Kontrola logu - otevřen soubor z emailu a pak peklo

[Brawler]

Ahojte ...
Prosím o kontrolu logu a případnou pomoc/radu.
Do emailu přišel email o nějakém zaplacení, bla bla, znáte to ... no a rodiče neváhali a "šli platit" ...
Děkuji za pomoc, asi tam bude bubáků až haňba.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by Karel Pres (10-01-2020 13:32:46)
Running from C:\Users\Karel Pres\Desktop
Windows 10 Home Version 1903 18362.535 (X64) (2019-09-11 15:49:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1019974261-2628426475-3769247392-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1019974261-2628426475-3769247392-503 - Limited - Disabled)
Guest (S-1-5-21-1019974261-2628426475-3769247392-501 - Limited - Disabled)
Karel Pres (S-1-5-21-1019974261-2628426475-3769247392-1001 - Administrator - Enabled) => C:\Users\Karel Pres
WDAGUtilityAccount (S-1-5-21-1019974261-2628426475-3769247392-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Allwin (HKLM-x32\...\{F48A1A85-EF19-405A-8A44-D0586DE8869B}) (Version: 4.0.0 - Allwin)
Allwin2D Server (HKLM-x32\...\{A4A06D8D-524D-4C33-B848-97C32F3B57B0}) (Version: 1.1.1 - Allcomp)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 5.4.0 - philandro Software GmbH)
Autodesk DWG TrueView 2018 - English (HKLM\...\DWG TrueView 2018 - English) (Version: 22.0.50.0 - Autodesk)
BrLauncher (HKLM-x32\...\{474764AE-5A67-4312-ADD3-449798BD96D1}) (Version: 1.1.21.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{EADC5638-E8FC-41E6-9BE1-9E6A77CCE3F8}) (Version: 3.2.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{06A5A956-6D40-4F1B-B7E6-94411BFB846B}) (Version: 1.0.38.1 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (HKLM-x32\...\{83626DDE-99CD-4FF2-804E-36BE82143315}) (Version: 1.0.14.0 - Brother Industries Ltd.) Hidden
ControlCenter4 (HKLM-x32\...\{CAFE5834-5440-41B8-8C56-4DD946A1A5E1}) (Version: 4.6.21.1 - Brother Industries, Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{1E89F75C-EF46-406C-9AAC-615B3CCC1D3D}) (Version: 4.3.2.1 - Brother Insutries Ltd.) Hidden
DeviceDetect (HKLM-x32\...\{9C27CE44-0F33-42CC-8A30-4A08369EB7B3}) (Version: 1.3.1.0 - Brother Industries Ltd.) Hidden
DWG TrueView 2018 - English (HKLM\...\{28B89EEF-1028-0409-0100-CF3F3A09B77D}) (Version: 22.0.50.0 - Autodesk) Hidden
GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
GemPcCCID (HKLM\...\{7567A068-2F02-40D1-A34C-16D79ECD35A6}) (Version: 2.0.3 - Gemalto)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
I.CA Diagnostic (HKLM-x32\...\{6969F77F-418C-448B-9CA2-D7304112609E}) (Version: 1.2.8.0 - První certifikační autorita, a.s.) Hidden
I.CA Diagnostic (HKLM-x32\...\I.CA Diagnostic 1.2.8.0) (Version: 1.2.8.0 - První certifikační autorita, a.s.)
I.CA Maintenance (HKLM-x32\...\{29BC7C1E-3AEC-47AB-B820-FC16D759F1B3}) (Version: 1.3.0.0 - První certifikační autorita, a.s.) Hidden
I.CA Maintenance (HKLM-x32\...\I.CA Maintenance 1.3.0.0) (Version: 1.3.0.0 - První certifikační autorita, a.s.)
I.CA PKIServiceHost (HKLM\...\{446955F6-A94B-4293-B646-43A9ADD4D62B}) (Version: 1.2.5.0 - První certifikační autorita, a.s.) Hidden
I.CA PKIServiceHost (HKLM-x32\...\I.CA PKIServiceHost 1.2.5.0) (Version: 1.2.5.0 - První certifikační autorita, a.s.)
I.CA SecureStore 4.5 (HKLM\...\{974DE7F0-8CE5-4269-9395-2E1314A7E8CB}) (Version: 4.5 - První certifikační autorita, a.s.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1824.12.0.1140 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6195 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{3b132227-4567-48a1-9f85-0d0dad4346ee}) (Version: 1.49.213.1 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{0d3983ba-7e6e-4cfe-b7d0-9e8a966f9872}) (Version: 10.1.17661.8081 - Intel(R) Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1019974261-2628426475-3769247392-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{37C44B5C-E839-4A9D-9E20-A93E1B2FD35A}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 cs) (HKLM\...\Mozilla Firefox 71.0 (x64 cs)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.6.1 - Mozilla)
Mozilla Thunderbird 60.9.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.9.1 (x86 cs)) (Version: 60.9.1 - Mozilla)
NetworkRepairTool (HKLM-x32\...\{947DE453-69FD-4CF6-A682-04D1308C79AF}) (Version: 1.2.15.0 - Brother Industries, Ltd.) Hidden
PC-FAXReceive (HKLM-x32\...\{9C609AF4-9CC1-45F0-B954-29DF7DD40329}) (Version: 1.8.004.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{3C17737F-A6C4-4528-9A60-06DD0D4B3A63}) (Version: 1.0.18.1 - Brother Industries Ltd.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8454 - Realtek Semiconductor Corp.)
RemoteSetup (HKLM-x32\...\{BDD8C463-1183-4A91-9EC8-BF68E4ECA9B6}) (Version: 3.9.2.1 - Brother Industries Ltd.) Hidden
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
StatusMonitor (HKLM-x32\...\{624AB804-EE0E-4AD5-AB8F-15BB29C54065}) (Version: 1.22.8.0 - Brother Insutries Ltd.) Hidden
STORMWARE POHODA CZ Premium (HKLM-x32\...\{D2EDD387-F4CF-4A0D-97A9-B202DA43D022}) (Version: 12400.100 - STORMWARE)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.1.3937 - TeamViewer)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50 - C. Ghisler & Co.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.7.0_x86__kgqvnymyfvs32 [2020-01-09] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.28.8.0_x86__kgqvnymyfvs32 [2020-01-09] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1661.1.0_x86__kgqvnymyfvs32 [2019-12-19] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.2.0.0_x64__8j3eq9eme6ctt [2019-06-19] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
Microsoft Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt [2019-11-04] (INTEL CORP) [Startup Task]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0 [2019-12-17] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1019974261-2628426475-3769247392-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2018 - English\en-US\dwgviewrficn.dll (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1019974261-2628426475-3769247392-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2018 - English\dwgviewr.exe (Autodesk, Inc -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2017-02-15] (Autodesk, Inc -> Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-15] (Autodesk, Inc -> Autodesk)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-01-30 16:00 - 2019-01-30 16:00 - 001106432 _____ ( Prvni certifikacni autorita, a.s.) [File not signed] C:\WINDOWS\system32\SecureStoreCore.dll
2009-02-27 15:38 - 2009-02-27 15:38 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-12-14 10:38 - 2017-12-14 10:38 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2017-12-14 10:38 - 2017-12-14 10:38 - 000180224 _____ () [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2017-12-14 10:38 - 2017-12-14 10:38 - 000208896 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2017-12-14 10:38 - 2017-12-14 10:38 - 001721344 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2017-11-07 18:55 - 2017-11-07 18:55 - 000137728 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2017-08-18 10:23 - 2017-08-18 10:23 - 000087552 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2017-08-18 10:23 - 2017-08-18 10:23 - 017974784 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2017-11-07 19:04 - 2017-11-07 19:04 - 000090112 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLCze.dll
2017-11-07 18:55 - 2017-11-07 18:55 - 000440832 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\Track.dll
2019-05-14 09:45 - 2018-05-02 14:25 - 000091648 _____ () [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2019-05-14 09:45 - 2005-04-22 12:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2019-01-30 16:02 - 2019-01-30 16:02 - 000482304 _____ () [File not signed] C:\WINDOWS\system32\SecureStoreCspRes.dll
2019-01-30 11:14 - 2019-01-30 11:14 - 000944128 _____ (Free Software Foundation) [File not signed] C:\WINDOWS\system32\libiconv.dll
2010-10-20 00:03 - 2010-10-20 00:03 - 000225400 _____ (SafeNet, Inc. -> SafeNet, Inc.) [File not signed] C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\MD5CHAP.dll
2014-08-29 08:54 - 2014-08-29 08:54 - 001659904 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\WINDOWS\system32\LIBEAY32_101.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1019974261-2628426475-3769247392-1001\Software\Classes\.scr: DWGTrueViewScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1019974261-2628426475-3769247392-1001\...\*.capgemini.com -> hxxp://*.capgemini.com
IE trusted site: HKU\S-1-5-21-1019974261-2628426475-3769247392-1001\...\*.capgemini.com -> hxxps://*.capgemini.com
IE trusted site: HKU\S-1-5-21-1019974261-2628426475-3769247392-1001\...\*.csob.cz -> hxxps://*.csob.cz
IE trusted site: HKU\S-1-5-21-1019974261-2628426475-3769247392-1001\...\*.csob.sk -> hxxps://*.csob.sk
IE trusted site: HKU\S-1-5-21-1019974261-2628426475-3769247392-1001\...\*.erasvet.cz -> hxxps://*.erasvet.cz
IE trusted site: HKU\S-1-5-21-1019974261-2628426475-3769247392-1001\...\*.ica.cz -> hxxp://*.ica.cz
IE trusted site: HKU\S-1-5-21-1019974261-2628426475-3769247392-1001\...\*.ica.cz -> hxxps://*.ica.cz
IE trusted site: HKU\S-1-5-21-1019974261-2628426475-3769247392-1001\...\*.postovnisporitelna.cz -> hxxps://*.postovnisporitelna.cz

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\
HKU\S-1-5-21-1019974261-2628426475-3769247392-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B90D1F9A-3EF2-4FAE-B96C-C77D6C356A7C}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc. -> SafeNet, Inc.)
FirewallRules: [{1EC7C69E-3F79-4D37-9BEF-E3FBFCE33530}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc. -> SafeNet, Inc.)
FirewallRules: [{47A78F9C-C2D4-442D-814F-49D50D58B188}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc. -> SafeNet, Inc)
FirewallRules: [{E808F6FB-D40F-4513-A462-0C2CBB1FFCC7}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc. -> SafeNet, Inc)
FirewallRules: [{A97F08D2-034E-418C-A0F7-FE2970ABF1DA}] => (Allow) LPort=1433
FirewallRules: [{4BE01636-2F3A-4AF5-87B0-666E6735F486}] => (Allow) LPort=1434
FirewallRules: [{C804E6CC-C2B7-46EF-BFF5-6FAB50BB9DC4}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL12.ALLWIN2D\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8B1AE57-28E3-47F4-99B1-A8BAF077A6FD}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL12.ALLWIN2D\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AF4F3BB-F9D4-42D8-AF62-4C0BDCA8A65E}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{D96D8A61-83E8-43AD-9A45-3F9E013F8886}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{CA699B6B-D8C6-4CE0-AFFE-386C496CC30C}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{BF486D7A-74A1-4D10-A885-F39A88BD3DDF}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{59D8E2EC-222F-49FD-BB80-3475BF30178A}] => (Allow) LPort=54925
FirewallRules: [{972FD694-F581-4052-9845-515411416F77}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{51988A00-3E5C-4E3D-A593-42DF009E0300}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6B547999-9D0C-46A9-B713-0C58ADC9BCBA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E18BE8D3-58E7-4CBA-93E6-7ECAE471C1A5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1D1455A0-8BD0-4977-9D23-48DB9AD8B94D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{73282A53-4826-4B9C-B00A-25B6405837B3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9FEF028E-C7C8-4792-9B21-674BDB665601}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F7E63734-6B01-4808-B409-3EAC0EF6B756}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2B00901A-BA32-4C87-9669-279E7016AAE0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4D6D3F9A-D1AE-45A9-A58E-9E02C1C501C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.122.633.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B9EFF035-A1C5-4927-BB83-C80ED08045AA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1DADC7D0-1DB8-4FB9-90A1-AB2A51C03DCE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A21A0239-55CF-4826-8C3B-81D860857D87}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F4AE3552-55B0-4ED2-B41F-0ACACD42B5F8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8C33E144-2B4D-4CFA-B483-73E8FE81AEE9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{86CD730E-5220-4569-8592-3CD18D5CB135}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{32B83134-F641-4B0B-AD5C-A64CBD41AA08}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{16FF922F-C762-45B7-812B-E6EFB08AB4D3}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )

==================== Restore Points =========================

20-12-2019 10:20:38 Installed STORMWARE POHODA CZ.
27-12-2019 11:59:02 Naplánovaný kontrolní bod
05-01-2020 15:45:19 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/10/2020 01:22:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11920,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/10/2020 01:07:30 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6852,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/10/2020 12:01:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6056,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (01/10/2020 11:52:36 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2020/01/10 11:52:36.883]: [00010012]: Error GetInkSupplyType Send ( ErrCode == 5 )

Error: (01/10/2020 11:52:34 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2020/01/10 11:52:34.868]: [00010012]: Error GetInkSupplyType Send ( ErrCode == 5 )

Error: (01/10/2020 11:52:32 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2020/01/10 11:52:32.852]: [00010012]: Error GetInkSupplyType Send ( ErrCode == 5 )

Error: (01/10/2020 11:52:05 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2020/01/10 11:52:05.702]: [00010012]: Error GetInkSupplyType Send ( ErrCode == 5 )

Error: (01/10/2020 11:52:03 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: MTDLL BrtMTDLL: [2020/01/10 11:52:03.687]: [00010012]: Error GetInkSupplyType Send ( ErrCode == 5 )


System errors:
=============
Error: (01/10/2020 01:08:41 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čtečka čipových karet Gemalto Ezio Shield 0 odmítla signál IOCTL POWER: Zařízení nezná tento příkaz.. Pokud chyba přetrvává, čipová karta nebo čtečka pravděpodobně nefungují správně.

Záhlaví příkazu: 01 00 00 00

Error: (01/10/2020 01:08:41 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čtečka čipových karet Gemalto Ezio Shield 0 odmítla signál IOCTL POWER: Zařízení nezná tento příkaz.. Pokud chyba přetrvává, čipová karta nebo čtečka pravděpodobně nefungují správně.

Záhlaví příkazu: 01 00 00 00

Error: (01/10/2020 01:08:41 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čtečka čipových karet Gemalto Ezio Shield 0 odmítla signál IOCTL POWER: Čipová karta nereaguje na signál Reset.. Pokud chyba přetrvává, čipová karta nebo čtečka pravděpodobně nefungují správně.

Záhlaví příkazu: 01 00 00 00

Error: (01/10/2020 01:08:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J7EAFMQ)
Description: Server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/06/2020 12:31:24 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čtečka čipových karet Gemalto Ezio Shield 0 odmítla signál IOCTL SET_PROTOCOL: Neznámé diskové médium. Možná není naformátováno.. Pokud chyba přetrvává, čipová karta nebo čtečka pravděpodobně nefungují správně.

Záhlaví příkazu: 01 00 00 00

Error: (01/06/2020 12:31:24 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čtečka čipových karet Gemalto Ezio Shield 0 odmítla signál IOCTL POWER: Časový limit semaforu vypršel.. Pokud chyba přetrvává, čipová karta nebo čtečka pravděpodobně nefungují správně.

Záhlaví příkazu: 00 00 00 00

Error: (01/06/2020 12:31:24 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čtečka čipových karet Gemalto Ezio Shield 0 odmítla signál IOCTL TRANSMIT: Časový limit semaforu vypršel.. Pokud chyba přetrvává, čipová karta nebo čtečka pravděpodobně nefungují správně.

Záhlaví příkazu: 00 a4 00 0c

Error: (01/06/2020 12:30:41 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čtečka čipových karet Gemalto Ezio Shield 0 odmítla signál IOCTL POWER: Čipová karta nereaguje na signál Reset.. Pokud chyba přetrvává, čipová karta nebo čtečka pravděpodobně nefungují správně.

Záhlaví příkazu: 01 00 00 00


Windows Defender:
===================================
Date: 2020-01-10 13:02:12.079
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Execution.IF!ml
ID: 2147736914
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: file:_C:\Users\Karel Pres\AppData\Roaming\gpuhealth\ôâ.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\System32\svchost.exe
Verze bezpečnostních informací: AV: 1.307.2098.0, AS: 1.307.2098.0, NIS: 1.307.2098.0
Verze modulu: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-10 13:01:04.149
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Execution.IF!ml
ID: 2147736914
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: file:_C:\ProgramData\ôâ.exe; process:_pid:5868,ProcessStart:132231312405746125
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\ProgramData\ôâ.exe
Verze bezpečnostních informací: AV: 1.307.2098.0, AS: 1.307.2098.0, NIS: 1.307.2098.0
Verze modulu: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-10 13:01:04.039
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Execution.IF!ml
ID: 2147736914
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: file:_C:\ProgramData\ôâ.exe; file:_C:\Users\Karel Pres\AppData\Local\Temp\1204269929x.com; file:_C:\Users\KARELP~1\AppData\Local\Temp\1204269929x.com; process:_pid:5868,ProcessStart:132231312405746125
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-J7EAFMQ\Karel Pres
Název procesu: C:\ProgramData\ôâ.exe
Verze bezpečnostních informací: AV: 1.307.2098.0, AS: 1.307.2098.0, NIS: 1.307.2098.0
Verze modulu: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-10 13:00:55.820
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Execution.IF!ml
ID: 2147736914
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: file:_C:\ProgramData\ôâ.exe; process:_pid:5868,ProcessStart:132231312405746125
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\ProgramData\ôâ.exe
Verze bezpečnostních informací: AV: 1.307.2098.0, AS: 1.307.2098.0, NIS: 1.307.2098.0
Verze modulu: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2020-01-10 13:00:52.951
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Execution.IF!ml
ID: 2147736914
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: file:_C:\ProgramData\ôâ.exe; file:_C:\Users\Karel Pres\AppData\Local\Temp\1204269929x.com; file:_C:\Users\KARELP~1\AppData\Local\Temp\1204269929x.com
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-J7EAFMQ\Karel Pres
Název procesu: C:\Windows\SysWOW64\wscript.exe
Verze bezpečnostních informací: AV: 1.307.2098.0, AS: 1.307.2098.0, NIS: 1.307.2098.0
Verze modulu: AM: 1.1.16600.7, NIS: 1.1.16600.7

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.20 07/27/2018
Motherboard: ASRock H310CM-HDV/M.2
Processor: Intel(R) Pentium(R) Gold G5400 CPU @ 3.70GHz
Percentage of memory in use: 39%
Total physical RAM: 7861.97 MB
Available physical RAM: 4776.88 MB
Total Virtual: 10559.64 MB
Available Virtual: 7020.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.53 GB) (Free:359.2 GB) NTFS

\\?\Volume{11feadcb-c451-450b-ac5b-7e5240b825c2}\ (Obnovení) (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS
\\?\Volume{b50f459b-cd7d-4448-b7d5-2fd91000641d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 447.1 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020
Ran by Karel Pres (administrator) on DESKTOP-J7EAFMQ (10-01-2020 13:31:43)
Running from C:\Users\Karel Pres\Desktop
Loaded Profiles: Karel Pres (Available Profiles: Karel Pres)
Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(ICEpower a/s -> ICEpower a/s) C:\Windows\System32\ICEsoundService64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f3a64c75ee4defb7\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f3a64c75ee4defb7\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_38bfcb542ef4272e\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_38bfcb542ef4272e\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.ALLWIN2D\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(philandro Software GmbH -> ) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(philandro Software GmbH -> ) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SafeNet, Inc. -> SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc. -> SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc. -> SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18388936 2018-05-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [I16A] => C:\WINDOWS\twain_32\Brimi16a\Common\TwDsUiLaunch.exe [86112 2018-10-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2975744 2017-12-14] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ICAMaintenance_ICAPKIService_RegKeysRefresh] => C:\Program Files (x86)\I.CA\I.CA Maintenance\ICAMaintenance.exe [272120 2016-10-07] (Prvni certifikacni autorita, a.s. -> I.CA, a.s.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2019-05-14]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06328F54-A00A-46DE-941C-A430933D2F3B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {355B4EB5-54B4-4EE0-94F9-C7D55634456F} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [815304 2018-04-12] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {3E07DC46-08FC-4710-87FC-C8C745D32600} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4D6BC1FE-7C99-4771-9BC3-35698AF33367} - System32\Tasks\Task Gpu health => C:\Users\Karel Pres\AppData\Roaming\gpuhealth\ôâ.exe
Task: {76EAB8BB-18C1-41EC-ADD2-6B076FA63C48} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {93AE8630-B009-4EFD-B09A-5499677FD413} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {E45D9005-93D7-4F2C-8715-AAA6D3EB4E27} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAEE7DE0-9E2B-424B-957F-FAC6A58E4EE0} - System32\Tasks\BackupManufacture => C:\Program Files (x86)\Allwin2D\Server\BackupAuto.exe [23552 2013-05-06] (Allcomp) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\BackupManufacture.job => C:\Program Files (x86)\Allwin2D\Server\BackupAuto.exe
Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8f4ea97b-4819-45ab-ba7c-45e7c597655b}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF DefaultProfile: mn0kruzb.default-1560487968837
FF ProfilePath: C:\Users\Karel Pres\AppData\Roaming\Mozilla\Firefox\Profiles\mn0kruzb.default-1560487968837 [2020-01-10]
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3025872 2019-11-29] (philandro Software GmbH -> )
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2017-12-14] (Brother Industries, Ltd.) [File not signed]
S3 I.CA Maintenance Service; C:\Program Files (x86)\I.CA\I.CA Maintenance\ICAMaintenance.exe [272120 2016-10-07] (Prvni certifikacni autorita, a.s. -> I.CA, a.s.)
R2 ICEsoundService; C:\WINDOWS\system32\ICEsoundService64.exe [483808 2018-05-30] (ICEpower a/s -> ICEpower a/s)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [760008 2018-04-12] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720072 2018-04-12] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 MSSQL$ALLWIN2D; C:\Program Files\Microsoft SQL Server\MSSQL12.ALLWIN2D\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc. -> SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc. -> SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc. -> SafeNet, Inc.)
S4 SQLAgent$ALLWIN2D; C:\Program Files\Microsoft SQL Server\MSSQL12.ALLWIN2D\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12758528 2019-12-16] (TeamViewer GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrSetupDrv103; C:\Windows\SysWOW64\Drivers\AsrSetupDrv103.sys [34568 2019-05-10] (ASROCK Incorporation -> RW-Everything) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 GemCCID; C:\WINDOWS\System32\drivers\GemCCID.sys [130944 2014-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
R3 SNTUSB64; C:\WINDOWS\System32\drivers\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc. -> SafeNet, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-10 13:31 - 2020-01-10 13:32 - 000014570 _____ C:\Users\Karel Pres\Desktop\FRST.txt
2020-01-10 13:30 - 2020-01-10 13:31 - 000000000 ____D C:\FRST
2020-01-10 13:30 - 2020-01-10 13:30 - 002573312 _____ (Farbar) C:\Users\Karel Pres\Desktop\FRST64.exe
2020-01-10 13:00 - 2020-01-10 13:00 - 000003618 _____ C:\WINDOWS\system32\Tasks\Task Gpu health
2020-01-10 12:57 - 2020-01-10 12:57 - 000310801 _____ C:\Users\Karel Pres\AppData\Roaming\Gourges.jse
2020-01-10 12:57 - 2020-01-10 12:57 - 000310801 _____ C:\Users\Karel Pres\AppData\Roaming\Gourges.der
2020-01-10 12:49 - 2020-01-10 12:49 - 000444512 _____ C:\Users\Karel Pres\Desktop\PB láhve Olša.pdf
2020-01-06 09:54 - 2020-01-06 09:57 - 076055472 _____ (Microsoft Corporation) C:\Users\Karel Pres\Downloads\accessRDC2007sp3-kb2526310-fullfile-en-us.exe
2020-01-06 09:54 - 2020-01-06 09:56 - 026481656 _____ (Microsoft Corporation) C:\Users\Karel Pres\Downloads\AccessDatabaseEngine.exe
2020-01-03 08:32 - 2020-01-03 08:32 - 000005202 _____ C:\Users\Karel Pres\Downloads\csob-export-pohyby-20200103-08-31.SLK
2020-01-02 12:16 - 2020-01-02 12:16 - 000080057 _____ C:\Users\Karel Pres\Downloads\csob-potvrzeni-o-transakci-20200102-12-16.PDF
2019-12-20 10:28 - 2019-12-20 10:28 - 000002398 _____ C:\Users\Public\Desktop\Ekonomický systém POHODA 2020 Premium.lnk
2019-12-20 10:28 - 2019-12-20 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STORMWARE Office
2019-12-20 10:28 - 2019-12-20 10:28 - 000000000 ____D C:\Program Files (x86)\STORMWARE
2019-12-11 07:52 - 2019-12-11 07:52 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-11 07:52 - 2019-12-11 07:52 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-11 07:52 - 2019-12-11 07:52 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-11 07:52 - 2019-12-11 07:52 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-11 07:52 - 2019-12-11 07:52 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-11 07:52 - 2019-12-11 07:52 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-11 07:52 - 2019-12-11 07:52 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-10 13:30 - 2019-05-13 08:53 - 000000000 ____D C:\Users\Karel Pres\AppData\LocalLow\Mozilla
2020-01-10 13:15 - 2019-05-10 13:06 - 000000000 __SHD C:\Users\Karel Pres\IntelGraphicsProfiles
2020-01-10 12:50 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-10 12:47 - 2019-05-14 09:45 - 000013505 _____ C:\WINDOWS\BRRBCOM.INI
2020-01-10 10:28 - 2019-09-11 16:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-10 10:08 - 2019-05-16 10:01 - 000000000 ____D C:\Users\Public\Documents\AllwinNET
2020-01-09 21:07 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-09 20:04 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-09 20:00 - 2019-05-16 09:54 - 000000000 ____D C:\ProgramData\Allwin2D
2020-01-06 10:10 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-01-06 10:10 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-06 10:06 - 2019-09-11 16:53 - 001835166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-06 10:06 - 2019-03-19 12:55 - 000716944 _____ C:\WINDOWS\system32\perfh005.dat
2020-01-06 10:06 - 2019-03-19 12:55 - 000145024 _____ C:\WINDOWS\system32\perfc005.dat
2020-01-06 09:59 - 2019-09-11 16:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-06 09:59 - 2019-05-14 10:19 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-01-06 09:59 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-12-20 10:33 - 2019-05-13 11:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-12 17:44 - 2019-12-06 08:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-12-12 17:44 - 2019-09-11 16:43 - 000441936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-12 17:44 - 2019-05-13 08:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-12-12 17:44 - 2019-05-10 12:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-12 17:44 - 2019-05-10 12:46 - 000000000 ___RD C:\Users\Karel Pres\3D Objects
2019-12-12 17:44 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-12 17:44 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-12 17:44 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-11 07:55 - 2019-05-10 13:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-11 07:54 - 2019-05-10 13:14 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-11 07:54 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp

==================== Files in the root of some directories ========
2020-01-10 12:57 - 2020-01-10 12:57 - 000310801 _____ () C:\Users\Karel Pres\AppData\Roaming\Gourges.der
2020-01-10 12:57 - 2020-01-10 12:57 - 000310801 _____ () C:\Users\Karel Pres\AppData\Roaming\Gourges.jse
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================

[JaRon]

ahoj,
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start
C:\Users\Karel Pres\AppData\Roaming\gpuhealth\ôâ.exe
C:\ProgramData\ôâ.exe
C:\Users\Karel Pres\AppData\Local\Temp\1204269929x.com
C:\Users\KARELP~1\AppData\Local\Temp\1204269929x.com
Task: {4D6BC1FE-7C99-4771-9BC3-35698AF33367} - System32\Tasks\Task Gpu health => C:\Users\Karel Pres\AppData\Roaming\gpuhealth\ôâ.exe


EmptyTemp:
Reboot:
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[Brawler]

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by Karel Pres (10-01-2020 13:53:21) Run:1
Running from C:\Users\Karel Pres\Desktop
Loaded Profiles: Karel Pres (Available Profiles: Karel Pres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
C:\Users\Karel Pres\AppData\Roaming\gpuhealth\ôâ.exe
C:\ProgramData\ôâ.exe
C:\Users\Karel Pres\AppData\Local\Temp\1204269929x.com
C:\Users\KARELP~1\AppData\Local\Temp\1204269929x.com
Task: {4D6BC1FE-7C99-4771-9BC3-35698AF33367} - System32\Tasks\Task Gpu health => C:\Users\Karel Pres\AppData\Roaming\gpuhealth\ôâ.exe


EmptyTemp:
Reboot:
End
*****************

"C:\Users\Karel Pres\AppData\Roaming\gpuhealth\ôâ.exe" => not found
"C:\ProgramData\ôâ.exe" => not found
"C:\Users\Karel Pres\AppData\Local\Temp\1204269929x.com" => not found
"C:\Users\KARELP~1\AppData\Local\Temp\1204269929x.com" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{4D6BC1FE-7C99-4771-9BC3-35698AF33367}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D6BC1FE-7C99-4771-9BC3-35698AF33367}" => removed successfully
C:\WINDOWS\System32\Tasks\Task Gpu health => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Task Gpu health" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 738506262 B
Java, Flash, Steam htmlcache => 510 B
Windows/system/drivers => 1326481 B
Edge => 1276651 B
Chrome => 0 B
Firefox => 1075466347 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 336822 B
Karel Pres => 89372023 B

RecycleBin => 369539 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:55:09 ====

[JaRon]

restart PC - doinstaluj nejaky AV a prescanuj nim PC

[Brawler]

Díky moc, okna už nevyskakují pc jede tak nějak normálně, tak uvidíme, jdu spáchat ten antivir ...

[JaRon]

OKi, aktivny bordel sme odstranili, preventivne prescanovanie s AV neuskodi