data.exe

[maba345]

Zdravím

Data.exe sa mi spúšťa na pozadí a Issas.exe vyťažuje procesor

JRT ani Rkill či Advare tool to neodstránili Combofix na Win 10 nejde


Logfile of random's system information tool 1.10 (written by random/random)
Run by MaBa at 2017-08-02 10:15:09
Microsoft Windows 10 Home
System drive C: has 18 GB (31%) free of 60 GB
Total RAM: 8090 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:09, on 2. 8. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)
Boot mode: Normal

Running processes:
C:\Program Files\trend micro\MaBa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://178.18.68.125/Login.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programy\OFFICE~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: (no name) - {c3c77255-42c0-499f-b664-6e981a0b1647} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [XperiaCompanionAgent] "C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [lsassws] "%SystemRoot%\System32\WScript.exe" "C:\Users\Test\AppData\Roaming\lsass local files\start.vbs" "%1" %*
O4 - HKCU\..\Run: [OriginWebHelperServicest] "%SystemRoot%\System32\WScript.exe" "C:\Users\Test\AppData\Roaming\OriginWebHelperService saved files\start.vbs" "%1" %*
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: lsassws.vbs
O4 - Startup: OriginWebHelperServicest.vbs
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\Programy\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programy\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programy\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: Avira Browser Safety - {d8f67242-b229-4065-95fa-391b077ed6ca} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://qtinstall.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} (Web Control) - http://xmeye.net/video/web.cab
O18 - Protocol: abs - {E00957BD-D0E1-4EB9-A025-7743FDC8B27B} - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Programy\OFFICE~1\Office12\GRA32A~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Phantom VPN (AviraPhantomVPN) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - E:\Origin\OriginWebHelperService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9701 bytes

======Listing Processes======








winlogon.exe
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
"fontdrvhost.exe"
"fontdrvhost.exe"
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
"dwm.exe"
c:\windows\system32\svchost.exe -k networkservice -s TermService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s lmhosts
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k localservice -s nsi
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k netsvcs -s SessionEnv
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
c:\windows\system32\svchost.exe -k netsvcs -s SENS
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localservice -s netprofm
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k localservicenonetwork -s NcdAutoSetup
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe"
"C:\Program Files\KMSpico\Service_KMS.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
"E:\Origin\OriginWebHelperService.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost

dashost.exe {4ceeb0cc-28ee-4c6a-ad636e81c6326476}
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -s PolicyAgent
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Explorer.EXE
igfxEM.exe
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -s LicenseManager
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s WdiSystemHost
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
c:\windows\system32\svchost.exe -k netsvcs -s BITS
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s Netman
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
C:\WINDOWS\system32\svchost.exe -k LocalService -s W32Time
"C:\totalcmd\TOTALCMD64.EXE"
"C:\Program Files\Opera\46.0.2597.57\opera.exe" --ran-launcher --opener-id="twvv/qKfhtKtaSXUC:\Windows\explorer.exe"
"C:\Program Files\Opera\46.0.2597.57\opera_crashreporter.exe" --ran-launcher --opener-id="twvv/qKfhtKtaSXUC:\Windows\explorer.exe" --crash-reporter-parent-id=1500
"C:\Program Files\Opera\46.0.2597.57\opera.exe" --type=gpu-process --field-trial-handle=1756 --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=10436 --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,20,21,24,43,76 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x10de --gpu-device-id=0x1380 --gpu-driver-vendor=NVIDIA --gpu-driver-version=22.21.13.8253 --gpu-driver-date=6-7-2017 --gpu-secondary-vendor-ids=0x8086 --gpu-secondary-device-ids=0x0412 --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=10436 --service-request-channel-token=4AD4CE058D3C3F24597756A62F30B51A --mojo-platform-channel-handle=1792 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files\Opera\46.0.2597.57\opera.exe" --type=renderer --field-trial-handle=1756 --primordial-pipe-token=955A8868E25E27A09E40985543B4CC5D --lang=sk --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=10436 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=955A8868E25E27A09E40985543B4CC5D --renderer-client-id=3 --mojo-platform-channel-handle=2832 /prefetch:1
"C:\Program Files\Opera\46.0.2597.57\opera.exe" --type=renderer --field-trial-handle=1756 --primordial-pipe-token=FAF6BCEB9330F403BD1A263A0AEA9D26 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=10436 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=FAF6BCEB9330F403BD1A263A0AEA9D26 --renderer-client-id=5 --mojo-platform-channel-handle=2960 /prefetch:1
"C:\Program Files\Opera\46.0.2597.57\opera.exe" --type=renderer --field-trial-handle=1756 --primordial-pipe-token=BC536BF81C000049ECD2F0C2D1FDD375 --lang=sk --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=10436 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=BC536BF81C000049ECD2F0C2D1FDD375 --renderer-client-id=10 --mojo-platform-channel-handle=5748 /prefetch:1
"C:\Program Files\Opera\46.0.2597.57\opera.exe" --type=renderer --field-trial-handle=1756 --primordial-pipe-token=9902D8E739749D2F63745F4F591AEE97 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=10436 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=9902D8E739749D2F63745F4F591AEE97 --renderer-client-id=13 --mojo-platform-channel-handle=6148 /prefetch:1
"C:\Program Files\Opera\46.0.2597.57\opera.exe" --type=renderer --field-trial-handle=1756 --primordial-pipe-token=F690E91B5C3C9C8BB34E2D3D12F7E2D7 --lang=sk --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=on --crash-reporter-pid=10436 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --service-request-channel-token=F690E91B5C3C9C8BB34E2D3D12F7E2D7 --renderer-client-id=18 --mojo-platform-channel-handle=4500 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 692 696 704 8192 700
"C:\WINDOWS\system32\NOTEPAD.EXE" C:\rsit\info.txt
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Test\AppData\Local\Temp\scoped_dir1500_31564\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25 2111616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26 435320]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - E:\Programy\OFFICE~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-02 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25 1637504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26 366200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-02 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-03-18 629152]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-01-11 16781824]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-03-18 629152]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2015-08-26 3113592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2015-02-27 5583120]
"XperiaCompanionAgent"=C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2016-05-26 2062208]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-06-13 9803992]
"lsassws"=C:\WINDOWS\System32\WScript.exe [2017-03-18 164352]
"OriginWebHelperServicest"=C:\WINDOWS\System32\WScript.exe [2017-03-18 164352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira SystrayStartTrigger]
C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2017-06-13 9803992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2015-02-27 5583120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
E:\Origin\Origin.exe [2017-04-04 3044848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GalaxyClient]
C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [2017-06-16 4956736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
E:\Programy\Office 2007\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2016-01-16 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-01-11 16781824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-05-04 27716568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-06-08 334896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON]
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Test\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XperiaCompanionAgent]
C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2016-05-26 2062208]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\qttask.exe [2016-01-16 421888]
"ProductUpdater"=C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe []

C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
lsassws.vbs
OriginWebHelperServicest.vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2015-07-02 65992]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\Programy\OFFICE~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"SoftwareSASGeneration"=1
"EnableLinkedConnections"=1
"LocalAccountTokenFilterPolicy"=1
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-08-02 10:14:29 ----D---- C:\rsit
2017-08-01 21:19:58 ----D---- C:\Users\Test\AppData\Roaming\OriginWebHelperService saved files
2017-08-01 21:19:57 ----D---- C:\Users\Test\AppData\Roaming\lsass local files
2017-07-29 14:20:26 ----D---- C:\Users\Test\AppData\Roaming\Rovio
2017-07-22 20:23:07 ----D---- C:\ProgramData\Dishonored 2
2017-07-22 18:51:37 ----D---- C:\Users\Test\AppData\Roaming\Io Interactive
2017-07-22 12:10:33 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-20 11:04:48 ----D---- C:\Users\Test\AppData\Roaming\Get.Even.Repack
2017-07-08 18:32:22 ----D---- C:\Program Files\Tangentix
2017-07-07 19:54:56 ----D---- C:\ProgramData\Logs
2017-07-07 19:46:11 ----A---- C:\WINDOWS\system32\ISDone.dll
2017-07-07 19:16:25 ----D---- C:\Program Files (x86)\Get Even
2017-07-03 22:36:52 ----D---- C:\Users\Test\AppData\Roaming\NVIDIA
2017-07-03 21:41:02 ----A---- C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-07-03 21:40:46 ----D---- C:\WINDOWS\LastGood.Tmp
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\nvptxJitCompiler.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\nvopencl.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\nvoglv32.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\NvIFROpenGL.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\NvIFR.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\NvFBC.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\nvfatbinaryLoader.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\nvEncodeAPI.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\nvEncMFTH264.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\nvDecMFTMjpeg.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\nvcuvid.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\nvcuda.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\nvcompiler.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\SYSWOW64\nvapi.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvopencl.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvoglv64.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvmcumd.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\NvIFROpenGL.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\NvIFR64.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\NvFBC64.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvEncMFTH264.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvdispgenco6438253.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvdispco6438253.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvcuda.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2017-07-03 21:40:05 ----A---- C:\WINDOWS\system32\nvapi64.dll
2017-07-03 21:38:32 ----A---- C:\WINDOWS\system32\nvshext.dll
2017-07-03 21:38:32 ----A---- C:\WINDOWS\system32\nv3dappshextr.dll
2017-07-03 21:38:32 ----A---- C:\WINDOWS\system32\nv3dappshext.dll
2017-07-03 21:38:31 ----A---- C:\WINDOWS\system32\nvsvcr.dll
2017-07-03 21:38:31 ----A---- C:\WINDOWS\system32\nvsvc64.dll
2017-07-03 21:38:31 ----A---- C:\WINDOWS\system32\nvmctray.dll
2017-07-03 21:38:31 ----A---- C:\WINDOWS\system32\nvcpl.dll
2017-07-03 21:38:26 ----A---- C:\WINDOWS\NvContainerRecovery.bat

======List of files/folders modified in the last 1 month======

2017-08-02 10:15:09 ----D---- C:\Program Files\trend micro
2017-08-02 10:15:00 ----D---- C:\Users\Test\AppData\Roaming\Azureus
2017-08-02 10:14:31 ----D---- C:\WINDOWS\Prefetch
2017-08-02 10:11:58 ----D---- C:\WINDOWS\Temp
2017-08-02 09:47:42 ----D---- C:\WINDOWS\System32
2017-08-02 09:47:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-02 09:46:01 ----D---- C:\WINDOWS\system32\SleepStudy
2017-08-02 09:41:43 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-02 09:41:42 ----D---- C:\ProgramData\NVIDIA
2017-08-02 09:41:21 ----D---- C:\WINDOWS\system32\sru
2017-08-02 09:40:03 ----D---- C:\AdwCleaner
2017-08-01 21:35:57 ----D---- C:\WINDOWS\system32\drivers
2017-08-01 21:32:46 ----RD---- C:\Program Files (x86)
2017-08-01 21:32:46 ----D---- C:\Program Files (x86)\Common Files
2017-08-01 21:27:21 ----D---- C:\Windows
2017-08-01 21:27:20 ----RD---- C:\Program Files
2017-08-01 21:27:20 ----HD---- C:\ProgramData
2017-08-01 21:27:20 ----D---- C:\WINDOWS\SchCache
2017-08-01 21:26:42 ----SHDC---- C:\WINDOWS\Installer
2017-08-01 21:26:31 ----D---- C:\WINDOWS\Tasks
2017-08-01 21:26:31 ----D---- C:\WINDOWS\system32\Tasks
2017-08-01 21:22:11 ----D---- C:\WINDOWS\SysWOW64
2017-08-01 21:20:12 ----D---- C:\WINDOWS\system32\GroupPolicy
2017-08-01 17:21:49 ----RD---- C:\WINDOWS\Microsoft.NET
2017-08-01 13:10:42 ----D---- C:\Users\Test\AppData\Roaming\AIMP
2017-07-29 14:24:46 ----D---- C:\Fraps
2017-07-25 17:56:00 ----D---- C:\WINDOWS\INF
2017-07-23 18:04:50 ----AD---- C:\Program Files\Opera
2017-07-22 20:22:31 ----D---- C:\Program Files (x86)\Steam
2017-07-22 19:38:09 ----D---- C:\Users\Test\AppData\Roaming\DAEMON Tools Lite
2017-07-18 21:31:30 ----D---- C:\WINDOWS\system32\drivers\UMDF
2017-07-15 13:02:13 ----D---- C:\WINDOWS\system32\Macromed
2017-07-15 13:02:12 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-07-08 20:41:53 ----D---- C:\WINDOWS\Logs
2017-07-08 18:34:39 ----RSD---- C:\WINDOWS\assembly
2017-07-08 18:32:21 ----D---- C:\ProgramData\Package Cache
2017-07-07 19:54:55 ----D---- C:\ProgramData\Temp
2017-07-03 23:34:18 ----D---- C:\WINDOWS\system32\catroot2
2017-07-03 23:34:18 ----D---- C:\WINDOWS\system32\CatRoot
2017-07-03 21:41:02 ----D---- C:\Program Files\NVIDIA Corporation
2017-07-03 21:41:02 ----D---- C:\Program Files (x86)\VulkanRT
2017-07-03 21:41:02 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2017-07-03 21:40:41 ----D---- C:\WINDOWS\system32\DriverStore
2017-07-03 21:39:44 ----D---- C:\WINDOWS\system32\WDI
2017-07-03 21:38:31 ----D---- C:\WINDOWS\Help
2017-07-03 21:38:22 ----D---- C:\ProgramData\NVIDIA Corporation
2017-07-03 14:42:30 ----D---- C:\Users\Test\AppData\Roaming\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorF;iaStorF; C:\WINDOWS\system32\DRIVERS\iaStorF.sys [2014-04-11 28008]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-03-18 49568]
R0 KL1;KL1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2015-11-03 478392]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2017-03-18 54272]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-03-18 8192]
R1 klhk;Kaspersky Lab service driver; C:\WINDOWS\system32\DRIVERS\klhk.sys [2015-11-03 227000]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2017-03-18 14336]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2017-03-18 50688]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2017-03-18 79872]
R3 dtlitescsibus;@oem90.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2015-05-02 30352]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2016-11-02 7966192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2017-01-11 5545472]
R3 IntcDAud;@oem111.inf,%IntcDAud.SvcDesc%;Intel(R) Zvuk pre obrazovky; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2016-05-12 481768]
R3 LHidFilt;@oem66.inf,%LHidFilt.SvcDesc%;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2015-06-18 86672]
R3 LUsbFilt;@oem2.inf,%FltDisplayName%;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2015-06-18 50832]
R3 MEIx64;@oem114.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 NVHDA;@oem121.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2017-05-19 226712]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2d81f3535ced17c6\nvlddmkm.sys [2017-06-09 14461344]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2017-03-18 604160]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-03-18 123808]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-03-18 103328]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-03-18 64416]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2017-03-18 58784]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2017-03-18 61848]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-03-18 91040]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2017-03-18 36760]
S1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2015-11-03 926072]
S2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2017-03-18 12288]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-03-18 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-03-18 17920]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-03-18 39424]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-03-18 53664]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2017-03-18 122880]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-03-18 21504]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-03-18 51104]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2017-03-18 74648]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-03-18 347032]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-03-18 2104224]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-03-18 33280]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2017-03-18 81408]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-03-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-03-18 85504]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-03-18 165376]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-03-18 168448]
S3 iaStorA;iaStorA; C:\WINDOWS\system32\DRIVERS\iaStorA.sys [2014-04-11 645480]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2017-03-18 526240]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-03-18 36864]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2017-03-18 120320]
S3 klflt;Kaspersky Lab Kernel DLL; C:\WINDOWS\system32\DRIVERS\klflt.sys [2015-11-03 172920]
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-01-16 73216]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-03-18 405408]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-03-18 51104]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-03-18 842656]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2017-03-18 108960]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-03-18 122368]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-03-18 80896]
S3 phantomtap;Phantom TAP-Windows Adapter V9; C:\WINDOWS\System32\drivers\phantomtap.sys [2017-05-18 45056]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-03-18 101376]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2017-03-18 936864]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-03-18 31128]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-03-20 40352]
S3 tap0901;TAP-Windows Adapter V9; C:\WINDOWS\System32\drivers\tap0901.sys [2017-02-10 35784]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AviraPhantomVPN;Avira Phantom VPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [2017-07-13 322616]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
R2 CDPUserSvc_2e2ec;CDPUserSvc_2e2ec; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2016-11-02 373744]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-06-08 462968]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-06-08 449984]
R2 OneSyncSvc_2e2ec;OneSyncSvc_2e2ec; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
R2 Origin Web Helper Service;Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [2017-04-04 2185232]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2017-06-08 335808]
R2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2015-11-01 740544]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-02-27 1272592]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2017-02-10 43696]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
R3 PimIndexMaintenanceSvc_2e2ec;PimIndexMaintenanceSvc_2e2ec; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-04-05 317400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-15 272384]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2016-11-02 301552]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 DevicesFlowUserSvc_2e2ec;DevicesFlowUserSvc_2e2ec; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-03-18 86528]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
S3 EasyAntiCheat;EasyAntiCheat; C:\WINDOWS\syswow64\EasyAntiCheat.exe [2017-07-02 387856]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
S3 GalaxyClientService;GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [2017-06-16 513088]
S3 GalaxyCommunication;GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2017-06-16 8077376]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 MessagingService_2e2ec;MessagingService_2e2ec; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:\Programy\Office 2007\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2017-03-18 1284608]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2017-03-18 47664]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2017-03-18 891904]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-07-18 1608480]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2017-03-18 302592]
S4 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-05-25 1364096]
S4 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-05-25 1687680]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
S4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2015-07-02 356808]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
S4 Origin Client Service;Origin Client Service; E:\Origin\OriginClientService.exe [2017-04-04 2124296]
S4 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [2012-09-11 390672]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-03-18 47664]
S4 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2015-05-21 743688]
S4 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-06-01 5495056]

-----------------EOF-----------------

[JaRon]

ahoj,
vyhladaj na disku a zmaz subory:
start.vbs
lsassws.vbs
OriginWebHelperServicest.vbs
restart a vloz log FRST

[maba345]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by MaBa (administrator) on MABA (02-08-2017 11:21:14)
Running from C:\Users\Test\AppData\Local\Temp\scoped_dir9608_17371
Loaded Profiles: MaBa (Available Profiles: MaBa)
Platform: Windows 10 Home Version 1703 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Electronic Arts) E:\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.57\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.57\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.57\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.57\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.57\opera.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.57\opera.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Opera Software) C:\Program Files\Opera\46.0.2597.57\opera.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [421888 2016-01-16] (Apple Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2062208 2016-05-26] (Sony)
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\Run: [lsassws] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Test\AppData\Roaming\lsass local files\start.vbs" "%1" %*
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\Run: [OriginWebHelperServicest] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Test\AppData\Roaming\OriginWebHelperService saved files\start.vbs" "%1" %*
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 178.18.68.16
Tcpip\..\Interfaces\{52bd8411-5b53-438c-bbab-67f4c7a61481}: [DhcpNameServer] 178.18.68.16
Tcpip\..\Interfaces\{a40b5085-19ea-4727-b7a1-41a8529d1781}: [DhcpNameServer] 178.18.68.16

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://178.18.68.125/Login.htm
SearchScopes: HKU\S-1-5-21-1915849256-4225163708-1621856079-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Programy\Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-02] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: No Name -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-02] (Oracle Corporation)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} hxxp://xmeye.net/video/web.cab
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Programy\Office 2007\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: scmh8o33.default
FF ProfilePath: C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\scmh8o33.default [2017-07-21]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\scmh8o33.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\scmh8o33.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\scmh8o33.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\scmh8o33.default -> www.google.sk
FF Keyword.URL: Mozilla\Firefox\Profiles\scmh8o33.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Extension: (No-Javascript Addon) - C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\scmh8o33.default\Extensions\nojavascript@china-cheats.xpi [2016-04-19]
FF Extension: (Adblock Plus) - C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\scmh8o33.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF SearchPlugin: C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\scmh8o33.default\searchplugins\bing-.xml [2016-05-24]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-12-23] [not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-02] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2015-03-25] ()
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2015-03-25] ()
FF Plugin HKU\S-1-5-21-1915849256-4225163708-1621856079-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Test\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-24] (Unity Technologies ApS)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

Opera:
=======
OPR StartupUrls: "hxxps://www.youtube.com/watch?v=MDxZmTvpijM","h ... TzB6_tmcAE"
OPR Extension: (Youtube Downloader) - C:\Users\Test\AppData\Roaming\Opera Software\Opera Stable\Extensions\mdpelnicjpejiahnbkdohfjglhmaohcb [2017-01-17]
OPR Extension: (Adblock Plus) - C:\Users\Test\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-07-13]
OPR Extension: (JavaScript Switcher) - C:\Users\Test\AppData\Roaming\Opera Software\Opera Stable\Extensions\pjljfckmhjnpbcgneijeeiimpkdjccob [2016-07-04]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [322616 2017-07-13] (Avira Operations GmbH & Co. KG)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [387856 2017-07-02] (EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [513088 2017-06-16] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8077376 2017-06-16] (GOG.com)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Microsoft Office Groove Audit Service; E:\Programy\Office 2007\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-08] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-06-08] (NVIDIA Corporation)
S4 Origin Client Service; E:\Origin\OriginClientService.exe [2124296 2017-04-04] (Electronic Arts)
R2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [2185232 2017-04-04] (Electronic Arts)
S4 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [740544 2015-11-01] (@ByELDI) [File not signed]
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2015-05-02] (Disc Soft Ltd)
R0 iaStorF; C:\WINDOWS\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
S3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [227000 2015-11-03] (AO Kaspersky Lab)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [926072 2015-11-03] (AO Kaspersky Lab)
S3 kvpndev; C:\WINDOWS\System32\DRIVERS\kvpndrv.sys [73216 2008-01-16] (Kerio Technologies Inc.) [File not signed]
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2d81f3535ced17c6\nvlddmkm.sys [14461344 2017-06-09] (NVIDIA Corporation)
S3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2017-05-18] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [195936 2016-09-12] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-02 11:20 - 2017-08-02 11:21 - 000000000 ____D C:\FRST
2017-08-02 11:20 - 2017-08-02 11:20 - 002381312 _____ (Farbar) C:\Users\Test\Desktop\FRST64.exe
2017-08-02 11:16 - 2017-08-02 11:16 - 000006288 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2017-08-02 11:10 - 2017-08-02 11:10 - 000668948 _____ C:\WINDOWS\Minidump\080217-5093-02.dmp
2017-08-02 11:02 - 2017-08-02 11:10 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-02 11:02 - 2017-08-02 11:02 - 000650724 _____ C:\WINDOWS\Minidump\080217-5093-01.dmp
2017-08-02 10:57 - 2017-08-02 11:04 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-08-02 10:57 - 2017-08-02 10:57 - 002671136 _____ (Kaspersky Lab) C:\Users\Test\Desktop\kss16.0.0.1344en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_ko_id_pt_ar_vi_hi_zh-hant_fa_10837.exe
2017-08-02 10:54 - 2017-08-02 10:55 - 048750920 _____ C:\Users\Test\Desktop\BDPUARLauncher.exe
2017-08-02 10:14 - 2017-08-02 10:14 - 001222144 _____ C:\Users\Test\Desktop\RSITx64.exe
2017-08-02 10:14 - 2017-08-02 10:14 - 000000000 ____D C:\rsit
2017-08-02 09:53 - 2017-08-02 09:53 - 001290704 _____ (GridinSoft LLC) C:\Users\Test\Desktop\antimalware.exe
2017-08-02 09:48 - 2017-08-02 09:48 - 005659660 _____ (Swearware) C:\Users\Test\Desktop\ComboFix.exe
2017-08-01 21:36 - 2017-08-02 09:38 - 000000930 _____ C:\Users\Test\Desktop\JRT.txt
2017-08-01 21:35 - 2017-08-01 21:35 - 001790024 _____ (Malwarebytes) C:\Users\Test\Desktop\JRT.exe
2017-08-01 21:34 - 2017-08-02 09:36 - 000003264 _____ C:\Users\Test\Desktop\Rkill.txt
2017-08-01 21:34 - 2017-08-01 21:34 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Test\Desktop\rkill.exe
2017-08-01 21:31 - 2017-08-01 21:31 - 008185288 _____ (Malwarebytes) C:\Users\Test\Desktop\adwcleaner_7.0.1.0.exe
2017-08-01 21:27 - 2017-08-01 21:27 - 000000290 __RSH C:\Users\Test\ntuser.pol
2017-08-01 21:20 - 2017-08-01 21:20 - 000000290 __RSH C:\ProgramData\ntuser.pol
2017-08-01 21:19 - 2017-08-02 11:15 - 000000000 ____D C:\Users\Test\AppData\Roaming\lsass local files
2017-08-01 21:19 - 2017-08-02 11:14 - 000000000 ____D C:\Users\Test\AppData\Roaming\OriginWebHelperService saved files
2017-08-01 21:19 - 2017-08-01 21:19 - 000000517 _____ C:\Users\Public\Desktop\Car Mechanic Simulator 2018.lnk
2017-08-01 21:19 - 2017-08-01 21:19 - 000000517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Car Mechanic Simulator 2018.lnk
2017-07-29 14:20 - 2017-07-29 14:20 - 000000000 ____D C:\Users\Test\AppData\Roaming\Rovio
2017-07-27 14:04 - 2017-07-27 14:04 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1915849256-4225163708-1621856079-1000
2017-07-22 20:23 - 2017-07-22 20:23 - 000000000 ____D C:\ProgramData\Dishonored 2
2017-07-22 20:20 - 2017-07-22 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dishonored 2
2017-07-22 18:51 - 2017-07-22 18:51 - 000000000 ____D C:\Users\Test\AppData\Roaming\Io Interactive
2017-07-22 12:10 - 2017-07-22 12:10 - 000410208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-20 11:16 - 2017-07-20 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetEven
2017-07-20 11:04 - 2017-07-21 12:55 - 000000000 ____D C:\Users\Test\AppData\Roaming\Get.Even.Repack
2017-07-14 21:02 - 2017-07-14 21:50 - 000000000 ____D C:\Users\Test\Documents\Bayonetta
2017-07-14 20:54 - 2017-07-14 20:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bayonetta
2017-07-08 18:32 - 2017-07-08 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSessions
2017-07-08 18:32 - 2017-07-08 18:32 - 000000000 ____D C:\Program Files\Tangentix
2017-07-07 19:46 - 2016-12-03 22:12 - 000456704 _____ (FragSoft) C:\WINDOWS\system32\ISDone.dll
2017-07-07 19:44 - 2017-07-07 19:44 - 000000000 ____D C:\Users\Test\Downloads\ISDone.dll
2017-07-07 19:16 - 2017-07-07 19:16 - 000000000 ____D C:\Program Files (x86)\Get Even
2017-07-06 14:01 - 2017-07-06 14:01 - 000000000 ____D C:\Users\Test\Downloads\macgyver-2016-S01E16-hdtv-By-katehrine
2017-07-03 22:36 - 2017-07-23 15:15 - 000000000 ____D C:\Users\Test\AppData\Roaming\NVIDIA
2017-07-03 21:41 - 2017-07-03 21:41 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 21:41 - 2017-07-03 21:41 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 21:41 - 2017-07-03 21:41 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 21:41 - 2017-07-03 21:41 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 21:41 - 2017-07-03 21:41 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-03 21:41 - 2017-06-08 03:45 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-07-03 21:40 - 2017-07-03 21:40 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-07-03 21:40 - 2017-06-08 03:45 - 040201664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 035390584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 035281344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 028624320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 011056272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 011028664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 010551256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 009248144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 009014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 008808488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 004115112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 003796928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 003625992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 003256440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438253.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 001606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438253.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 001278712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 001056888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000994240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000964216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000914880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000775864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000688784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000612088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000584128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-07-03 21:40 - 2017-06-08 03:45 - 000499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-07-03 21:38 - 2017-06-08 02:01 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-07-03 21:38 - 2017-06-08 01:55 - 006467008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-07-03 21:38 - 2017-06-08 01:55 - 002479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-07-03 21:38 - 2017-06-08 01:55 - 001762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-07-03 21:38 - 2017-06-08 01:55 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-07-03 21:38 - 2017-06-08 01:55 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-07-03 21:38 - 2017-06-08 01:55 - 000082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-07-03 21:38 - 2017-06-08 01:55 - 000069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-07-03 21:38 - 2017-06-07 14:42 - 008075477 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-07-03 14:44 - 2017-07-03 14:44 - 000026529 _____ C:\Users\Test\Downloads\macgyver-2016-S01E16-hdtv-By-katehrine.zip
2017-07-03 14:43 - 2017-07-03 14:54 - 352248491 _____ C:\Users\Test\Downloads\macgyver.2016.s01e16.hdtv-Nicole.mkv
2017-07-03 13:42 - 2017-07-03 13:42 - 000024096 _____ C:\Users\Test\Downloads\macgyver-2016-S01E15-hdtv-By-katehrine.zip
2017-07-03 13:42 - 2017-07-03 13:42 - 000000000 ____D C:\Users\Test\Downloads\macgyver-2016-S01E15-hdtv-By-katehrine
2017-07-03 13:38 - 2017-07-03 13:45 - 285690940 _____ C:\Users\Test\Downloads\MacGyver.2016.S01E15.HDTV.x264-LOL.mkv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-02 11:21 - 2017-06-29 16:54 - 000004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4AB96BB4-3865-4690-801D-1C6F7B2D7A19}
2017-08-02 11:19 - 2017-06-29 16:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-02 11:19 - 2017-06-29 16:51 - 000000000 ____D C:\Users\Test
2017-08-02 11:19 - 2017-06-29 16:50 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-02 11:19 - 2017-06-29 16:50 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-02 11:19 - 2017-03-18 13:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-08-02 11:16 - 2016-07-27 12:36 - 006438872 _____ C:\WINDOWS\system32\perfh01B.dat
2017-08-02 11:16 - 2016-07-27 12:36 - 001992316 _____ C:\WINDOWS\system32\perfc01B.dat
2017-08-02 11:08 - 2017-06-29 16:58 - 001733298 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-02 11:02 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-02 10:15 - 2016-04-28 21:56 - 000000000 ____D C:\Program Files\trend micro
2017-08-02 10:15 - 2015-10-21 18:27 - 000000000 ____D C:\Users\Test\AppData\Roaming\Azureus
2017-08-02 10:09 - 2015-05-04 17:28 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-02 09:46 - 2017-06-29 16:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-02 09:40 - 2016-10-26 22:48 - 000000000 ____D C:\AdwCleaner
2017-08-01 21:27 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SchCache
2017-08-01 21:27 - 2015-08-21 19:37 - 000000000 ____D C:\Users\Test\AppData\Local\CrashDumps
2017-08-01 21:20 - 2009-07-14 05:20 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-08-01 13:10 - 2016-05-17 20:41 - 000000000 ____D C:\Users\Test\AppData\Roaming\AIMP
2017-07-29 23:09 - 2016-12-24 20:56 - 000780328 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-07-29 23:07 - 2015-05-14 18:34 - 000000000 ____D C:\Users\Test\AppData\Local\Ubisoft Game Launcher
2017-07-29 14:24 - 2016-08-13 20:28 - 000000000 ____D C:\Fraps
2017-07-27 14:04 - 2017-03-14 19:51 - 000002368 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-27 14:04 - 2017-03-14 19:51 - 000000000 ___RD C:\Users\Test\OneDrive
2017-07-25 17:56 - 2016-09-18 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-23 18:04 - 2017-03-16 20:06 - 000000000 ____D C:\Program Files\Opera
2017-07-22 21:02 - 2015-08-19 16:16 - 000000000 ____D C:\Users\Test\Desktop\Hry
2017-07-22 20:22 - 2015-07-25 15:11 - 000000000 ____D C:\Program Files (x86)\Steam
2017-07-22 19:38 - 2015-05-02 19:52 - 000000000 ____D C:\Users\Test\AppData\Roaming\DAEMON Tools Lite
2017-07-20 21:20 - 2017-06-29 16:54 - 000003938 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1489687659
2017-07-20 20:24 - 2016-03-21 13:53 - 000000000 ____D C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-20 11:37 - 2015-05-02 20:40 - 000000000 ____D C:\Users\Test\Documents\My Games
2017-07-15 13:02 - 2017-06-29 16:54 - 000004576 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-15 13:02 - 2017-06-29 16:54 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-07-15 13:02 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-15 13:02 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-07-08 18:32 - 2015-09-09 17:41 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-07 19:54 - 2015-10-15 12:10 - 000000000 ____D C:\ProgramData\Temp
2017-07-04 10:46 - 2016-07-30 22:16 - 000000000 ____D C:\Users\Test\AppData\Local\NVIDIA Corporation
2017-07-03 21:41 - 2017-06-29 16:50 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-03 21:41 - 2017-06-29 16:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-03 21:41 - 2016-03-18 19:11 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-07-03 21:38 - 2017-06-29 16:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-03 21:38 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Help
2017-07-03 14:42 - 2015-05-15 18:04 - 000000000 ____D C:\Users\Test\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2016-05-01 13:37 - 2016-05-01 13:37 - 000005120 _____ () C:\Users\Test\AppData\Roaming\GiftBag.db
2015-05-21 21:12 - 2015-05-21 21:12 - 000033193 _____ () C:\Users\Test\AppData\Roaming\UserTile.png
2015-04-30 14:09 - 2016-07-27 15:33 - 000007600 _____ () C:\Users\Test\AppData\Local\resmon.resmoncfg

Files to move or delete:
====================
C:\Users\Test\TWD_A_New_Frontier_ep1_ep2_CZ.exe


Some files in TEMP:
====================
2017-07-26 16:09 - 2017-08-02 10:15 - 000035680 _____ () C:\Users\Test\AppData\Local\Temp\i4jdel0.exe
2017-08-02 10:57 - 2017-08-02 11:03 - 002422304 _____ (Kaspersky Lab) C:\Users\Test\AppData\Local\Temp\kis_setup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-26 19:39

==================== End of FRST.txt ============================

[maba345]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by MaBa (02-08-2017 11:21:34)
Running from C:\Users\Test\AppData\Local\Temp\scoped_dir9608_17371
Windows 10 Home Version 1703 (X64) (2017-06-29 14:58:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1915849256-4225163708-1621856079-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1915849256-4225163708-1621856079-503 - Limited - Disabled)
Guest (S-1-5-21-1915849256-4225163708-1621856079-501 - Limited - Disabled)
MaBa (S-1-5-21-1915849256-4225163708-1621856079-1000 - Administrator - Enabled) => C:\Users\Test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AIDA64 Extreme v4.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.60 - FinalWire Ltd.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.13.1895, 07.05.2017 - AIMP DevTeam)
American Truck Simulator - Arizona (HKLM-x32\...\American Truck Simulator - Arizona_is1) (Version: - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.53 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 2016 (HKLM-x32\...\{4209F371-38F5-0B47-1C5B-A4A8456950A3}_is1) (Version: 12.00.40 - Ashampoo GmbH & Co. KG)
Assassins Creed - Unity (HKLM-x32\...\{9L5KR86L-0F3I-4HJ7-HKY5-DRTL4V36QG2X}_is1) (Version: 1.1.0.0 - Ubisoft)
Assassins Creed Syndicate (HKLM-x32\...\Assassins Creed Syndicate_is1) (Version: - )
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.9.1.24376 - Avira Operations GmbH & Co. KG)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.6.321 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Bayonetta (HKLM-x32\...\Bayonetta_is1) (Version: - )
Car Mechanic Simulator 2018 (HKLM\...\Y2FybWVjaGFuaWNzaW11bGF0b3IyMDE4_is1) (Version: 1 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
Claw (HKLM-x32\...\{328B1011-42CE-4D10-A4DF-78CC7A883657}) (Version: - )
CyberLink PowerDirector 11 (HKLM\...\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2516 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2516 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
DiRT 4 (HKLM\...\ZGlydDQ_is1) (Version: 1 - )
Dishonored 2 (HKLM\...\Dishonored 2_is1) (Version: 1.0 - )
Duke Nukem 3D Twentieth Anniversary World Tour (HKLM-x32\...\Duke Nukem 3D Twentieth Anniversary World Tour_is1) (Version: - )
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version: - Ubisoft)
Fighting Force (HKLM-x32\...\Fighting Force) (Version: - )
FlatOut UC (HKLM-x32\...\FlatOut: UC_is1) (Version: 1.0 - TopQer, s.r.o.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Fraps (HKLM-x32\...\Fraps) (Version: - )
GameSessions Data Delivery x64 (HKLM\...\{6AC64924-363E-4CBD-BAD6-1CA9B6C1A4D4}) (Version: 1.28.455.0 - Tangentix Ltd)
GameSessions Runtime x64 (HKLM\...\{65DF8FB2-E3A4-4D88-9500-50B1013CFA9E}) (Version: 1.28.445.0 - Tangentix Ltd)
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
Get Even Setup 0.0.0.0 (HKLM-x32\...\Get Even Setup 0.0.0.0) (Version: 0.0.0.0 - Get Even)
Get.Even.Repack version 1.0 (HKLM-x32\...\{7C94C59C-CBC7-4AEF-9DF5-303724C49730}}_is1) (Version: 1.0 - Ali213.net)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
HeavyLoad V3.3 (HKLM-x32\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
Her Story version 1.0.0 (HKLM-x32\...\Her Story_is1) (Version: 1.0.0 - Thomas Darkey)
Hitman GO Definitive Edition (HKLM-x32\...\Hitman GO Definitive Edition_is1) (Version: - )
HITMAN™ Free Trial (HKLM\...\Steam App 649780) (Version: - Io-Interactive)
Inside (HKLM-x32\...\{9BD4503F-F711-491D-984A-AB4ABD66B8C2}_is1) (Version: - Playdead)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Just Cause 3 (HKLM\...\Steam App 225540) (Version: - Avalanche Studios)
Kerio VPN Client (HKLM\...\{756AFA87-1E06-4A15-A619-0C6A97731C42}) (Version: 6.4.3672 - Kerio Technologies)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Life Is Strange Episode 2 (HKLM-x32\...\Life Is Strange Episode 2_is1) (Version: - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Lost Heaven Multiplayer version 1.0.6 (HKLM-x32\...\{518FE6AC-3097-4D96-88EB-D971A2AA30FF}_is1) (Version: 1.0.6 - Lost Heaven Multiplayer)
Malwarebytes Anti-Malware verzia 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Memento Mori 2 verze 1.0 (HKLM-x32\...\{BF0EEF44-B4B6-4AC5-9FDF-A483E8DECB89}_is1) (Version: 1.0 - )
Memoranda (HKLM-x32\...\1675237416_is1) (Version: 2.0.0.2 - GOG.com)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NetSurveillance (HKLM-x32\...\NetSurveillance) (Version: - )
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
NFS3 (HKLM\...\{11044f6c-2fe5-4579-984e-0a487511cfdc}.sdb) (Version: - )
nGlide 1.05 (HKLM-x32\...\nGlide) (Version: 1.05 - Zeus Software)
NHL 2001 (HKLM-x32\...\{BBA471C0-5EF2-11D4-0091-A500A0245DC0}) (Version: - )
NVIDIA Grafický ovládač 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.53 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 46.0.2597.57 (HKLM-x32\...\Opera 46.0.2597.57) (Version: 46.0.2597.57 - Opera Software)
Oracle VM VirtualBox 5.1.6 (HKLM\...\{EEDDD7E2-A7A2-4FA9-8C32-ADB29A5096FF}) (Version: 5.1.6 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.6.33873 - Electronic Arts, Inc.)
OverDisk (remove only) (HKLM-x32\...\OverDisk) (Version: - )
Ovládací panel NVIDIA 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 382.53 - NVIDIA Corporation) Hidden
Perception (HKLM-x32\...\Perception_is1) (Version: - )
Prince of Persia Sands of Time (HKLM-x32\...\Uplay Install 111) (Version: - Ubisoft)
Project CARS (HKLM-x32\...\Project CARS_is1) (Version: 1.0.1.1 - Релиз от R.G. Steamgames)
Quantum Break (HKLM-x32\...\Quantum Break_is1) (Version: - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Rayman Origins (HKLM-x32\...\Uplay Install 80) (Version: - Ubisoft)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Redout (HKLM-x32\...\Redout_is1) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RiME (HKLM-x32\...\RiME_is1) (Version: - )
Rocket League (HKLM-x32\...\Rocket League_is1) (Version: - Psyonix)
RollerCoaster Tycoon World (HKLM\...\cm9sbGVyY29hc3RlcnR5Y29vbndvcmxk_is1) (Version: 1 - )
Ryse Son Of Rome - GameSessions Edition (HKLM-x32\...\{bc14eb38-47a0-480a-b4ee-5da0c1408a8e}) (Version: 2.2.6395.20382 - GameSessions)
Ryse Son Of Rome (HKLM\...\{D31CA71E-679A-420A-9FF4-FA833616BD13}) (Version: 2.2.0.0 - GameSessions) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Sebastien Loeb Rally EVO (HKLM-x32\...\Sebastien Loeb Rally EVO_is1) (Version: - )
Shadow Tactics - Blades of the Shogun (HKLM-x32\...\1601442230_is1) (Version: 2.0.0.3 - GOG.com)
Sherlock Holmes - The Devil's Daughter (HKLM-x32\...\{958958D4-484A-4C90-9AB4-88977BE9EBED}_is1) (Version: - Frogwares)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syberia 3 (HKLM\...\Steam App 464340) (Version: - Microids)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)
The Turing Test (HKLM-x32\...\The Turing Test_is1) (Version: - )
The Walking Dead A New Frontier Episode 1 (HKLM-x32\...\The Walking Dead A New Frontier Episode 1_is1) (Version: - )
The Walking Dead: A New Frontier (HKLM-x32\...\The Walking Dead: A New Frontier) (Version: - )
The Witness (HKLM\...\dGhld2l0bmVzcw_is1) (Version: 1 - )
Tom Clancy's Splinter Cell (HKLM-x32\...\Uplay Install 109) (Version: - Ubisoft)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0 beta 6 - Ghisler Software GmbH)
TuneUp Utilities Language Pack (en-GB) (HKLM-x32\...\{F3ED01FE-B62F-4CA4-BACA-822369BC0FB7}) (Version: 13.0.4000.180 - TuneUp Software) Hidden
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity Web Player (HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unravel™ (HKLM-x32\...\{5105E605-9EE7-4050-9CC0-005093BBF89A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 30.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
Watch_Dogs verze 1.0 (HKLM-x32\...\{F6BB478F-E417-4306-B198-9852146C9D35}_is1) (Version: 1.0 - Ubisoft)
WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version: - Ubisoft)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{87971D31-1246-4141-8424-6ECC64D96E1D}) (Version: 1.2.8.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{8f4f39fa-087f-4e5c-84f3-1433ac7389e9}) (Version: 1.2.8.0 - Sony)
ZoneAlarm Antivirus (HKLM-x32\...\{4818D335-B3C0-4CE7-89EF-1380A3A549A3}) (Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
Zoner Photo Studio 18 (HKLM\...\ZonerPhotoStudio18_CZ_is1) (Version: 18.0.1.1 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => E:\Programy\Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => E:\Programy\Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => E:\Programy\Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => E:\Programy\Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => E:\Programy\Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-08-09] (Igor Pavlov)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-06-21] (AIMP DevTeam)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2015-04-24] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => E:\Programy\Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers3-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => E:\Programy\Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-08-09] (Igor Pavlov)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-06-21] (AIMP DevTeam)
ContextMenuHandlers4-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => E:\Programy\Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-02] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-11-02] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-06-08] (NVIDIA Corporation)
ContextMenuHandlers5-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => E:\Programy\Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-08-09] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => E:\Programy\Office 2007\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05C36DF5-2BA8-44F6-BCEA-A08CEF487D3C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0AD5EC16-81BA-4029-BFA3-1C0E197E795E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-08] (NVIDIA Corporation)
Task: {0B6BCBBA-AE44-463C-8B64-13227FEC3281} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-15] (Adobe Systems Incorporated)
Task: {0D9A1E0A-EA1D-45D6-8092-9287304512E2} - System32\Tasks\Opera scheduled Autoupdate 1489687659 => C:\Program Files\Opera\launcher.exe [2017-07-18] (Opera Software)
Task: {0EEFA165-F55B-49BD-9368-31FE71A1E387} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {10CA55A7-5CDA-4B30-AD72-7CF24A89EB91} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {19D81503-08E7-4E64-ADE4-0DE7FFCA1146} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {29320118-5FA8-41AC-86F0-2DFC3E962454} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2E770331-CB79-4D3C-AD36-59FF4ECA0E11} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-08] (NVIDIA Corporation)
Task: {3DE60EA4-ADB6-47B6-9924-F05B2CB48DCD} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {42B90820-458C-4B91-B87D-E4D0701EB5ED} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4B5967A7-F478-4087-9FE4-7D17551DC85B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-08] (NVIDIA Corporation)
Task: {4E6CBDEB-6581-46F1-A89E-9714E711ED4A} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-11-01] (@ByELDI)
Task: {546114F7-8CC5-48B8-A85D-8E64229B26DF} - System32\Tasks\Windows Start Menu => C:\ProgramData\197661\sysmon.exe
Task: {54A13636-8C4D-4AE6-816E-629D786FD91B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {59364AFF-B718-4AD3-A7E9-9DFFBC1C9435} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6C52C8D0-8CD7-4F4F-9526-5E383A3E05B0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6D1F3007-F7DC-4E0F-89BE-32704B295057} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-15] (Adobe Systems Incorporated)
Task: {7A72B271-C267-4F87-83C8-62DECB1CB39C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7B5993D0-4CB2-45C4-ABA0-17ADABCC19EA} - System32\Tasks\S-1-5-21-1915849256-4225163708-1621856079-1000\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {7D8B2D1B-0D56-458A-932D-43186ABCDCCC} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8177381A-85A7-4338-A272-F866400AF0FB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83849B9B-D9B0-48AD-918C-1A4452C2516A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87483042-7CFA-4B7A-99CF-0033C65756C7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {878DF409-A7AC-4942-90B8-4CFB50B9C3B6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D9AF650-3A2F-44C2-BF5C-51BDF365BDE4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {955312B6-DAC9-43DE-B285-E70C144D1C0F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A13EE90B-AE31-4BCB-857C-E5D5F9182969} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {A358A2FA-80CC-43F3-97A6-041BE8ECD1DB} - System32\Tasks\{F704D951-B487-441F-B0D0-9D9E46DB10C8} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.17.0.105/sk/abandoninstall?source=lightinstaller&page=tsPlugin
Task: {B46E7EBE-B299-43A8-9BEC-72D9FB7E630C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD127AA6-D5F9-4329-89FD-79DFF4353599} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-08] (NVIDIA Corporation)
Task: {C156F996-A4D9-41BD-ACB6-25C2B847948B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C1F8827B-B6A1-48AF-A48A-D364CAF27DBE} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DEDE1CC0-9A4E-4D8C-9DF0-0BCBFF27B7FA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E34B2610-8D42-4ACA-A9A8-B30D8D6BE668} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-08] (NVIDIA Corporation)
Task: {F114494B-7F85-416A-8155-DDC48EF4DDCB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetSurveillance\reg.lnk -> C:\Program Files (x86)\NetSurveillance\CMS\reg.bat ()

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 06:10 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-20 06:11 - 2017-03-20 06:11 - 002561536 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-03-20 06:11 - 2017-03-20 06:11 - 000138752 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2017-03-20 06:10 - 2017-03-20 06:10 - 000071680 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-20 06:10 - 2017-03-20 06:10 - 000176640 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-20 06:10 - 2017-03-20 06:10 - 035234304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-20 21:20 - 2017-07-20 21:20 - 089013336 _____ () C:\Program Files\Opera\46.0.2597.57\opera_browser.dll
2017-07-20 21:20 - 2017-07-20 21:20 - 003930712 _____ () C:\Program Files\Opera\46.0.2597.57\libglesv2.dll
2017-07-20 21:20 - 2017-07-20 21:20 - 000100440 _____ () C:\Program Files\Opera\46.0.2597.57\libegl.dll
2016-09-14 12:02 - 2017-04-04 15:14 - 002493440 _____ () E:\Origin\libGLESv2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-18 21:37 - 2017-07-07 20:03 - 000000289 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 systweak.com
127.0.0.1 updateservice1.systweak.com
127.0.0.1 www.systweak.com
127.0.0.1 systemspeedup.systweak.com
127.0.0.1 systweak.com/STCheckGenuineness

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Test\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 178.18.68.16
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: Remotr Service => 2
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Avira SystrayStartTrigger => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EADM => "E:\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: GalaxyClient => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
MSCONFIG\startupreg: GrooveMonitor => "E:\Programy\Office 2007\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Test\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: XperiaCompanionAgent => "C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\StartupApproved\Run: => "XperiaCompanionAgent"
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{F6B77D26-8642-4EC7-BFFD-0A09D316BB8C}E:\hry\rime\sirengame\binaries\win64\rime.exe] => (Allow) E:\hry\rime\sirengame\binaries\win64\rime.exe
FirewallRules: [TCP Query User{6B311E6C-A033-415A-9CC0-98CB886D7E02}E:\hry\rime\sirengame\binaries\win64\rime.exe] => (Allow) E:\hry\rime\sirengame\binaries\win64\rime.exe
FirewallRules: [{FB7FA595-1D1A-486A-A5F6-465FCD71326F}] => (Allow) E:\SteamLibrary\steamapps\common\Syberia3\Syberia3.exe
FirewallRules: [{1A990A26-E4D4-45F5-BDD3-9FDA728934FE}] => (Allow) E:\SteamLibrary\steamapps\common\Syberia3\Syberia3.exe
FirewallRules: [{CAED670B-6BCD-42A2-B32E-3FE03C178D49}] => (Allow) E:\Stiahnute\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{307DDFDF-D12E-4C5D-BC57-E3E66749990C}] => (Allow) E:\Stiahnute\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [UDP Query User{10807B08-C5FD-4D0B-955E-D34AF099348E}F:\zaloha\hry\mortal kombat komplete edition\mkke.exe] => (Allow) F:\zaloha\hry\mortal kombat komplete edition\mkke.exe
FirewallRules: [TCP Query User{D769764E-1220-4F1A-9410-FE23FE52DFC8}F:\zaloha\hry\mortal kombat komplete edition\mkke.exe] => (Allow) F:\zaloha\hry\mortal kombat komplete edition\mkke.exe
FirewallRules: [{E9EE1E46-7DD2-4140-BDCF-50C63AC57C91}] => (Allow) E:\Stiahnute\Rayman Origins\Rayman Origins.exe
FirewallRules: [{98A67BB3-56C2-4231-A6BF-9EAF1075DCCE}] => (Allow) E:\Stiahnute\Rayman Origins\Rayman Origins.exe
FirewallRules: [{D609655F-B92D-4835-9565-89F43B3B85A0}] => (Allow) E:\Stiahnute\Rayman Origins\gu.exe
FirewallRules: [{A696DEEC-639C-48DB-9C9B-9118EDFFE650}] => (Allow) E:\Stiahnute\Rayman Origins\gu.exe
FirewallRules: [{96157419-BBB0-40CC-8F44-48060BC5DD86}] => (Allow) C:\Program Files (x86)\INSIDE\Steam\bin\steamwebhelper.exe
FirewallRules: [{60BAA0E2-161E-40BB-B7ED-5960A548343A}] => (Allow) C:\Program Files (x86)\INSIDE\Steam\bin\steamwebhelper.exe
FirewallRules: [{620BAC1F-5E3C-4B78-8381-DD349D98FF18}] => (Allow) C:\Program Files (x86)\INSIDE\Steam\Steam.exe
FirewallRules: [{5DCAC10F-1CB9-4A0F-9144-A3F1C528F2EF}] => (Allow) C:\Program Files (x86)\INSIDE\Steam\Steam.exe
FirewallRules: [{F039601F-9978-4A17-AC29-56D48CE05973}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{579ED767-F618-4945-9AE8-22C8C7E5977E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8118ED3A-FAC0-4282-976D-FF47AF06FE5B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B42B73BC-BC55-451B-ACA9-D9BA05E86406}] => (Allow) E:\Programy\Office 2007\Office12\outlook.exe
FirewallRules: [{19A9E6B3-0AE5-4C1F-8980-CADCF6D8838A}] => (Allow) E:\Programy\Office 2007\Office12\GROOVE.EXE
FirewallRules: [{C98E8ABC-AFA3-47AF-8083-04877D6597AC}] => (Allow) E:\Programy\Office 2007\Office12\GROOVE.EXE
FirewallRules: [{55CAC3D9-5EF6-4454-83EA-FFC9C77CD366}] => (Allow) E:\Programy\Office 2007\Office12\ONENOTE.EXE
FirewallRules: [{BAD8EF55-6004-48D3-9035-D2E0851E4D48}] => (Allow) E:\Programy\Office 2007\Office12\ONENOTE.EXE
FirewallRules: [{49954F52-7633-430F-BF88-DE3BEDDE4424}] => (Allow) E:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{5AEF73A0-A6F6-417E-AB16-65ABB3B5D0B6}] => (Allow) E:\SteamLibrary\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{657B80D6-912F-4D40-8AB5-2E78ED659856}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{DDDB73AD-27FF-4675-81EA-D7C8F7A3C7F6}] => (Allow) E:\Stiahnute\Prince of Persia Sands of Time\PrinceOfPersia.EXE
FirewallRules: [{5A4FD631-610F-42DB-84C0-F0182F6A693E}] => (Allow) E:\Stiahnute\Prince of Persia Sands of Time\PrinceOfPersia.EXE
FirewallRules: [{5CC39ED9-1862-4D65-A0C4-849621C03A10}] => (Allow) E:\Stiahnute\Prince of Persia Sands of Time\POP.EXE
FirewallRules: [{89B32265-FD07-4BCD-BA40-658E28B29BB6}] => (Allow) E:\Stiahnute\Prince of Persia Sands of Time\POP.EXE
FirewallRules: [{18E07064-ECE0-4885-8CE2-1CA86F81F200}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{74120176-130F-48EF-9CD0-9921F3371720}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{F1CCBB6D-9969-4B42-BBBC-72E82F73B235}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{27BEAE8F-1148-4116-A07B-2B37D3AB8F19}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{5C23B521-B941-4885-AE14-24F329592C8B}] => (Allow) E:\Stiahnute\Tom Clancy's Splinter Cell\system\SplinterCell.exe
FirewallRules: [{2E9B48BE-12CF-4D4F-85A8-C986D1DE3F6B}] => (Allow) E:\Stiahnute\Tom Clancy's Splinter Cell\system\SplinterCell.exe
FirewallRules: [TCP Query User{9B852654-82B3-4928-AABD-1C68EFF6CA49}E:\hry\quantum break\dx11\quantumbreak.exe] => (Allow) E:\hry\quantum break\dx11\quantumbreak.exe
FirewallRules: [UDP Query User{11CAA5C6-5C3A-43BD-A626-94488536AC89}E:\hry\quantum break\dx11\quantumbreak.exe] => (Allow) E:\hry\quantum break\dx11\quantumbreak.exe
FirewallRules: [TCP Query User{4F31CE14-357F-410E-A881-5BE3F382FD21}E:\hry\the turing test\theturingtest\binaries\win64\theturingtest.exe] => (Allow) E:\hry\the turing test\theturingtest\binaries\win64\theturingtest.exe
FirewallRules: [UDP Query User{E4AFA9C6-C53C-491A-86B3-723FBFF335B7}E:\hry\the turing test\theturingtest\binaries\win64\theturingtest.exe] => (Allow) E:\hry\the turing test\theturingtest\binaries\win64\theturingtest.exe
FirewallRules: [{BA45BFD0-EA29-42FD-9D23-6F1EB10BA915}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BAB2152F-FCDE-4A66-83ED-A32F5E5605EE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{3E591396-AA26-4594-BF39-DA8CE60ED215}E:\hry\far cry primal\bin\fcprimal.exe] => (Allow) E:\hry\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{DF51BBD4-3FF0-44B3-8DEB-904899CA5A8E}E:\hry\far cry primal\bin\fcprimal.exe] => (Allow) E:\hry\far cry primal\bin\fcprimal.exe
FirewallRules: [{E2BA1EA8-A866-4409-B5E8-E73E8F212D15}] => (Allow) E:\Stiahnute\WATCH_DOGS2\bin\WatchDogs2.exe
FirewallRules: [{8B1A6CE4-CBE5-4511-B87C-CB2558586D23}] => (Allow) E:\Stiahnute\WATCH_DOGS2\bin\WatchDogs2.exe
FirewallRules: [{2A820809-53AE-4979-B849-9E5408019ACD}] => (Allow) E:\Stiahnute\WATCH_DOGS2\EAC.exe
FirewallRules: [{5F794EA1-E5B2-46FD-90CD-AA41C2835CE1}] => (Allow) E:\Stiahnute\WATCH_DOGS2\EAC.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: Camera
Description: Camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2017 11:16:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 91004. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (08/01/2017 09:27:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: ProductUpdater.exe, verzia: 1.0.3.0, časová značka: 0x5887040d
Názov chybujúceho modulu: KERNELBASE.dll, verzia: 10.0.15063.296, časová značka: 0x28e9cf15
Kód výnimky: 0xe0434352
Odstup chyby: 0x000eb802
Identifikácia chybujúceho procesu: 0x1fec
Čas spustenia chybujúcej aplikácie: 0x01d30afc3c42473e
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
Cesta chybujúceho modulu: C:\WINDOWS\System32\KERNELBASE.dll
Identifikácia hlásenia: 726d2b89-d0e2-4f74-a748-463b23c7680d
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (08/01/2017 09:27:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ProductUpdater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.DivideByZeroException
at ProductUpdater.Services.NotificationDispatchers.NotificationDispatcher..ctor(System.Windows.Threading.Dispatcher, System.Collections.Generic.IEnumerable`1<ProductUpdater.Services.INotifier>, System.TimeSpan, ProductUpdater.Model.Settings, System.TimeSpan)
at ProductUpdater.App.App_OnStartup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at ProductUpdater.App.Main()

Error: (08/01/2017 12:44:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: ProductUpdater.exe, verzia: 1.0.3.0, časová značka: 0x5887040d
Názov chybujúceho modulu: KERNELBASE.dll, verzia: 10.0.15063.296, časová značka: 0x28e9cf15
Kód výnimky: 0xe0434352
Odstup chyby: 0x000eb802
Identifikácia chybujúceho procesu: 0x2560
Čas spustenia chybujúcej aplikácie: 0x01d30ab32c213c38
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
Cesta chybujúceho modulu: C:\WINDOWS\System32\KERNELBASE.dll
Identifikácia hlásenia: 4790ecbf-08b6-49db-994d-d5d943febe86
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (08/01/2017 12:44:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ProductUpdater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.DivideByZeroException
at ProductUpdater.Services.NotificationDispatchers.NotificationDispatcher..ctor(System.Windows.Threading.Dispatcher, System.Collections.Generic.IEnumerable`1<ProductUpdater.Services.INotifier>, System.TimeSpan, ProductUpdater.Model.Settings, System.TimeSpan)
at ProductUpdater.App.App_OnStartup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at ProductUpdater.App.Main()

Error: (07/31/2017 11:52:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: ProductUpdater.exe, verzia: 1.0.3.0, časová značka: 0x5887040d
Názov chybujúceho modulu: KERNELBASE.dll, verzia: 10.0.15063.296, časová značka: 0x28e9cf15
Kód výnimky: 0xe0434352
Odstup chyby: 0x000eb802
Identifikácia chybujúceho procesu: 0x1e2c
Čas spustenia chybujúcej aplikácie: 0x01d309e2aa5d91a2
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
Cesta chybujúceho modulu: C:\WINDOWS\System32\KERNELBASE.dll
Identifikácia hlásenia: dcd8c637-c621-4a01-8715-cfdb64a7049b
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (07/31/2017 11:52:05 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ProductUpdater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.DivideByZeroException
at ProductUpdater.Services.NotificationDispatchers.NotificationDispatcher..ctor(System.Windows.Threading.Dispatcher, System.Collections.Generic.IEnumerable`1<ProductUpdater.Services.INotifier>, System.TimeSpan, ProductUpdater.Model.Settings, System.TimeSpan)
at ProductUpdater.App.App_OnStartup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at ProductUpdater.App.Main()

Error: (07/30/2017 11:39:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MABA)
Description: Aktivácia aplikácie Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI zlyhala pre chybu: -2144927141 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.

Error: (07/30/2017 12:15:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: ProductUpdater.exe, verzia: 1.0.3.0, časová značka: 0x5887040d
Názov chybujúceho modulu: KERNELBASE.dll, verzia: 10.0.15063.296, časová značka: 0x28e9cf15
Kód výnimky: 0xe0434352
Odstup chyby: 0x000eb802
Identifikácia chybujúceho procesu: 0x1628
Čas spustenia chybujúcej aplikácie: 0x01d3091cb6101e29
Cesta chybujúcej aplikácie: C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
Cesta chybujúceho modulu: C:\WINDOWS\System32\KERNELBASE.dll
Identifikácia hlásenia: 72d4b58d-09e2-4649-a119-ccbd6fe98dd6
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (07/30/2017 12:15:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ProductUpdater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.DivideByZeroException
at ProductUpdater.Services.NotificationDispatchers.NotificationDispatcher..ctor(System.Windows.Threading.Dispatcher, System.Collections.Generic.IEnumerable`1<ProductUpdater.Services.INotifier>, System.TimeSpan, ProductUpdater.Model.Settings, System.TimeSpan)
at ProductUpdater.App.App_OnStartup(System.Object, System.Windows.StartupEventArgs)
at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at ProductUpdater.App.Main()


System errors:
=============
Error: (08/02/2017 11:19:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby WinDivert1.2 zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (08/02/2017 11:19:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby fdPHost, od ktorej závisí služba HomeGroupProvider, zlyhalo kvôli nasledujúcej chybe:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/02/2017 11:19:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby CldFlt zlyhalo kvôli nasledujúcej chybe:
The request is not supported.

Error: (08/02/2017 11:10:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby fdPHost, od ktorej závisí služba HomeGroupProvider, zlyhalo kvôli nasledujúcej chybe:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/02/2017 11:10:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby WinDivert1.2 zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (08/02/2017 11:10:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby CldFlt zlyhalo kvôli nasledujúcej chybe:
The request is not supported.

Error: (08/02/2017 11:10:10 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač sa po kontrole chýb reštartoval. Kontrola chýb: 0x000000ce (0xfffff801845310e4, 0x0000000000000010, 0xfffff801845310e4, 0x0000000000000000). Výpis sa uložil do súboru: C:\WINDOWS\MEMORY.DMP. Identifikácia hlásenia: d5315bc4-7be2-46fa-b8df-40c42b75d188.

Error: (08/02/2017 11:10:09 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:02:41 on ‎2. ‎8. ‎2017 was unexpected.

Error: (08/02/2017 11:02:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby fdPHost, od ktorej závisí služba HomeGroupProvider, zlyhalo kvôli nasledujúcej chybe:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/02/2017 11:02:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby WinDivert1.2 zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.


CodeIntegrity:
===================================
Date: 2017-07-02 14:12:33.267
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-07-02 14:12:33.253
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-07-02 14:12:33.236
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-07-02 14:12:33.207
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-07-02 14:12:33.201
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-07-02 14:12:33.196
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-07-02 14:12:32.603
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-07-02 14:12:32.544
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-07-02 14:10:31.576
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-07-02 14:10:31.563
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 23%
Total physical RAM: 8090.46 MB
Available physical RAM: 6211.47 MB
Total Virtual: 16282.46 MB
Available Virtual: 14271.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.71 GB) (Free:17.75 GB) NTFS
Drive e: (Data) (Fixed) (Total:931.51 GB) (Free:248.47 GB) NTFS
Drive h: (CMS2018) (CDROM) (Total:9.25 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 5D0AAF39)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=834 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 767010F2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[JaRon]

Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\Run: [lsassws] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Test\AppData\Roaming\lsass local files\start.vbs" "%1" %*
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\Run: [OriginWebHelperServicest] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Test\AppData\Roaming\OriginWebHelperService saved files\start.vbs" "%1" %*
BHO-x32: No Name -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> No File
2017-07-26 16:09 - 2017-08-02 10:15 - 000035680 _____ () C:\Users\Test\AppData\Local\Temp\i4jdel0.exe





EmptyTemp:
Reboot:
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[maba345]

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by MaBa (02-08-2017 11:55:39) Run:1
Running from C:\Users\Test\Desktop
Loaded Profiles: MaBa (Available Profiles: MaBa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\Run: [lsassws] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Test\AppData\Roaming\lsass local files\start.vbs" "%1" %*
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\...\Run: [OriginWebHelperServicest] => "%SystemRoot%\System32\WScript.exe" "C:\Users\Test\AppData\Roaming\OriginWebHelperService saved files\start.vbs" "%1" %*
BHO-x32: No Name -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> No File
2017-07-26 16:09 - 2017-08-02 10:15 - 000035680 _____ () C:\Users\Test\AppData\Local\Temp\i4jdel0.exe





EmptyTemp:
Reboot:
End
*****************

[3020] C:\Program Files\KMSpico\Service_KMS.exe => process closed successfully.
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\lsassws => value removed successfully
HKU\S-1-5-21-1915849256-4225163708-1621856079-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OriginWebHelperServicest => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3c77255-42c0-499f-b664-6e981a0b1647} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{c3c77255-42c0-499f-b664-6e981a0b1647} => key not found.
"C:\Users\Test\AppData\Local\Temp\i4jdel0.exe" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8675328 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22264475 B
Java, Flash, Steam htmlcache => 431247059 B
Windows/system/drivers => 0 B
Edge => 1972 B
Chrome => 0 B
Firefox => 14521022 B
Opera => 129425479 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Test => 412479 B

RecycleBin => 0 B
EmptyTemp: => 578.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:55:43 ====

[JaRon]

citat:
DelFix https://toolslib.net/downloads/finish/2/
•Stahnete a spustte
•Ponechte zatrzitkou pouze u volby Remove disinfection tools
•Kliknete na Run

a napis ako sa sprava PC - ci su nejake problemy

[maba345]

Nie sú už žiadne problémy Vďaka Snažil som sa sám nájsť tie skripty čo tie blbosti spúšťali No nechápem ako si zistil, ktoré súbory treba vymazať. Google mi hádzal len fake removali všelijaké

# DelFix v1.013 - Logfile created 02/08/2017 at 12:42:43
# Updated 17/04/2016 by Xplode
# Username : MaBa - MABA
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\RSIT
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Test\Desktop\adwcleaner_7.0.1.0.exe
Deleted : C:\Users\Test\Desktop\ComboFix.exe
Deleted : C:\Users\Test\Desktop\Fixlog.txt
Deleted : C:\Users\Test\Desktop\FRST64.exe
Deleted : C:\Users\Test\Desktop\JRT.exe
Deleted : C:\Users\Test\Desktop\JRT.txt
Deleted : C:\Users\Test\Desktop\rkill.exe
Deleted : C:\Users\Test\Desktop\Rkill.txt
Deleted : C:\Users\Test\Desktop\RSITx64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

[JaRon]

no za tie roky na fore som preluskal tisice logov, potom uz divne subory biju do oci
rado sa stalo