﻿Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by user (2016-01-27 10:44:13)
Running from C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-20 09:48:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3191891479-3081992602-3358847149-500 - Administrator - Disabled)
Guest (S-1-5-21-3191891479-3081992602-3358847149-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3191891479-3081992602-3358847149-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-3191891479-3081992602-3358847149-1004 - Limited - Enabled) => C:\Users\UpdatusUser
user (S-1-5-21-3191891479-3081992602-3358847149-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis Disk Director Home (HKLM-x32\...\{9CCC78EF-027E-40E0-9B61-39932C65E3FE}) (Version: 11.0.216 - Acronis)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Aktualizace NVIDIA 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CardRecoveryPro 2.5.5 (HKLM-x32\...\{D4F48A8F-8E81-43E0-847F-04318383476F}_is1) (Version: 2.5.5 - LionSea SoftWare)
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.36 - Piriform)
Counter-Strike 1.6 v42 (HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Counter-Strike 1.6_is1) (Version:  - Valve)
Crysis 2 (HKLM-x32\...\Crysis 2) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Discover Treasure (HKLM-x32\...\Discover Treasure) (Version: 2.0.5840.818 - Discover Treasure) <==== ATTENTION
Dropbox (HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.50.5145 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021F0}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005F0}) (Version: 7.0.50 - Oracle)
Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.0.3370 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.0.3370 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Mafia II (HKLM-x32\...\Mafia II_is1) (Version:  - )
Magic Bullet Looks Studio (HKLM-x32\...\Magic Bullet Looks Studio) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile CSY Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0405-0000-0000000FF1CE}_OMUI.cs-cz_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - Czech/èeština (HKLM-x32\...\OMUI.cs-cz) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
MPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
MyProduct (HKLM-x32\...\MyProduct) (Version:  - )
Nero 7 Ultra Edition (HKLM-x32\...\{847CAE64-4CD2-4B2D-AF00-978FF5431029}) (Version: 7.02.9755 - Nero AG)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
NVIDIA Ovladač 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outlast: Whistleblower (HKLM-x32\...\T3V0bGFzdFdoaXN0bGVibG93ZXI=_is1) (Version: 1 - )
Ovládací panel NVIDIA 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
Ovladače videa společnosti Pinnacle (HKLM\...\{5EB90C06-964F-4195-B83E-BD7E55C88415}) (Version: 12.00.0017 - Pinnacle Systems)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Pinnacle Studio 12 (HKLM-x32\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.0.0.6163 - Team V.R)
Pinnacle Studio 12 Ultimate Plugins (HKLM-x32\...\{D1860E6E-520E-4380-8433-E58E8F88B473}) (Version: 12.0.0.0 - Pinnacle Systems)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.)
SilverCrest STMS 2219 A1 Driver (HKLM-x32\...\{1E494817-D81E-4B0E-B379-F34DF4DCDA58}) (Version: 1.2 - SilverCrest)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
War Thunder Launcher 1.0.1.403 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.5.0 - Shark007)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
x64 Components v3.5.0 (HKLM\...\x64 Components_is1) (Version: 3.5.0 - Shark007)
Zoner Photo Studio 14 (HKLM\...\ZonerPhotoStudio14_CZ_is1) (Version: 14.0.1.1 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3191891479-3081992602-3358847149-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D5E0AC5-BF84-4CA6-8368-B8D4CB7E5027} - System32\Tasks\{08460F0C-5358-43B7-8E16-6C37CA7F4CA7} => C:\Program Files (x86)\Far Cry 4\bin\FarCry4.exe
Task: {2F23063E-3889-4EED-A9A7-8AC3AD63A602} - System32\Tasks\{01556B8A-1C73-4DCC-B923-C2137E8901B0} => C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [2015-12-23] (Microsoft Corporation)
Task: {33AAABAE-1E67-4E6E-AF06-F6472530025C} - System32\Tasks\{2D89C560-7860-48D1-AC6D-C6CE9F96DD09} => pcalua.exe -a "D:\HRY\Assassins creed 2 CZ\Crack + Čeština\1.01 PATCH\assassins_creed_2_1.01_us.exe" -d "D:\HRY\Assassins creed 2 CZ\Crack + Čeština\1.01 PATCH"
Task: {38D6F647-5371-46EE-A7AE-1005EB3EFA3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {3A4C189C-4B3A-49E6-B9AF-D4FECF512736} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {51585FE6-F803-461C-ADBF-218ABA9B8912} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {65CCC514-9482-4EBB-9E9B-CA0CEF79FD36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {6E999584-B515-41B7-B3C5-2F5FDCDBD1F3} - System32\Tasks\{3AB00A04-20F7-4BC6-92DB-DD954E9011AB} => pcalua.exe -a D:\HRY\Wolfenstein2009\Cestina\WolfensteinBetaCz.exe -d D:\HRY\Wolfenstein2009\Cestina
Task: {A701AB88-6A97-44EC-9FBC-BA462850A5B5} - System32\Tasks\{767E17C6-415A-4273-81BA-1C76F997A441} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.14.0.104/cs/abandoninstall?page=tsProgressBar
Task: {B1F2822B-A76E-41D0-A889-0960365AF38C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000UA => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {C0A0D157-5FFF-478D-8D3B-95183053D66C} - System32\Tasks\{BA222784-F782-4C1D-B972-4FDB7EA7A580} => pcalua.exe -a "D:\PROGRAMY\Pinnacle\Pinnacle Studio 12\Crack\Pinnacle.pixie.activation.exe" -d "D:\PROGRAMY\Pinnacle\Pinnacle Studio 12\Crack"
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E4D7424B-E51D-48A8-B4E6-349B6D6B7F85} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000Core => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000Core.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3191891479-3081992602-3358847149-1000UA.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\user\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451309421&a=1008661&src=sh&uuid=185cfbb2-f9d1-49a9-9ba3-004204315000"
ShortcutWithArgument: C:\Users\user\Desktop\Štěpán\Hry\Half-Life 2.lnk -> C:\Program Files (x86)\Half-Life 2\Launcher.exe () -> "hxxp://esurf.biz/?ssid=1451309421&a=1008661&src=sh&uuid=185cfbb2-f9d1-49a9-9ba3-004204315000"
ShortcutWithArgument: C:\Users\user\Desktop\Štěpán\Hry\War Thunder.lnk -> C:\Program Files (x86)\WarThunder\launcher.exe (Gaijin Entertainment) -> "hxxp://esurf.biz/?ssid=1451309421&a=1008661&src=sh&uuid=185cfbb2-f9d1-49a9-9ba3-004204315000"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451309421&a=1008661&src=sh&uuid=185cfbb2-f9d1-49a9-9ba3-004204315000"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files (x86)\WarThunder\launcher.exe (Gaijin Entertainment) -> "hxxp://esurf.biz/?ssid=1451309421&a=1008661&src=sh&uuid=185cfbb2-f9d1-49a9-9ba3-004204315000"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451309421&a=1008661&src=sh&uuid=185cfbb2-f9d1-49a9-9ba3-004204315000"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451309421&a=1008661&src=sh&uuid=185cfbb2-f9d1-49a9-9ba3-004204315000" --proxy-pac-url=hxxp://stoppblock.me/wpad.dat?bbad4e81236ac3ea2381b3fe5d3736ea3353434
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451309421&a=1008661&src=sh&uuid=185cfbb2-f9d1-49a9-9ba3-004204315000"
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451309421&a=1008661&src=sh&uuid=185cfbb2-f9d1-49a9-9ba3-004204315000" --proxy-pac-url=hxxp://stoppblock.me/wpad.dat?bbad4e81236ac3ea2381b3fe5d3736ea3353434
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1451309421&a=1008661&src=sh&uuid=185cfbb2-f9d1-49a9-9ba3-004204315000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451309421&a=1008661&src=sh&uuid=185cfbb2-f9d1-49a9-9ba3-004204315000" --proxy-pac-url=hxxp://stoppblock.me/wpad.dat?bbad4e81236ac3ea2381b3fe5d3736ea3353434
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1451309421&a=1008661&src=sh&uuid=185cfbb2-f9d1-49a9-9ba3-004204315000" --proxy-pac-url=hxxp://stoppblock.me/wpad.dat?bbad4e81236ac3ea2381b3fe5d3736ea3353434

==================== Loaded Modules (Whitelisted) ==============

2012-03-22 17:21 - 2013-03-15 05:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-03-22 11:32 - 2015-09-06 09:32 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-07-07 15:17 - 2010-07-07 15:17 - 02156952 _____ () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
2013-04-19 01:46 - 2013-04-19 01:46 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-04-19 01:45 - 2013-04-19 01:45 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-04-19 01:44 - 2013-04-19 01:44 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-04-19 01:46 - 2013-04-19 01:46 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2015-12-12 08:59 - 2015-10-31 01:59 - 00034768 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00022848 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00023352 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00042296 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-12 08:59 - 2015-10-31 01:59 - 00116688 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 08:59 - 2015-10-31 01:59 - 00093640 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 08:59 - 2015-10-31 01:59 - 00018376 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00019760 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00105928 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-12 08:59 - 2015-10-31 01:59 - 00392144 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 08:59 - 2015-12-08 22:36 - 00381752 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 08:59 - 2015-10-31 01:59 - 00692688 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00020816 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00109520 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 01737032 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00020808 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00020800 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00021840 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00038696 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00024528 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00020936 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00114640 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00021320 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00124880 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00030160 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00043472 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00175560 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00028616 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00048592 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00024392 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00036296 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 08:59 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00117056 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00023376 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 08:59 - 2015-10-31 01:59 - 00134608 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-12 08:59 - 2015-10-31 01:59 - 00134088 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00240584 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00020280 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00052024 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00021304 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00350152 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00084792 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-12 08:59 - 2015-12-08 22:36 - 01826608 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 08:59 - 2015-10-31 02:00 - 00083912 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 03891504 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 01950000 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00519984 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00133936 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00225080 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00207672 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00024904 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00486704 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-12 08:59 - 2015-12-08 22:36 - 00357680 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 22:45 - 2015-10-31 02:01 - 00019920 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-07-29 10:14 - 2015-10-31 02:00 - 00786904 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 08:50 - 2015-10-31 02:00 - 00063448 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 22:45 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-24 14:32 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3191891479-3081992602-3358847149-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 79.127.195.194 - 79.127.192.230
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A8ABEC46-43AB-44D9-ABBE-912960822221}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{04F2F48D-F4FC-43C9-BC83-4A680F195E37}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{2B890391-267A-4ED5-9905-C69EB7D54B58}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe
FirewallRules: [{7FAE78A9-8F24-46D7-B5A9-49081D1B875D}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe
FirewallRules: [{44B1A1B6-FDF8-4BAD-95A2-84CFF8D8C2B9}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe
FirewallRules: [{27C16B0D-DA18-44FC-AF6E-6F4ABA14D024}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe
FirewallRules: [{7AAD0909-B132-4650-AD79-BF4887D0F2C3}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe
FirewallRules: [{793B0F3F-395C-4F39-AA8B-B9C4984CF9FF}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe
FirewallRules: [{4DC818D3-30E2-4DE9-B4AF-7300EB37592B}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{10DCC4C1-2A1F-4115-AD93-7ECFB515E431}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{BB66F357-DBFE-46D2-889E-F36FCBF5C5DE}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{FD66A429-DAE7-414F-A703-EF0D8D1F8A1C}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [{45D3062E-D1AE-44B8-99D7-6C9BB8F67F2C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{804C39D0-FB14-4A1C-9A3D-A91033C1CB11}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{71495030-7B3C-42AF-AAC4-DB7B12A8917E}C:\program files (x86)\assassin's creed iii\ac3sp.exe] => (Allow) C:\program files (x86)\assassin's creed iii\ac3sp.exe
FirewallRules: [UDP Query User{B93B38AC-CD3C-4D2C-B220-7403273BD77F}C:\program files (x86)\assassin's creed iii\ac3sp.exe] => (Allow) C:\program files (x86)\assassin's creed iii\ac3sp.exe
FirewallRules: [{28472CA8-603B-4DF7-94A6-92A638640A73}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{69580770-16F2-438C-9A0B-7136F413DB6A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{069E3754-23A6-4A29-8A3C-491D51269E11}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{B9AA35FE-7D9C-4330-BC4D-9AFA15ADAD67}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B2B68374-9172-4577-AD45-738EE8A3CDE7}D:\hry\world_of_tanks\wotlauncher.exe] => (Allow) D:\hry\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{E9DD703E-CE29-42F8-8009-E9D3BB03E5C6}D:\hry\world_of_tanks\wotlauncher.exe] => (Allow) D:\hry\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{F9C7F644-C610-45AE-95F8-52015BF7EFCE}D:\hry\world_of_tanks\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{E64E5A10-289F-4F60-9D68-D6F75594CE99}D:\hry\world_of_tanks\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{A098DD48-A773-429D-AFF9-40C7D84A03E9}C:\program files\java\jre7\bin\java.exe] => (Block) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{E368BE52-782B-442C-851C-05184CE4C6BA}C:\program files\java\jre7\bin\java.exe] => (Block) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{6FD72FC3-98FF-452B-A2CC-C8B00BCBAE3D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{33FB66DC-A704-4921-B590-7536311D2630}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7BD7BA4D-733A-4F73-95E3-3C32C3AB14D1}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{D3C180F7-A2D2-425B-BD1A-14604F234DDA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [TCP Query User{9237B382-37DB-4427-BA96-B89C5981FC4A}D:\hry\doom 3\[pc game] doom 3 (extract and play)\doom 3\doom3ded.exe] => (Allow) D:\hry\doom 3\[pc game] doom 3 (extract and play)\doom 3\doom3ded.exe
FirewallRules: [UDP Query User{694EF57F-3EA7-400B-B6FF-7551CBAB7E77}D:\hry\doom 3\[pc game] doom 3 (extract and play)\doom 3\doom3ded.exe] => (Allow) D:\hry\doom 3\[pc game] doom 3 (extract and play)\doom 3\doom3ded.exe
FirewallRules: [{05D66946-33BA-4866-9188-A67981D3822A}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{9C406039-9D18-458D-A006-8FC9C741BBBB}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{61463ACD-A0CD-4E63-80F5-F8C59B563B97}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{B1D2C002-8268-4F63-B61B-5E556DFD892C}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{916553DE-056C-4922-89AE-1153064F9E1C}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{812D1A5E-59E2-437F-B61D-DC1FE711A110}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [TCP Query User{AACF2766-7C06-4E1F-92EE-225E2A861A03}C:\program files (x86)\outlast whistleblower\binaries\win64\olgame.exe] => (Block) C:\program files (x86)\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{7842E8F2-8077-4DAF-92D2-866376224E52}C:\program files (x86)\outlast whistleblower\binaries\win64\olgame.exe] => (Block) C:\program files (x86)\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{6B391E3C-6C97-4F07-925E-15B34E6AE898}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe
FirewallRules: [UDP Query User{77F1B583-FF18-4564-B881-34AD3B15153D}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe
FirewallRules: [TCP Query User{FE5DDD61-AD4C-4175-B338-204ACAF2BB23}C:\counter-strike 1.6\csko.exe] => (Allow) C:\counter-strike 1.6\csko.exe
FirewallRules: [UDP Query User{7BDAF4E0-3E81-42FC-A5FA-7FEBB7B479E2}C:\counter-strike 1.6\csko.exe] => (Allow) C:\counter-strike 1.6\csko.exe
FirewallRules: [TCP Query User{98539091-868C-41B6-9530-0D12C2024EA8}C:\counter-strike 1.6\hl.exe] => (Block) C:\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{E34FC30E-1796-49C2-A632-3EA5D697745D}C:\counter-strike 1.6\hl.exe] => (Block) C:\counter-strike 1.6\hl.exe
FirewallRules: [{92FE604F-2D6D-419D-B8BC-5CDB6164FFFE}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{CA80BD3C-5E59-45D3-9C05-5A433DA36C77}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe
FirewallRules: [TCP Query User{07F25928-C7F9-41B0-87BE-FCDD7A69558B}D:\hry\counter-strike 1.6\csko.exe] => (Allow) D:\hry\counter-strike 1.6\csko.exe
FirewallRules: [UDP Query User{29041FE2-B187-4020-8EA8-31C530349674}D:\hry\counter-strike 1.6\csko.exe] => (Allow) D:\hry\counter-strike 1.6\csko.exe
FirewallRules: [{E766E57D-32DE-46B4-9BFD-6D64332BC399}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C68D45F5-0A41-497B-96D4-15E6201F9BF3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{55591D4D-15EB-4FD8-A884-204317FB375E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{50805EB0-74D4-41B5-8224-4CB1A8DDFDE5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{F9273F55-C73A-4147-9487-BC242D697F42}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{8ECAB50D-3ADB-4BCD-9FAC-345D75ADF53F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{20EC3386-D222-4881-9C96-496263AB0B29}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{78BDAB50-4471-41D0-8D37-85FB550A52DE}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{EAB0509F-AFB4-4CBA-9651-6DE621A89B4A}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe

==================== Restore Points =========================

20-01-2016 17:00:13 Windows Update
20-01-2016 18:15:30 Windows Update
23-01-2016 09:14:02 Windows Update
23-01-2016 13:42:57 Windows Update
23-01-2016 17:00:14 Windows Update
23-01-2016 17:08:56 Windows Update
24-01-2016 09:12:43 Windows Update
24-01-2016 13:35:56 Windows Update
24-01-2016 17:00:17 Windows Update
24-01-2016 21:09:53 Windows Update
25-01-2016 17:00:13 Windows Update
25-01-2016 18:41:59 Windows Update
26-01-2016 19:02:37 Windows Update
26-01-2016 20:46:08 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2016 10:37:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 10:06:32 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód chyby.

Error: (01/27/2016 10:06:32 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (01/27/2016 10:06:32 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (01/27/2016 09:52:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IEXPLORE.EXE, verze: 11.0.9600.18163, časové razítko: 0x566c4c47
Název chybujícího modulu: nvwgf2um.dll, verze: 9.18.13.1422, časové razítko: 0x51427a06
Kód výjimky: 0xc0000005
Posun chyby: 0x001aeb9e
ID chybujícího procesu: 0x19a4
Čas spuštění chybující aplikace: 0xIEXPLORE.EXE0
Cesta k chybující aplikaci: IEXPLORE.EXE1
Cesta k chybujícímu modulu: IEXPLORE.EXE2
ID zprávy: IEXPLORE.EXE3

Error: (01/27/2016 08:50:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód chyby.

Error: (01/27/2016 08:50:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (01/27/2016 08:50:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (01/27/2016 08:31:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2016 08:45:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Wow-64.exe verze 6.2.3.20886 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1480

Čas spuštění: 01d158706e33a42e

Čas ukončení: 261

Cesta k aplikaci: D:\HRY\World of Warcraft\Wow-64.exe

ID hlášení:


System errors:
=============
Error: (01/27/2016 10:38:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby: 
%%1069

Error: (01/27/2016 10:38:06 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%1330

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (01/27/2016 10:36:02 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (01/27/2016 10:35:54 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (01/27/2016 10:35:50 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (01/27/2016 10:25:57 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk5\DR6.

Error: (01/27/2016 10:25:57 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk5\DR6.

Error: (01/27/2016 10:25:56 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk5\DR6.

Error: (01/27/2016 08:45:32 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba ServiceLayer je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/27/2016 08:32:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby: 
%%1069


CodeIntegrity:
===================================
  Date: 2015-03-23 17:57:43.304
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-23 17:57:43.257
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-23 17:57:43.226
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-23 17:57:43.179
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-23 17:51:13.850
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-23 17:51:13.818
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-23 16:47:04.669
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-23 16:47:04.591
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-02 17:27:01.858
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-02 17:27:01.811
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 38%
Total physical RAM: 4095.05 MB
Available physical RAM: 2507.65 MB
Total Virtual: 8188.32 MB
Available Virtual: 6348.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:188.17 GB) (Free:25.69 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:510.46 GB) (Free:140.9 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:14.64 GB) (Free:10.51 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: BE24BE24)
Partition 1: (Active) - (Size=188.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=510.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.7 GB) (Disk ID: 9FC09BFE)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)

==================== End of Addition.txt ============================