google Inc -> Google Inc.)
Task: {493CAC96-E308-4E93-A398-973CC7316865} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-10] (Google Inc -> Google Inc.)
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U1 aswbdisk; no ImagePath
C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [{134489B1-43A2-4A29-B48B-A3A248941A06}] => (Allow) C:\Users\marti\AppData\Local\Mozilla Firefox\firefox.exe No File

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Mankind
Návštěvník
Návštěvník
Příspěvky: 285
Registrován: 08 led 2012 15:33

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#9 Příspěvek od Mankind »

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by marti (30-12-2019 21:18:07) Run:1
Running from C:\Users\marti\Desktop
Loaded Profiles: marti (Available Profiles: marti)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {458E5A2D-B462-4112-AAF1-453676376CF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-10] (Google Inc -> Google Inc.)
Task: {493CAC96-E308-4E93-A398-973CC7316865} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-10] (Google Inc -> Google Inc.)
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U1 aswbdisk; no ImagePath
C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [{134489B1-43A2-4A29-B48B-A3A248941A06}] => (Allow) C:\Users\marti\AppData\Local\Mozilla Firefox\firefox.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{458E5A2D-B462-4112-AAF1-453676376CF8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{458E5A2D-B462-4112-AAF1-453676376CF8}" => removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{493CAC96-E308-4E93-A398-973CC7316865}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{493CAC96-E308-4E93-A398-973CC7316865}" => removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
"C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{134489B1-43A2-4A29-B48B-A3A248941A06}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 296567916 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 158033 B
Edge => 1315289 B
Chrome => 12763965 B
Firefox => 1153007826 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1603217 B
systemprofile32 => 1603217 B
LocalService => 1607729 B
NetworkService => 1607729 B
marti => 201613824 B

RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-12-2019 21:25:47)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected

==== End of Fixlog 21:25:47 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118348
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#10 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Mankind
Návštěvník
Návštěvník
Příspěvky: 285
Registrován: 08 led 2012 15:33

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#11 Příspěvek od Mankind »

Ano, zatím to vypadá, že ta myš přestala. Možná bych počkal do zítřka, protože ono to neblbnulo vždy... tak když to bude dobré, tak Vám sem napíšu, že už je to ok, pokud nevadí? :)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118348
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#12 Příspěvek od Rudy »

OK, nevadí. :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Mankind
Návštěvník
Návštěvník
Příspěvky: 285
Registrován: 08 led 2012 15:33

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#13 Příspěvek od Mankind »

Dobrý den, omlouvám se, ale ta myš stále zlobí. Hlavně teda, když pracuju ve wordu nebo ve složkách, kde je hodně souborů, tak to překlikává a jako kdybych klikal na pravé tlačítko, což nedělám :/
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118348
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#14 Příspěvek od Rudy »

Zkuste tu myšku vy měnit za jinou, zda se bude problém opakovat. Nebo tu vaši vyzkoušejte v jiném PC.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Mankind
Návštěvník
Návštěvník
Příspěvky: 285
Registrován: 08 led 2012 15:33

Re: Zlobivá myš; proklikávání ikon na ploše atd.

#15 Příspěvek od Mankind »

Dobrý den, tak konečně jsem se dostal k jiné myši a pomohlo to. Asi teda tamta nějak překlikávala, zkusím ji v jiném počítači a uvidím. Tak Vám moc děkuji za pomoc!

Nějaké dočištění po těch programech, se kterými jsme pracovali, je potřeba provést nebo ne?
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“