Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Bordel v PC

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Bordel v PC

#1 Příspěvek od Windi »

Zdar, prosím o pomoc při prohlédnutí PC.
Úspěšně jsem si tam včera natahal nějaký bordel z nějakého qpdownload. Snažil jsem se všeho zbavit, ale kdo ví co jsem vynechal.


Logfile of random's system information tool 1.10 (written by random/random)
Run by Merm at 2018-08-14 20:02:29
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 67 GB (30%) free of 228 GB
Total RAM: 16337 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:02:32, on 14.8.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19081)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Program Files (x86)\IObit\Driver Booster\4.5.0\Scheduler.exe
C:\Program Files\trend micro\Merm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 1050 J410 series.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - D:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - D:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8331 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
taskeng.exe {D81C6533-7CE4-4E1A-BF97-4BF767D12734}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\servicing\TrustedInstaller.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Windows\system32\RunDll32.exe" "C:\Program Files\HP\HP Deskjet 1050 J410 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN35R1FNZ205YC;CONNECTION=USB;MONITOR=1;
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AvastUI.exe /nogui
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Merm\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Merm\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Merm\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7feed4924d0,0x7feed4924e0,0x7feed4924f0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4452 --on-initialized-event-handle=356 --parent-handle=368 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=3A16BA640B81AAFE893FA7B668B6CF74 --mojo-platform-channel-handle=1140 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=E5B293879BF8A7A75D2FED5EDC9D02D0 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=E5B293879BF8A7A75D2FED5EDC9D02D0 --renderer-client-id=3 --mojo-platform-channel-handle=2412 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=A7D30B62CAFE43E602A121B2E4C10D55 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=A7D30B62CAFE43E602A121B2E4C10D55 --renderer-client-id=4 --mojo-platform-channel-handle=2788 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=71078D5E24460960D22E7FDDD6696A52 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=71078D5E24460960D22E7FDDD6696A52 --renderer-client-id=19 --mojo-platform-channel-handle=5928 /prefetch:1
taskeng.exe {A70EE08D-1ADE-459F-9442-B7EFBA840BC6}
"D:\Program Files (x86)\IObit\Driver Booster\4.5.0\Scheduler.exe" /scheduler
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=844EE0115CE7AD8BD7AC82828B5918D2 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=844EE0115CE7AD8BD7AC82828B5918D2 --renderer-client-id=25 --mojo-platform-channel-handle=4960 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=E68254E215FADC2B04CB19F2242ED0A1 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=E68254E215FADC2B04CB19F2242ED0A1 --renderer-client-id=26 --mojo-platform-channel-handle=5920 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=2B51FA4869CCA05B7F1B1E7AD88B45C4 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2B51FA4869CCA05B7F1B1E7AD88B45C4 --renderer-client-id=27 --mojo-platform-channel-handle=5956 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=46210E26AF8F16A2A6C78DFD4188802A --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=46210E26AF8F16A2A6C78DFD4188802A --renderer-client-id=32 --mojo-platform-channel-handle=4808 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=B12ED6263E2542BB925D5534D6ED3EA7 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=B12ED6263E2542BB925D5534D6ED3EA7 --renderer-client-id=40 --mojo-platform-channel-handle=6384 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=51A57CFBDE876C68E0907B5B2A4B92D1 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=51A57CFBDE876C68E0907B5B2A4B92D1 --renderer-client-id=41 --mojo-platform-channel-handle=5392 /prefetch:1
taskhost.exe $(Arg0)
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=C1C40C759AB8B432A407D23327DD3FB4 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=C1C40C759AB8B432A407D23327DD3FB4 --renderer-client-id=46 --mojo-platform-channel-handle=6488 /prefetch:1
wmiadap.exe /F /T /R
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=4BA412F56FAD03911DE33144DC61B440 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4BA412F56FAD03911DE33144DC61B440 --renderer-client-id=52 --mojo-platform-channel-handle=4236 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=A605BB4A39B94537D71E99F9C13AC45D --lang=cs --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=A605BB4A39B94537D71E99F9C13AC45D --renderer-client-id=55 --mojo-platform-channel-handle=7024 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=BEC2D184251AA618F462DEF43228C45B --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=BEC2D184251AA618F462DEF43228C45B --renderer-client-id=57 --mojo-platform-channel-handle=7676 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,5363911888365002787,10156658285333684387,131072 --service-pipe-token=4A2B64377833BF2E94F6F9456F93AEF5 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4A2B64377833BF2E94F6F9456F93AEF5 --renderer-client-id=58 --mojo-platform-channel-handle=7844 /prefetch:1
"C:\Windows\system32\wuauclt.exe"
"D:\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

=========Mozilla firefox=========

ProfilePath - C:\Users\Merm\AppData\Roaming\Mozilla\Firefox\Profiles\pxsg0thh.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.171.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.171.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-08 582088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-07-17 938712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-08 245192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-17 812248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2018-07-18 9268672]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2017-08-22 1923192]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-07-17 242904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount]
D:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-08-14 4836032]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-28 588704]

C:\Users\Merm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Sledovat výstrahy inkoustu - HP Deskjet 1050 J410 series.lnk - C:\Windows\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CNC3.exe]
"Debugger="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CNC3EP1.exe]
"Debugger="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generals.exe]
"Debugger="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RA3.exe]
"Debugger="C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-08-14 20:02:29 ----D---- C:\rsit
2018-08-14 20:02:29 ----D---- C:\Program Files\trend micro
2018-08-13 21:49:33 ----D---- C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4
2018-08-13 21:47:50 ----D---- C:\ProgramData\McAfee
2018-07-22 20:47:41 ----D---- C:\Users\Merm\AppData\Roaming\Downloaded Installations
2018-07-21 20:48:06 ----D---- C:\ProgramData\Paessler
2018-07-21 20:47:28 ----D---- C:\Program Files\WinPcap
2018-07-21 20:43:25 ----D---- C:\Program Files (x86)\PRTG Network Monitor
2018-07-21 20:43:00 ----D---- C:\ProgramData\TEMP
2018-07-21 20:43:00 ----D---- C:\ProgramData\Licenses
2018-07-18 23:05:34 ----D---- C:\Windows\system32\unknown
2018-07-18 23:05:34 ----D---- C:\Windows\system32\drivers\NVIDIA Corporation
2018-07-18 23:05:14 ----A---- C:\Windows\system32\nvdispgenco6439811.dll
2018-07-18 23:05:14 ----A---- C:\Windows\system32\nvdispco6439811.dll
2018-07-18 23:05:08 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2018-07-18 23:05:07 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2018-07-18 23:05:06 ----A---- C:\Windows\SYSWOW64\nvptxJitCompiler.dll
2018-07-18 23:05:06 ----A---- C:\Windows\system32\nvptxJitCompiler.dll
2018-07-18 23:05:06 ----A---- C:\Windows\system32\nvopencl.dll
2018-07-18 23:05:05 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2018-07-18 23:05:05 ----A---- C:\Windows\system32\nvoglv64.dll
2018-07-18 23:05:04 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2018-07-18 23:05:04 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2018-07-18 23:05:04 ----A---- C:\Windows\system32\nvoglshim64.dll
2018-07-18 23:05:03 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2018-07-18 23:05:03 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2018-07-18 23:05:03 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2018-07-18 23:05:03 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2018-07-18 23:05:03 ----A---- C:\Windows\SYSWOW64\nvfatbinaryLoader.dll
2018-07-18 23:05:03 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2018-07-18 23:05:03 ----A---- C:\Windows\system32\nvinitx.dll
2018-07-18 23:05:03 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2018-07-18 23:05:03 ----A---- C:\Windows\system32\NvIFR64.dll
2018-07-18 23:05:03 ----A---- C:\Windows\system32\NvFBC64.dll
2018-07-18 23:05:03 ----A---- C:\Windows\system32\nvfatbinaryLoader.dll
2018-07-18 23:05:03 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2018-07-18 23:05:03 ----A---- C:\Windows\system32\nvd3dumx.dll
2018-07-18 23:05:02 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2018-07-18 23:05:02 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2018-07-18 23:05:02 ----A---- C:\Windows\system32\nvcuvid.dll
2018-07-18 23:05:02 ----A---- C:\Windows\system32\nvcuda.dll
2018-07-18 23:05:01 ----A---- C:\Windows\system32\nvcompiler.dll
2018-07-18 23:05:00 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2018-07-18 23:04:05 ----A---- C:\Windows\system32\RtNicProp64.dll
2018-07-18 23:04:05 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2018-07-18 23:03:51 ----A---- C:\Windows\system32\nvhdap64.dll
2018-07-18 23:03:51 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2018-07-18 23:03:10 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2018-07-18 23:03:09 ----A---- C:\Windows\SYSWOW64\SRCOM.dll
2018-07-18 23:03:09 ----A---- C:\Windows\SYSWOW64\SFCOM.dll
2018-07-18 23:03:09 ----A---- C:\Windows\SYSWOW64\SEHDHF32.dll
2018-07-18 23:03:09 ----A---- C:\Windows\SYSWOW64\SECOMN32.dll
2018-07-18 23:03:09 ----A---- C:\Windows\SYSWOW64\RltkAPO.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\YamahaAE2.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\YamahaAE.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\tossaemaxapo64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\tossaeapo64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\toseaeapo64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\tosasfapo64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\tosade.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\tepeqapo64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\tadefxapo264.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\tadefxapo.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SRSWOW64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SRSTSX64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SRSTSH64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SRSHP64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SRRPTR64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SRCOM64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SRCOM.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SRAPO64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\sltech64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\slprp64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\slcnt64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\sl3apo64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SFSS_APO.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SFNHK64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SFCOM64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SFAPO64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SEHDRA64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SEHDHF64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SECOMN64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\SEAPO64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RtPgEx64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RtkCoLDR64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RtkCfg64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RtkApi64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RTEEP64A.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RTEEL64A.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RTEEG64A.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RTEED64A.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RtDataProc64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RTCOM64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RP3DHT64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RP3DAA64.dll
2018-07-18 23:03:09 ----A---- C:\Windows\system32\RltkAPO64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\RCoInstII64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\R4EEP64A.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\R4EEL64A.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\R4EEG64A.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\R4EED64A.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\R4EEA64A.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\ICEsoundAPO64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\HMUI.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\HMLimiter.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\HMHVS.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\HMEQ_Voice.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\HMEQ.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\HMClariFi.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\HMAPO.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\HiFiDAX2APIPCLL.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\HiFiDAX2API.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\HarmanAudioInterface.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DTSSymmetryDLL64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DTSNeoPCDLL64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DTSLimiterDLL64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DTSLFXAPO64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DTSGFXAPONS64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DTSGFXAPO64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DTSBoostDLL64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DolbyDAX2APOvlldp.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DolbyDAX2APOv211.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DolbyDAX2APOv201.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DolbyDAX2APOProp.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DolbyAPOvlldpgm.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DolbyAPOv251gm.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DDPP64AF3.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DDPP64A.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DDPO64AF3.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DDPO64A.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DDPD64AF3.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DDPD64A.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DDPA64F3.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DDPA64.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DAX3APOv251.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\DAX3APOProp.dll
2018-07-18 23:03:08 ----A---- C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-07-18 23:03:07 ----A---- C:\Windows\system32\audioLibVc.dll
2018-07-18 23:03:07 ----A---- C:\Windows\system32\AcpiServiceVnA64.dll
2018-07-18 23:03:03 ----A---- C:\Windows\system32\RCoRes64.dat
2018-07-18 23:03:03 ----A---- C:\Windows\system32\drivers\RTAIODAT.DAT
2018-07-18 23:02:50 ----A---- C:\Windows\system32\drivers\nvvad64v.sys
2018-07-18 23:02:37 ----A---- C:\Windows\system32\drivers\iaStorF.sys
2018-07-18 23:02:37 ----A---- C:\Windows\system32\drivers\iaStorA.sys
2018-07-18 23:01:54 ----A---- C:\Windows\system32\drivers\TeeDriverx64.sys
2018-07-17 19:54:47 ----A---- C:\Windows\system32\aswBoot.exe

======List of files/folders modified in the last 1 month======

2018-08-14 20:02:29 ----RD---- C:\Program Files
2018-08-14 19:58:09 ----D---- C:\Windows\Temp
2018-08-14 19:57:52 ----D---- C:\Windows\system32\config
2018-08-14 19:57:42 ----RD---- C:\Program Files (x86)
2018-08-14 19:57:42 ----D---- C:\ProgramData\NVIDIA
2018-08-14 19:57:42 ----D---- C:\Program Files (x86)\Common Files
2018-08-13 21:50:56 ----D---- C:\Windows\system32\Tasks
2018-08-13 21:47:50 ----HD---- C:\ProgramData
2018-08-13 21:41:41 ----SHD---- C:\Windows\Installer
2018-08-13 20:20:05 ----D---- C:\Windows\System32
2018-08-13 20:20:05 ----D---- C:\Windows\inf
2018-08-13 20:20:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-08-11 05:47:48 ----HD---- C:\Windows\system32\GroupPolicy
2018-08-11 05:47:48 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2018-08-11 05:39:23 ----D---- C:\Program Files\Mozilla Firefox
2018-08-11 05:39:23 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-08 11:03:06 ----SHD---- C:\System Volume Information
2018-08-08 08:06:41 ----D---- C:\Program Files (x86)\Battle.net
2018-08-01 21:23:16 ----D---- C:\Users\Merm\AppData\Roaming\TS3Client
2018-07-27 00:39:32 ----SD---- C:\Users\Merm\AppData\Roaming\Microsoft
2018-07-25 20:08:30 ----D---- C:\ProgramData\IObit
2018-07-24 06:24:58 ----D---- C:\Windows\system32\wdi
2018-07-23 22:00:31 ----D---- C:\Windows\system32\drivers
2018-07-21 20:47:27 ----D---- C:\Windows\SysWOW64
2018-07-18 23:41:14 ----D---- C:\Windows
2018-07-18 23:40:07 ----D---- C:\Windows\system32\catroot
2018-07-18 23:05:42 ----D---- C:\ProgramData\NVIDIA Corporation
2018-07-18 23:05:34 ----D---- C:\Program Files\NVIDIA Corporation
2018-07-18 23:05:34 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2018-07-18 23:05:24 ----D---- C:\Windows\system32\DriverStore
2018-07-18 23:05:08 ----A---- C:\Windows\system32\nvwgf2umx.dll
2018-07-18 23:05:07 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2018-07-18 23:05:07 ----A---- C:\Windows\system32\nvumdshimx.dll
2018-07-18 23:05:03 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2018-07-18 23:05:00 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2018-07-18 23:05:00 ----A---- C:\Windows\system32\nvapi64.dll
2018-07-18 23:04:05 ----A---- C:\Windows\system32\RTNUninst64.dll
2018-07-18 23:03:51 ----A---- C:\Windows\system32\nvhdagenco6420103.dll
2018-07-18 23:03:34 ----D---- C:\Windows\system32\catroot2
2018-07-18 23:03:29 ----D---- C:\Windows\system32\DAX3
2018-07-18 23:03:29 ----D---- C:\Windows\system32\DAX2
2018-07-18 23:03:24 ----D---- C:\Windows\SYSWOW64\RTCOM
2018-07-18 22:46:30 ----D---- C:\Users\Merm\AppData\Roaming\IObit
2018-07-18 22:46:22 ----D---- C:\ProgramData\ProductData
2018-07-15 14:38:07 ----D---- C:\Windows\rescache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-07-17 201328]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-07-17 346664]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-07-17 59592]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-07-17 85968]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-07-17 381584]
R0 IaNVMeF;IaNVMeF; C:\Windows\system32\drivers\IaNVMeF.sys [2017-05-23 35808]
R0 IaRNVMeF;IaRNVMeF; C:\Windows\system32\drivers\IaRNVMeF.sys [2016-01-22 36888]
R0 iaStorA;Intel(R) Chipset SATA/PCIe RST Premium Controller; C:\Windows\system32\DRIVERS\iaStorA.sys [2018-07-18 905736]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2018-07-18 41480]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3hcs.sys [2017-05-12 23552]
R0 nvmeF;nvmeF; C:\Windows\system32\drivers\nvmeF.sys [2015-12-16 30776]
R0 ocztrimfilter;SSD Device Filter; C:\Windows\system32\drivers\ocztrimfilter.sys [2016-06-10 29064]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-07-17 197160]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-07-17 229392]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-07-17 239680]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-07-17 111872]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-07-17 1027728]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-07-23 467064]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2017-07-06 516096]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2017-09-06 27552]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-07-17 159640]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-07-17 211160]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2014-08-19 36600]
R3 asmtxhci;ASMedia XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2017-09-06 451320]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2017-09-27 30264]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2017-09-27 47672]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2018-07-18 6173640]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2017-05-12 401408]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2017-05-12 816640]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2018-07-18 201296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2018-07-18 227928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2018-07-18 67432]
R3 nvvhci;NVVHCI Enumerator Service; C:\Windows\system32\DRIVERS\nvvhci.sys [2017-08-22 57976]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2018-07-18 1059776]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2015-12-21 47736]
S3 amdhub3;AMD USB 3.0 Hub; C:\Windows\system32\drivers\amdhub3.sys [2017-02-16 160936]
S3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\drivers\amdhub30.sys [2016-01-14 108768]
S3 amdhub31;AMD USB3.1 Hub Service; C:\Windows\system32\drivers\amdhub31.sys [2016-02-26 141528]
S3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\amdxhc.sys [2016-01-14 229088]
S3 amdxhc31;AMD XHCI Service; C:\Windows\system32\drivers\amdxhc31.sys [2016-02-26 440536]
S3 amdxhci;AMD USB3 Host Controller Driver; C:\Windows\system32\drivers\amdxhci.sys [2017-02-16 346792]
S3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2015-06-18 149240]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-07-17 46976]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ETDSMBus;ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [2017-09-06 32840]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2014-02-12 65408]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver; C:\Windows\System32\Drivers\EtronSTOR.sys [2014-02-12 39296]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2014-02-12 94208]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver; C:\Windows\system32\drivers\FLxHCIc.sys [2017-06-13 274408]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver; C:\Windows\system32\drivers\FLxHCIh.sys [2017-06-13 87984]
S3 IaNVMe;IaNVMe; C:\Windows\system32\drivers\IaNVMe.sys [2017-05-23 125408]
S3 IaRNVMe;IaRNVMe; C:\Windows\system32\drivers\IaRNVMe.sys [2016-01-22 592408]
S3 MSICDSetup;MSICDSetup; \??\D:\Whatever\Drivers\Drivers\CDriver64.sys [2009-08-12 28984]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\D:\Whatever\Drivers\Drivers\NTIOLib_X64.sys [2011-06-29 11888]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2012-08-27 107912]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2012-08-27 226696]
S3 nvme;nvme; C:\Windows\system32\drivers\nvme.sys [2015-12-16 83784]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-08-22 30328]
S3 ocznvme;ocznvme; C:\Windows\system32\drivers\ocznvme.sys [2016-06-10 99592]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2017-07-06 12520]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2017-07-06 166400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2017-07-06 19456]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0); C:\Windows\system32\drivers\rusb3hub.sys [2012-08-27 114568]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0); C:\Windows\system32\drivers\rusb3xhc.sys [2012-08-27 230280]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 stornvme;stornvme; C:\Windows\system32\drivers\stornvme.sys [2017-07-06 50408]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2017-07-06 29696]
S3 tihub3;TI USB3 Hub Service; C:\Windows\system32\drivers\tihub3.sys [2016-05-12 145904]
S3 tilfilter;TI xHCI Lower Filter Driver Service; C:\Windows\system32\drivers\TIxHCIlfilter.sys [2015-02-11 17672]
S3 tiufilter;TI xHCI Upper Filter Driver Service; C:\Windows\system32\drivers\TIxHCIufilter.sys [2015-02-11 23304]
S3 tixhci;TI XHCI Service; C:\Windows\system32\drivers\tixhci.sys [2016-05-12 422392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2017-07-06 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2017-07-06 29696]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2017-07-06 42496]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2017-07-06 199400]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 VUSB3HUB;VIA USB 3 Root Hub Service; C:\Windows\system32\drivers\ViaHub3.sys [2015-08-20 221696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-07-17 322464]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2017-07-06 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2017-07-06 27136]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-08-07 207648]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2015-08-07 415520]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2018-06-01 764544]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-08-22 450168]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-07-17 7780400]
S2 avast;Služba %1!s! Update (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-06 164984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-10-04 107624]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-10-03 128608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-04 153168]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2017-07-06 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-10-03 52832]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-06 164984]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; D:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-08-14 2291904]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-04 153168]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-06-16 116224]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-05-22 881152]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-08-10 194512]
S3 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-22 513144]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-22 513144]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2017-07-06 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-08-02 1683744]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2017-07-06 27136]
S3 TunngleService;TunngleService; D:\Program Files (x86)\Tunngle\TnglCtrl.exe [2017-06-30 873968]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2017-07-06 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-07-06 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-10-04 136288]

-----------------EOF-----------------

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Bordel v PC

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Odporucam nepouzivat a odinstalovat vsetky programy od IObit (Driver Booster, Advanced SystemCare, atd) - su to cinske smejdy, ktore mozu poskodit system.

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Re: Bordel v PC

#3 Příspěvek od Windi »

Provedeno šéfe

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-10.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-14-2018
# Duration: 00:00:01
# OS: Windows 7 Professional
# Cleaned: 12
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Merm\Documents\Downloaded Installers

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\Driver Booster Scheduler

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKCU\Software\csastats
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D70D9C7-359A-4556-8F08-8AC253A62739}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKCU\Software\PRODUCTSETUP

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted http://www.mystartsearch.com/?type=hppp ... 6Q7DL6ETLX
Deleted http://www.mystartsearch.com/?type=hppp ... 6Q7DL6ETLX
Deleted http://www.mystartsearch.com/?type=hppp ... 6Q7DL6ETLX
Deleted http://www.mystartsearch.com/?type=hppp ... 6Q7DL6ETLX

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2385 octets] - [14/08/2018 21:02:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Bordel v PC

#4 Příspěvek od Conder »

:arrow: Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

:arrow: V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

:arrow: Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Re: Bordel v PC

#5 Příspěvek od Windi »

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Merm (administrator) on MERM-PC (14-08-2018 21:16:28)
Running from C:\Users\Merm\Desktop
Loaded Profiles: Merm (Available Profiles: Merm)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Merm\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9268672 2018-07-18] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3068495315-2313553650-1538864807-1000\...\MountPoints2: {3ff902b2-a334-11e7-9703-d8cb8ac644e2} - E:\setup.exe
IFEO\CNC3.exe: [Debugger]
IFEO\CNC3EP1.exe: [Debugger]
IFEO\generals.exe: [Debugger]
IFEO\RA3.exe: [Debugger] C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
Startup: C:\Users\Merm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 1050 J410 series.lnk [2018-08-14]
ShortcutTarget: Sledovat výstrahy inkoustu - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 81.19.33.2 81.19.34.2
Tcpip\..\Interfaces\{F5B61D7E-C2C7-44A1-AD80-94815D731C57}: [DhcpNameServer] 81.19.33.2 81.19.34.2

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-07-17] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-08] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: pxsg0thh.default
FF ProfilePath: C:\Users\Merm\AppData\Roaming\Mozilla\Firefox\Profiles\pxsg0thh.default [2018-08-14]
FF Extension: (Avast SafePrice) - C:\Users\Merm\AppData\Roaming\Mozilla\Firefox\Profiles\pxsg0thh.default\Extensions\sp@avast.com.xpi [2018-06-20]
FF Extension: (Avast Online Security) - C:\Users\Merm\AppData\Roaming\Mozilla\Firefox\Profiles\pxsg0thh.default\Extensions\wrc@avast.com.xpi [2018-05-26]
FF Extension: (Adblock Plus) - C:\Users\Merm\AppData\Roaming\Mozilla\Firefox\Profiles\pxsg0thh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-17]
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps: ... oogle.com/"
CHR Profile: C:\Users\Merm\AppData\Local\Google\Chrome\User Data\Default [2018-08-14]
CHR Extension: (Adblock Plus) - C:\Users\Merm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-07-18]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Merm\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-08-09]
CHR Extension: (AdBlock) - C:\Users\Merm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-25]
CHR Extension: (Avast Online Security) - C:\Users\Merm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Merm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Merm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-07-17] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-06] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-06] (AVAST Software)
S3 Disc Soft Lite Bus Service; D:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S3 TunngleService; D:\Program Files (x86)\Tunngle\TnglCtrl.exe [873968 2017-06-30] (Tunngle.net GmbH) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-07-06] (Microsoft Corporation)
S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdhub3; C:\Windows\system32\drivers\amdhub3.sys [160936 2017-02-16] (Advanced Micro Devices, Inc)
S3 amdhub31; C:\Windows\system32\drivers\amdhub31.sys [141528 2016-02-26] (Advanced Micro Devices, Inc.)
S3 amdxhc31; C:\Windows\system32\drivers\amdxhc31.sys [440536 2016-02-26] (Advanced Micro Devices, Inc.)
S3 amdxhci; C:\Windows\system32\drivers\amdxhci.sys [346792 2017-02-16] (Advanced Micro Devices, Inc)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [197160 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229392 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201328 2018-07-17] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59592 2018-07-17] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239680 2018-07-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-07-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159640 2018-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111872 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-07-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027728 2018-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467064 2018-07-23] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [211160 2018-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381584 2018-07-17] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-09-27] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-09-27] (Disc Soft Ltd)
S3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [32840 2017-09-06] (ELAN Microelectronic Corp.)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [39296 2014-02-12] (Etron Technology Inc)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [87984 2017-06-13] (Fresco Logic)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-09-06] (REALiX(tm))
S3 IaNVMe; C:\Windows\system32\drivers\IaNVMe.sys [125408 2017-05-23] (Intel Corporation)
R0 IaNVMeF; C:\Windows\System32\drivers\IaNVMeF.sys [35808 2017-05-23] (Intel Corporation)
S3 IaRNVMe; C:\Windows\system32\drivers\IaRNVMe.sys [592408 2016-01-22] (Intel Corporation)
R0 IaRNVMeF; C:\Windows\System32\drivers\IaRNVMeF.sys [36888 2016-01-22] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [41480 2018-07-18] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [201296 2018-07-18] (Intel Corporation)
S3 MSICDSetup; D:\Whatever\Drivers\Drivers\CDriver64.sys [28984 2009-08-12] (Your Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
S3 NTIOLib_1_0_C; D:\Whatever\Drivers\Drivers\NTIOLib_X64.sys [11888 2011-06-29] (MSI) [File not signed]
S3 nvme; C:\Windows\system32\drivers\nvme.sys [83784 2015-12-16] (Samsung Electronics Co., Ltd)
R0 nvmeF; C:\Windows\System32\drivers\nvmeF.sys [30776 2015-12-16] (Samsung Electronics Co., Ltd)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-08-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [67432 2018-07-18] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-08-22] (NVIDIA Corporation)
S3 ocznvme; C:\Windows\system32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION)
R0 ocztrimfilter; C:\Windows\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION)
S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S3 tilfilter; C:\Windows\system32\drivers\TIxHCIlfilter.sys [17672 2015-02-11] (Texas Instruments, Inc.)
S3 tiufilter; C:\Windows\system32\drivers\TIxHCIufilter.sys [23304 2015-02-11] (Texas Instruments, Inc.)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [221696 2015-08-20] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [294912 2015-08-20] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-14 21:16 - 2018-08-14 21:16 - 000017042 _____ C:\Users\Merm\Desktop\FRST.txt
2018-08-14 21:16 - 2018-08-14 21:16 - 000000000 ____D C:\FRST
2018-08-14 21:12 - 2018-08-14 21:12 - 000112640 _____ (forum.viry.cz) C:\Users\Merm\Desktop\FRSTLauncher.exe
2018-08-14 21:02 - 2018-08-14 21:03 - 000000000 ____D C:\AdwCleaner
2018-08-14 21:01 - 2018-08-14 21:01 - 007417040 _____ (Malwarebytes) C:\Users\Merm\Desktop\adwcleaner_7.2.2.exe
2018-08-14 20:02 - 2018-08-14 20:02 - 000000000 ____D C:\rsit
2018-08-14 20:02 - 2018-08-14 20:02 - 000000000 ____D C:\Program Files\trend micro
2018-08-14 20:01 - 2018-08-14 20:01 - 002412544 _____ (Farbar) C:\Users\Merm\Desktop\FRST64.exe
2018-08-13 21:49 - 2018-08-13 21:49 - 000000000 ____D C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4
2018-08-13 21:47 - 2018-08-14 19:57 - 000000000 ____D C:\ProgramData\McAfee
2018-08-12 20:28 - 2018-08-13 21:52 - 000000000 ____D C:\Users\Merm\Desktop\Pro Evičku
2018-08-12 20:27 - 2018-08-12 20:27 - 000000000 ____D C:\Users\Merm\AppData\Local\fs-uae
2018-08-12 19:58 - 2018-08-12 19:58 - 000000000 ____D C:\Users\Merm\AppData\Local\DOSBox
2018-08-11 06:07 - 2018-08-11 06:08 - 002139728 _____ C:\Users\Merm\Downloads\Windows Loader by DAZ v2.2.2 + WAT Fix(1).zip
2018-08-11 05:47 - 2018-08-11 06:40 - 000000412 __RSH C:\ProgramData\ntuser.pol
2018-07-22 21:03 - 2018-07-22 21:12 - 000000470 _____ C:\Users\Merm\Desktop\2050 227.mws
2018-07-22 21:03 - 2018-07-22 21:12 - 000000000 ____D C:\Users\Merm\Desktop\2050 227
2018-07-22 21:01 - 2018-07-22 21:01 - 000000009 _____ C:\Users\Merm\Desktop\227 2050.mpl
2018-07-22 20:49 - 2018-07-22 20:49 - 000000000 ____D C:\Users\Merm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiPing
2018-07-22 20:49 - 2018-07-22 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiPing
2018-07-22 20:47 - 2018-07-22 20:47 - 000000000 ____D C:\Users\Merm\AppData\Roaming\Downloaded Installations
2018-07-21 20:48 - 2018-07-21 20:48 - 000001024 _____ C:\.rnd
2018-07-21 20:48 - 2018-07-21 20:48 - 000000000 ____D C:\ProgramData\Paessler
2018-07-21 20:47 - 2018-07-21 20:47 - 000000000 ____D C:\Program Files\WinPcap
2018-07-21 20:43 - 2018-07-22 11:15 - 000000000 ____D C:\Program Files (x86)\PRTG Network Monitor
2018-07-21 20:43 - 2018-07-21 20:43 - 000000000 ____D C:\ProgramData\TEMP
2018-07-18 23:05 - 2018-07-18 23:05 - 040346536 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 040090152 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 035250624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 032360304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 031276296 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 025990104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 019081176 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 017782576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 016999360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-07-18 23:05 - 2018-07-18 23:05 - 015192816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 013727800 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 011272944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 003964328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 003497024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 002014144 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439811.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 001562208 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 001468272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439811.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 001419200 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 001216448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 001157216 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 001092008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 000904720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 000627240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 000544296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 000517544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 000462648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 000420008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 000182600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 000165136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 000159712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 000142824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-07-18 23:05 - 2018-07-18 23:05 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-07-18 23:05 - 2018-07-18 23:05 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-07-18 23:05 - 2018-07-18 23:05 - 000000000 ____D C:\Windows\system32\unknown
2018-07-18 23:05 - 2018-07-18 23:05 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-07-18 23:04 - 2018-07-18 23:04 - 001059776 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2018-07-18 23:04 - 2018-07-18 23:04 - 000122816 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 072520672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2018-07-18 23:03 - 2018-07-18 23:03 - 013687502 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-07-18 23:03 - 2018-07-18 23:03 - 007178432 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 007101704 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 006270160 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 006173640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-07-18 23:03 - 2018-07-18 23:03 - 005346960 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 003677120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-07-18 23:03 - 2018-07-18 23:03 - 003632464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 003452120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 003417968 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 003306776 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 003214672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 003198528 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 003128768 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 002939728 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 002444648 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 002197944 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001971328 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001965120 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001787920 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001598352 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001544216 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001516232 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001448736 _____ (Dolby Laboratories) C:\Windows\system32\DolbyAPOv251gm.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001435104 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001382192 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001372352 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001353280 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001337608 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001328360 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001266352 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001259696 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001178240 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001164584 _____ (Dolby Laboratories) C:\Windows\system32\DolbyAPOvlldpgm.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001159152 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001133560 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 001027608 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000999008 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000994648 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000964992 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000873424 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000852104 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000751264 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000734736 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000715608 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000714432 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000692128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000604760 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000541072 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000511608 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000467120 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000453240 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000452696 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000448568 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000447144 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000416472 _____ (Harman) C:\Windows\system32\HMUI.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000406416 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000392840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000381368 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000378352 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000367576 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000366080 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000360312 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000343672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000341112 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000341112 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000332968 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000327240 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000315944 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000278240 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000266512 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000261200 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000261160 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000260176 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000231880 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000230664 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000227928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-07-18 23:03 - 2018-07-18 23:03 - 000220352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000218232 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000203808 _____ (Harman) C:\Windows\system32\HMHVS.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000192944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000179560 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000174904 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000158664 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000157312 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000154328 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000139720 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000122280 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000118552 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000116504 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000105272 _____ C:\Windows\system32\audioLibVc.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000093872 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000090880 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000090136 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000088288 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000083592 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000075496 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000047648 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-07-18 23:03 - 2018-07-18 23:03 - 000023656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-07-18 23:02 - 2018-07-18 23:02 - 000905736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2018-07-18 23:02 - 2018-07-18 23:02 - 000067432 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-07-18 23:02 - 2018-07-18 23:02 - 000041480 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
2018-07-18 23:01 - 2018-07-18 23:01 - 000201296 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2018-07-17 19:54 - 2018-07-17 19:54 - 000378072 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-14 21:15 - 2017-09-04 18:08 - 000000000 ____D C:\Users\Merm\AppData\LocalLow\Mozilla
2018-08-14 21:10 - 2011-04-12 10:34 - 000668866 _____ C:\Windows\system32\perfh005.dat
2018-08-14 21:10 - 2011-04-12 10:34 - 000141526 _____ C:\Windows\system32\perfc005.dat
2018-08-14 21:10 - 2009-07-14 07:13 - 001584554 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-14 21:10 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-08-14 21:05 - 2018-04-06 03:36 - 000000000 ____D C:\Users\Merm\AppData\Local\AVAST Software
2018-08-14 21:04 - 2017-09-04 17:54 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-14 21:04 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-14 20:55 - 2017-09-04 19:27 - 000000000 ____D C:\Users\Merm\AppData\Local\Battle.net
2018-08-14 20:24 - 2018-04-12 02:22 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-08-14 20:12 - 2009-07-14 06:45 - 000033152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-14 20:12 - 2009-07-14 06:45 - 000033152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-14 20:03 - 2017-09-13 14:28 - 000002882 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Merm)
2018-08-12 20:07 - 2018-05-14 10:58 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-08-12 20:07 - 2018-04-12 02:27 - 000002940 _____ C:\Windows\System32\Tasks\{1806E023-2CC0-451E-A684-301D123E0705}
2018-08-12 20:07 - 2017-10-08 15:11 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-08-12 20:07 - 2017-09-04 17:49 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-08-12 20:07 - 2017-09-04 17:49 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-08-12 19:59 - 2017-09-06 01:03 - 000000000 ____D C:\Users\Merm\AppData\Local\CrashDumps
2018-08-11 05:47 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-08-11 05:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-08-11 05:39 - 2017-09-04 18:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-11 05:39 - 2017-09-04 18:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-10 19:33 - 2017-09-04 17:49 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 19:33 - 2017-09-04 17:49 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-02 08:06 - 2009-07-14 07:08 - 000032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-08-01 21:23 - 2017-09-04 19:49 - 000000000 ____D C:\Users\Merm\AppData\Roaming\TS3Client
2018-07-25 20:08 - 2017-09-06 13:25 - 000000000 ____D C:\ProgramData\IObit
2018-07-25 05:33 - 2018-04-06 03:37 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-07-25 05:33 - 2018-04-06 03:37 - 000002386 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-07-23 22:00 - 2017-09-04 18:13 - 000467064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-07-18 23:06 - 2017-09-06 13:25 - 000001170 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2018-07-18 23:05 - 2017-11-09 05:33 - 023298224 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-07-18 23:05 - 2017-11-09 05:33 - 020323576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-07-18 23:05 - 2017-11-09 05:33 - 000505928 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-07-18 23:05 - 2017-11-09 05:32 - 015691144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-07-18 23:05 - 2017-11-09 05:32 - 004613600 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-07-18 23:05 - 2017-11-09 05:32 - 004081440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-07-18 23:05 - 2017-09-04 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-07-18 23:05 - 2017-09-04 17:54 - 000041598 _____ C:\Windows\system32\nvinfo.pb
2018-07-18 23:05 - 2017-09-04 17:54 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-07-18 23:05 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-07-18 23:05 - 2017-09-04 17:52 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-07-18 23:04 - 2017-09-04 17:37 - 000118784 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2018-07-18 23:03 - 2017-11-09 06:01 - 001688848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-07-18 23:03 - 2017-09-06 13:41 - 000000000 ____D C:\Windows\system32\DAX3
2018-07-18 23:03 - 2017-09-04 17:42 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-07-18 23:03 - 2017-09-04 17:42 - 000000000 ____D C:\Windows\system32\DAX2
2018-07-18 22:46 - 2017-09-06 13:27 - 000000000 ____D C:\ProgramData\ProductData
2018-07-18 22:46 - 2017-09-06 13:24 - 000000000 ____D C:\Users\Merm\AppData\Roaming\IObit
2018-07-17 19:54 - 2018-01-05 12:25 - 000239680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-07-17 19:54 - 2017-11-14 19:35 - 000197160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-07-17 19:54 - 2017-09-04 18:13 - 000381584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-07-17 19:54 - 2017-09-04 18:13 - 000211160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-07-17 19:54 - 2017-09-04 18:13 - 000159640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-07-17 19:54 - 2017-09-04 18:13 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-07-17 19:54 - 2017-09-04 18:13 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-07-17 19:54 - 2017-09-04 18:13 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-07-17 19:54 - 2017-09-04 18:12 - 001027728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-07-17 19:54 - 2017-09-04 18:12 - 000346664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-07-17 19:54 - 2017-09-04 18:12 - 000229392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-07-17 19:54 - 2017-09-04 18:12 - 000201328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-07-17 19:54 - 2017-09-04 18:12 - 000111872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-07-17 19:54 - 2017-09-04 18:12 - 000059592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-07-15 14:38 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======


Some files in TEMP:
====================
2017-11-17 09:18 - 2017-11-17 09:18 - 032922280 _____ (ArenaNet) C:\Users\Merm\AppData\Local\Temp\Gw2.exe
2018-05-08 21:43 - 2018-05-08 21:43 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-1010413858995765275.dll
2018-05-14 21:20 - 2018-05-14 21:20 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-1154549314514618286.dll
2018-05-14 20:59 - 2018-05-14 20:59 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-1259236505744015311.dll
2018-05-14 18:20 - 2018-05-14 18:20 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-1358881397049611187.dll
2018-05-14 21:21 - 2018-05-14 21:21 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-1536735778143263842.dll
2018-05-15 18:03 - 2018-05-15 18:03 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-2426263256041759029.dll
2018-05-15 18:08 - 2018-05-15 18:08 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-255117942211454471.dll
2018-05-08 21:44 - 2018-05-08 21:44 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-2636375222341690667.dll
2018-05-08 21:24 - 2018-05-08 21:24 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-2709587303331189494.dll
2018-05-08 22:18 - 2018-05-08 22:18 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-2719083996053686440.dll
2018-05-08 21:43 - 2018-05-08 21:43 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-2806293159405911631.dll
2018-05-11 20:14 - 2018-05-11 20:14 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-2886331900028602234.dll
2018-05-15 18:04 - 2018-05-15 18:04 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-3014473539208731138.dll
2018-05-08 21:29 - 2018-05-08 21:29 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-3276822427436224992.dll
2018-05-14 21:03 - 2018-05-14 21:03 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-4062900975833629440.dll
2018-05-10 18:49 - 2018-05-10 18:49 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-408153656019588170.dll
2018-05-15 19:08 - 2018-05-15 19:08 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-4242451051887337289.dll
2018-05-11 20:15 - 2018-05-11 20:15 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-4285905521138904607.dll
2018-05-08 22:18 - 2018-05-08 22:18 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-4349492184721879503.dll
2018-05-10 18:49 - 2018-05-10 18:49 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-4353597392211965797.dll
2018-05-18 19:09 - 2018-05-18 19:09 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-4452523077630920028.dll
2018-05-15 19:25 - 2018-05-15 19:25 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-4486548905620806741.dll
2018-05-08 22:27 - 2018-05-08 22:27 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-4831988306936289642.dll
2018-05-11 20:14 - 2018-05-11 20:14 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-5343995633319140236.dll
2018-05-15 19:08 - 2018-05-15 19:08 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-5731208821938229799.dll
2018-05-18 19:10 - 2018-05-18 19:10 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-5981092356337915945.dll
2018-05-08 22:20 - 2018-05-08 22:20 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-6167241470284965029.dll
2018-05-11 23:17 - 2018-05-11 23:17 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-6206765906579401729.dll
2018-05-15 18:03 - 2018-05-15 18:03 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-6510959734981595232.dll
2018-05-15 19:25 - 2018-05-15 19:25 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-6671471732549464737.dll
2018-05-08 22:18 - 2018-05-08 22:18 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-6736179751950499578.dll
2018-05-14 21:20 - 2018-05-14 21:20 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-7490570724543424433.dll
2018-05-10 17:56 - 2018-05-10 17:56 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-7516107550650225810.dll
2018-05-18 19:21 - 2018-05-18 19:21 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-7523623843682258702.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-7835455190256953549.dll
2018-05-14 18:20 - 2018-05-14 18:20 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-822435768636249452.dll
2018-05-08 22:18 - 2018-05-08 22:18 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-8328492851971052956.dll
2018-05-10 17:55 - 2018-05-10 17:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-8432692511811691162.dll
2018-05-08 21:29 - 2018-05-08 21:29 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-8518629205124111686.dll
2018-05-14 18:30 - 2018-05-14 18:30 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-8641727949040579797.dll
2018-05-15 18:08 - 2018-05-15 18:08 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-8677787807858223391.dll
2018-05-08 22:20 - 2018-05-08 22:20 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-8766963517578448627.dll
2018-05-10 17:55 - 2018-05-10 17:55 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-9130340250464122263.dll
2018-05-08 22:32 - 2018-05-08 22:32 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-9134846494070635210.dll
2018-05-08 22:26 - 2018-05-08 22:26 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-9214539923676509363.dll
2018-05-14 21:09 - 2018-05-14 21:09 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Merm\AppData\Local\Temp\jansi-64-958423851215493311.dll
2010-01-11 10:54 - 2010-01-11 10:54 - 000149352 ____R (Microsoft Corporation) C:\Users\Merm\AppData\Local\Temp\ose00000.exe
2017-10-08 13:00 - 2017-10-08 13:00 - 001066336 _____ (Microsoft Corporation) C:\Users\Merm\AppData\Local\Temp\PidGenX.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-08 10:56

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:223.02 GB) (Free:64.44 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:1863.01 GB) (Free:698.87 GB) NTFS
\\?\Volume{0ea20eea-00ec-4df4-ba5f-c47041e2dd82}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS

Available physical RAM: 12970.23 MB
Total physical RAM: 16336.94 MB
Percentage of memory in use: 20%

==================== MBR and Partition Table ==================

Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B7FE9059)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Merm\Desktop" je 164 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount
"D:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Re: Bordel v PC

#6 Příspěvek od Windi »

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Merm (14-08-2018 21:16:45)
Running from C:\Users\Merm\Desktop
Windows 7 Professional Service Pack 1 (X64) (2017-09-04 15:30:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3068495315-2313553650-1538864807-500 - Administrator - Disabled)
Guest (S-1-5-21-3068495315-2313553650-1538864807-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3068495315-2313553650-1538864807-1002 - Limited - Enabled)
Merm (S-1-5-21-3068495315-2313553650-1538864807-1000 - Administrator - Enabled) => C:\Users\Merm

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Aktualizace NVIDIA 28.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 28.0.0.0 - NVIDIA Corporation) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.26.1 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 67.1.664.100 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.71.1081 - AB Team, d.o.o.)
C&C:Online (HKLM-x32\...\{1298F091-2180-4779-BDA0-1176247252D0}) (Version: 2.0.7 - Revora)
Crusader Kings 2, версия 1.8.1.1 (HKLM-x32\...\{A75C2636-A74D-43DB-90DD-FAF498301199}_is1) (Version: 1.8.1.1 - Crusader Kings 2)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Driver Booster 4.5 (HKLM-x32\...\Driver Booster_is1) (Version: 4.5.0 - IObit)
Europa Universalis IV (HKLM-x32\...\Europa Universalis IV_is1) (Version: 1.25.0 - )
Europa.Universalis.IV.v1.22.0.Incl.Third.Rome.DLC.Repack verze 1.22.0 (HKLM-x32\...\{C3C65A35-CB28-4220-AEF7-946BD52D991D}}_is1) (Version: 1.22.0 - Ali213.net)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Grand Theft Auto IV version 1.0.7.0 (HKLM-x32\...\Grand Theft Auto IV_is1) (Version: 1.0.7.0 - Mr DJ)
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP Deskjet 1050 J410 series Nápověda (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.1 - PandoraTV)
MegaTrainer Ultimate version 1.4.8.1 (HKLM-x32\...\{68A5CFDB-E05C-46BC-B2EB-988D1E2C2444}_is1) (Version: 1.4.8.1 - MegaDev)
Microsoft .NET Framework 4.7.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 61.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 61.0.2 (x64 cs)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
MultiPing (HKLM-x32\...\MultiPing) (Version: 1.0 - Nessoft, LLC)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.2 - Notepad++ Team)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenIV (HKU\S-1-5-21-3068495315-2313553650-1538864807-1000\...\OpenIV) (Version: 2.9.2.932 - .black/OpenIV Team)
Ovládací panel NVIDIA 398.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.11 - NVIDIA Corporation) Hidden
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.0.1.18336 - Grinding Gear Games) Hidden
Path of Exile (HKLM-x32\...\{93fd0fda-44be-4ef3-9edd-7fad9f187032}) (Version: 3.0.1.18336 - Grinding Gear Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8382 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.8 - Rockstar Games)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Stellaris Apocalypse (HKLM-x32\...\Stellaris Apocalypse_is1) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.9 - Tunngle.net GmbH)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XCom Long War EW Mod version 1.0 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: 1.0 - JohnnyLump)
Základní software zařízení HP Deskjet 1050 J410 series (HKLM\...\{A3E36A5A-8306-42AD-8A0A-EB252823D987}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Program Files\Notepad++\NppShell_06.dll [2017-11-27] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-17] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-06-01] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-07-17] (AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01918ACD-5C4B-40D8-8AD5-934C02B0085E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {307E6337-F02B-4EBA-B20B-66CC933DC916} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-22] (NVIDIA Corporation)
Task: {398C9F73-532B-466D-A056-CD71943F2D63} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)
Task: {5E49E31F-7A3A-4F88-9662-737A699F80DC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-22] (NVIDIA Corporation)
Task: {668282F1-0B80-41F2-B623-D396D1D0A74E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-07-17] (AVAST Software)
Task: {6E70698D-04D1-4CDE-8475-950BDE3498F3} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-22] (NVIDIA Corporation)
Task: {738B77A8-36F9-4A0D-A29F-828B7672F5A8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)
Task: {80EA8397-069D-428C-9C09-8309B279CCCC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-04] (Google Inc.)
Task: {8A2422BA-3DE0-46A4-9617-60C7FCFE7A67} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-13] (AVAST Software)
Task: {8D8AE40E-869C-482B-888B-9E087DEF3113} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-06] (AVAST Software)
Task: {92504615-3DFF-4A3D-B7B3-3B68A9E5E68B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-22] (NVIDIA Corporation)
Task: {A91287E2-C137-4DBF-A5A5-FED63279F279} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-22] (NVIDIA Corporation)
Task: {B55D7E29-241D-4304-A2EC-4251038A861B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-04] (Google Inc.)
Task: {D246A2E0-9E88-461E-B005-D74AF06FE038} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-22] (NVIDIA Corporation)
Task: {D7433C2D-818A-4DF6-8CB2-C4C49C3580CE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-10-08] ()
Task: {DC9C774F-06AD-4F1B-A0CD-ED789AAA0C66} - System32\Tasks\Driver Booster SkipUAC (Merm) => D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe [2017-07-28] (IObit)
Task: {DF8CCD21-80B3-4E34-A42E-3E0BBD6A4116} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {E1001D79-7160-4AD8-8641-4A447312F8A2} - System32\Tasks\{1806E023-2CC0-451E-A684-301D123E0705} => D:\Downloads\Warcraft-III-Setup (3).exe
Task: {E994338D-3921-4B10-9590-B2DBB4CFE538} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-06] (AVAST Software)
Task: {FE611793-56EB-4819-95E2-CEB8A36577C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-11-27 02:36 - 2017-11-27 02:36 - 000230064 _____ () D:\Program Files\Notepad++\NppShell_06.dll
2018-08-10 19:33 - 2018-08-08 02:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-10 19:33 - 2018-08-08 02:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-07-17 19:54 - 2018-07-17 19:54 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-08-14 19:57 - 2018-08-14 19:57 - 005654160 _____ () C:\Program Files\AVAST Software\Avast\defs\18081400\algo.dll
2018-07-17 19:54 - 2018-07-17 19:54 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-07-17 19:54 - 2018-07-17 19:54 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-07-17 19:54 - 2018-07-17 19:54 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-07-17 19:54 - 2018-07-17 19:54 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-03-13 15:15 - 2018-03-13 15:15 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-07-17 19:54 - 2018-07-17 19:54 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2015-08-07 01:09 - 2015-08-07 01:09 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3068495315-2313553650-1538864807-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Merm\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 81.19.33.2 - 81.19.34.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: DAEMON Tools Lite Automount => "D:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D6105D14-9860-47AD-9E1E-3F1903AA0A11}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DA803C99-1DF8-4AB5-8B3C-7A0FB3260FDC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5E4F8E2B-95E1-46AC-B86C-372AF9BE032D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{20702155-EED7-43A7-B784-39FF702C1E6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{85B60742-1FAF-4805-9176-4D7196B64365}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{308173A1-ACC6-41E0-AA9F-6263A2374CCA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{91339751-9CB3-4EA9-97C9-2A7007483F31}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9EE63296-F746-490C-B858-8D0E8D96D174}D:\program files\utorrent\utorrent.exe] => (Allow) D:\program files\utorrent\utorrent.exe
FirewallRules: [UDP Query User{D4B7FC8C-6719-45C0-83AC-85F935D0CFCC}D:\program files\utorrent\utorrent.exe] => (Allow) D:\program files\utorrent\utorrent.exe
FirewallRules: [{6D50C9C2-0DD1-473A-A192-88CDD020BD10}] => (Allow) C:\Users\Merm\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E74DB15D-9F64-4D72-9AD3-33E9AB1261CF}] => (Allow) C:\Users\Merm\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D76B79D5-04A9-4BDB-B3FF-5027031DABE8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7D56EEAD-7C4F-4F49-9F15-43D682D097DD}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1B854293-5437-47B8-A01A-6EA180BF6E19}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3F9ADC15-4132-4CF2-AFB4-DF1E2EAAD36E}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{66F9812D-67F3-40A8-A94C-D6C6FD58E254}D:\games\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{319A6876-9FB6-4C7A-9647-8646218C246C}D:\games\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe
FirewallRules: [{AECF8427-4362-46E4-BB99-4FE9039700B8}] => (Allow) D:\Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{7B39764F-03DC-4783-9789-FB04EF93F816}] => (Allow) D:\Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{9501EB46-EC15-4A55-BFAE-831CE35BE0A2}D:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [UDP Query User{4964412F-BAB1-4E48-BE01-BCBDA0ECE369}D:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [TCP Query User{B10FB39E-21BA-4E8D-8A2F-7DF82AA4E1ED}D:\games\diablo iii\x64\diablo iii64.exe] => (Allow) D:\games\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{502D04BF-6F1A-4CB4-B8BA-C7D7DCBD77F8}D:\games\diablo iii\x64\diablo iii64.exe] => (Allow) D:\games\diablo iii\x64\diablo iii64.exe
FirewallRules: [{270276FE-9DBE-4889-B3BE-9559DCC39E04}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
FirewallRules: [{6932EE32-071D-4D9C-B327-90EB4D9CCB63}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
FirewallRules: [{2A43DF8D-3B91-4651-9080-69E58C66413D}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DBDownloader.exe
FirewallRules: [{2D8B3481-A5F1-4DD0-B010-431E760816AD}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DBDownloader.exe
FirewallRules: [{C855F517-D751-4344-9FF1-1122F72C4491}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\AutoUpdate.exe
FirewallRules: [{D242BEA5-0E7C-42BA-B87A-0BA98F8588C9}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\AutoUpdate.exe
FirewallRules: [TCP Query User{576A581B-3922-4F09-9B0E-5C787AD94D35}D:\games\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4A71B696-7ABB-4D80-BFB8-1193FDF4DB3D}D:\games\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3E77134A-DCBE-4883-AEB7-DCB2DB7A0A83}D:\games\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4DF185E5-99EF-4349-90CA-AE4D87C6F861}D:\games\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe
FirewallRules: [{28A3A868-5C26-4487-8042-141ECB50A83F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{B277A54C-7282-4791-8496-83A332F61365}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [TCP Query User{69F1AC14-2242-4463-B101-6E816E7B16A1}D:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe
FirewallRules: [UDP Query User{FB6A74BE-7FEC-48E8-8B72-997937FB6911}D:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\total war warhammer ii\warhammer2.exe
FirewallRules: [{0DEDFD80-6F4E-42A4-A2FC-20D93386E756}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{C7878C0C-894C-4AD9-9B7C-75F64B881E9E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{CF6A8C6C-786A-4E44-866B-26BC0F402381}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{4CD5BEAA-870F-4AFA-85F4-C14DEC43A544}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{71BAC5BA-81A8-41FD-A4FE-4301F47F37CA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{259A2841-3AD2-4827-A553-65FB2A1EAA35}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [TCP Query User{D1F97B1C-327F-41C8-8833-C090E94656FE}D:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [UDP Query User{2E472F56-8247-4644-BF55-1E79670C3BE1}D:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [TCP Query User{08DE0B7D-16F7-4E1B-9444-AD3606FC9458}D:\games\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A25A07B5-7191-4FA6-B9D7-4EA6A416EDBF}D:\games\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A20CC180-C081-415F-9CBB-945FD36A74F6}D:\program files (x86)\steam\steamapps\common\sven co-op\svencoop.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\sven co-op\svencoop.exe
FirewallRules: [UDP Query User{6746B8A4-91E3-4117-B1AB-E7916BFA6371}D:\program files (x86)\steam\steamapps\common\sven co-op\svencoop.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\sven co-op\svencoop.exe
FirewallRules: [{3A4EB8F2-FC31-4274-823C-2EE68D77E45F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{B561F1A7-FCF2-4C0A-A8D2-F9F0907ECAAE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{DDF857CB-D978-4326-B314-E91D06C912A1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\WormsWMD\Worms W.M.D.exe
FirewallRules: [{BA39509E-417A-4E61-8355-4DF7ECB66BC7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\WormsWMD\Worms W.M.D.exe
FirewallRules: [TCP Query User{946E629C-5E01-4AB8-BC60-000AB75D793F}D:\games\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{35DCA50D-0633-4C45-8C69-0CDC5680F287}D:\games\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F64C3D68-B531-49B7-82D7-27505F2311AE}D:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{6718D089-EB78-43C3-96A9-1372DE28E656}D:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{75A45795-B06C-4C78-8575-7CCD2725D35E}] => (Allow) D:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{A74F668F-F480-440B-AA9E-2711FE54280C}] => (Allow) D:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{C1C7393E-4319-4AE7-8FDD-C7150130063A}] => (Allow) D:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{28C05954-726D-4FBF-8014-5549E8C46E20}] => (Allow) D:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [TCP Query User{1DD94006-3E83-47A4-B600-BC938E8FA5F1}D:\games\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A881A4F3-E351-4963-9702-452FEE3C0BDB}D:\games\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{CE3DAE8A-E61C-4604-9B88-ABD372974E07}D:\games\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5B2D1AE7-BD47-451E-9192-F5B4658B8935}D:\games\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{587FB730-C4A2-42D8-863F-2F69B99C4656}D:\games\starcraft ii\versions\base59587\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base59587\sc2_x64.exe
FirewallRules: [UDP Query User{340E3B2C-83D2-49A9-851B-04CD10DBD3D5}D:\games\starcraft ii\versions\base59587\sc2_x64.exe] => (Allow) D:\games\starcraft ii\versions\base59587\sc2_x64.exe
FirewallRules: [TCP Query User{CEF95A0B-3BDC-43ED-AAA0-18891015D1B8}D:\program files (x86)\steam\steamapps\common\natural selection 2\x64\ns2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\natural selection 2\x64\ns2.exe
FirewallRules: [UDP Query User{1EFBF151-4F9E-441E-A75A-5FC24059B3EA}D:\program files (x86)\steam\steamapps\common\natural selection 2\x64\ns2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\natural selection 2\x64\ns2.exe
FirewallRules: [TCP Query User{E8131330-93F0-480A-8C70-1545482862D9}D:\games\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{81AED6A3-BCD6-4C62-8B8A-1A121992627C}D:\games\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base59799\heroesofthestorm_x64.exe
FirewallRules: [{60FDE553-C348-4A84-AAE1-471985D60977}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\Thea.exe
FirewallRules: [{1DCBDB76-F71E-43BC-9054-F68DAE9C88A2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\Thea.exe
FirewallRules: [{92CED1FC-020B-4429-B911-C9CDE5D169A5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{46A31FC2-BB10-4768-9C36-7096A41365EF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [TCP Query User{B2D51641-EC89-4BE7-BB7D-DF9A64147759}D:\games\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{046FB7E7-C03F-4C95-90A3-69249F7E1270}D:\games\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{54321714-D94A-4F55-9BF7-81732DFD596F}D:\games\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{251F994C-3118-4275-A202-1E9C2138725B}D:\games\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4BEE0CBF-3547-4AE1-B650-AB0DE6AD938C}D:\games\heroes of the storm\versions\base60632\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base60632\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{F5C8AF8F-379D-4AB5-9321-AF00F78BBD3E}D:\games\heroes of the storm\versions\base60632\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base60632\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BF59FE1A-F9CB-409B-A2F4-EABE677EB116}D:\games\heroes of the storm\versions\base60821\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base60821\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AA05AB07-254F-4D3C-B92F-0453886C9FC3}D:\games\heroes of the storm\versions\base60821\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base60821\heroesofthestorm_x64.exe
FirewallRules: [{B5DD8BF5-9D84-4869-ABC3-31B11F00DC72}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\quakechampions\client\bin\pc\QuakeChampions.exe
FirewallRules: [{ECA06538-4F82-4CED-AE6E-55DF3D35F6A1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\quakechampions\client\bin\pc\QuakeChampions.exe
FirewallRules: [{F4DB6A23-7748-4309-8B48-D12F30DAE3C8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{A1470CFE-BD4B-452B-B82E-C0C529FEBC40}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{7E34EB1D-F958-4D77-A877-95E65026E717}D:\games\heroes of the storm\versions\base61129\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base61129\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{ACC513BA-87F8-4066-9A1C-305F49E100E4}D:\games\heroes of the storm\versions\base61129\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base61129\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3FDA4362-112C-4A3C-9688-40AD20D0C504}D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{2BFE2F30-268F-49A6-8D23-A13EBBAD156E}D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{642DB5C8-9392-4599-B8E7-4188A0ECAEA3}D:\games\heroes of the storm\versions\base61361\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base61361\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{862B561E-5104-439B-A6F4-76F22B8290AC}D:\games\heroes of the storm\versions\base61361\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base61361\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D672577E-8ACB-4873-9088-39A671A0786C}D:\games\heroes of the storm\versions\base61552\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base61552\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B5359EC1-D875-4C32-8E81-8F3A7E3099EE}D:\games\heroes of the storm\versions\base61552\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base61552\heroesofthestorm_x64.exe
FirewallRules: [{E56D672C-DB45-4782-AD9A-D1536CFDA7A5}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{A49B8DC7-4528-4D3D-B538-D5049DFD6949}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [TCP Query User{F78F74EB-E5A5-4744-9383-AFBC6223F950}D:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{7A1C6891-0E22-44FA-B6AF-8719561BE9BB}D:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{C6D86F23-5B6D-475F-896C-5279269C114F}D:\games\heroes of the storm\versions\base61952\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base61952\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{175ACAB2-E066-47E6-8287-8D53489895AE}D:\games\heroes of the storm\versions\base61952\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base61952\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{50E0A064-1B5B-4609-BA08-6D685735EA71}D:\games\heroes of the storm\versions\base62119\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base62119\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{272E3B03-255E-44AC-A564-2D2E322D2B63}D:\games\heroes of the storm\versions\base62119\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base62119\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{8F07C000-822B-41CA-AC51-45516CA2B6F1}D:\games\heroes of the storm\versions\base62212\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base62212\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5C1EC5CD-403F-4C1F-A2FA-08A810A26C70}D:\games\heroes of the storm\versions\base62212\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base62212\heroesofthestorm_x64.exe
FirewallRules: [{BC4D5F56-7541-4949-9FF8-2D75BF6016A3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Command and Conquer Red Alert 3\runme.exe
FirewallRules: [{FF11E12A-5CBD-4EDD-8F8D-D660DF746415}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Command and Conquer Red Alert 3\runme.exe
FirewallRules: [TCP Query User{6EF4FB7F-62CA-4234-99B8-F3ED40250C0C}D:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game] => (Allow) D:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game
FirewallRules: [UDP Query User{0FAC6400-5F92-4029-B0C6-F2A2C817DBA3}D:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game] => (Allow) D:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\data\ra3_1.12.game
FirewallRules: [TCP Query User{80731C82-00FF-4DA2-AC59-C088ADEA0BD5}D:\games\heroes of the storm\versions\base62424\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base62424\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{85B40A12-9479-4198-ADC0-A805B910F74F}D:\games\heroes of the storm\versions\base62424\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base62424\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3BDEB5D4-F5A8-42C5-876D-88F40B741A6B}D:\whatever\cd\warcraft\warcraft\war3.exe] => (Allow) D:\whatever\cd\warcraft\warcraft\war3.exe
FirewallRules: [UDP Query User{5CDBA326-CA04-47EE-9C14-0D64E1109202}D:\whatever\cd\warcraft\warcraft\war3.exe] => (Allow) D:\whatever\cd\warcraft\warcraft\war3.exe
FirewallRules: [TCP Query User{7DBF7761-70EF-4EB7-958D-EE6597E9DB73}D:\whatever\cd\warcraft\warcraft\warcraft iii.exe] => (Allow) D:\whatever\cd\warcraft\warcraft\warcraft iii.exe
FirewallRules: [UDP Query User{1B07977A-070F-4819-8461-209EB08F8662}D:\whatever\cd\warcraft\warcraft\warcraft iii.exe] => (Allow) D:\whatever\cd\warcraft\warcraft\warcraft iii.exe
FirewallRules: [{30FA7A7E-558F-4700-90A0-73F7A56D9159}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe
FirewallRules: [{15257F56-2781-439E-AC21-689F60BC8854}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe
FirewallRules: [TCP Query User{66902743-35E4-40A9-A1B1-38823333119C}D:\games\heroes of the storm\versions\base63635\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base63635\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7681D07C-74F6-4E2D-8CCC-F9D2CBF40F0D}D:\games\heroes of the storm\versions\base63635\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base63635\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{88182815-3DAF-4269-8FA7-123860A93429}D:\games\warcraft iii\warcraft iii.exe] => (Allow) D:\games\warcraft iii\warcraft iii.exe
FirewallRules: [UDP Query User{36958857-4529-4926-B45A-EECAF2391FC9}D:\games\warcraft iii\warcraft iii.exe] => (Allow) D:\games\warcraft iii\warcraft iii.exe
FirewallRules: [{E18F46C4-CDC9-4F65-A872-A8A9D96FF443}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{266022B5-B606-42B8-9F27-D22BE60C88E8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{E40C1F5F-7D78-497D-9646-8E16FB37B2F6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{C46D0F27-63E0-43CE-B6EF-27EEB2845471}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{A5ECB548-33E5-493F-A1D6-C08250FF9841}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe
FirewallRules: [{3A2561AB-44A5-4726-95E0-204621507902}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe
FirewallRules: [TCP Query User{474D8195-8A28-4F6C-8D8B-0BB415109A7B}C:\program files (x86)\common files\oracle\java\javapath_target_31836543\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_31836543\java.exe
FirewallRules: [UDP Query User{546A282D-B815-4491-BE07-0DC891F4BB2D}C:\program files (x86)\common files\oracle\java\javapath_target_31836543\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_31836543\java.exe
FirewallRules: [TCP Query User{21ACAA9B-0C3F-4877-8F9B-3446243D6175}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [UDP Query User{E85CC8B4-8E65-441A-80B2-3DE2E492B26C}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [{D7EBC8DA-55F4-4DA4-848C-DBB80CAD4CF4}] => (Allow) LPort=25565
FirewallRules: [{DB73CA35-DDC0-4264-830E-C74BA0471133}] => (Allow) LPort=25565
FirewallRules: [{66739122-9100-4864-817D-5A662A2C62CC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{7B378B52-C55D-4B18-95DF-70C1BBFD5F00}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{4EA0D9FE-FB2B-479A-B973-EEF778072B6F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{81789CA9-170A-4900-AA28-5CCC2D636BC9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{74355DB9-3F5C-4245-8556-D6198F65A6B0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{FB62C05F-DD07-4872-9DFC-23C47B2D4017}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{07F5CBAB-5F37-43AC-9C43-B1157D42DF6B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{6E5FBC37-5A5E-4245-967A-D8A5CC1F4F48}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{4929167B-65B5-4A7E-BDB4-B361A36C9C3D}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{1BBC7469-C983-42CF-A310-2FBF394DB4B7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{D606B10E-1B63-498D-A73D-563BDF505212}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{B32743F0-A4AC-4C5F-B155-05AA1AE63200}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{0FD1C913-F5B4-4727-A408-1B28D74B2EA3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{2D3AAD01-E63F-4CE0-8003-8F6028E24508}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{13077706-A8DC-4184-BF73-CF2EE0B6AE6E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe
FirewallRules: [{8C648D62-AEA2-4465-A371-73030D073876}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe
FirewallRules: [{029091A3-5DEA-4321-8AEF-B709E3861F09}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe
FirewallRules: [TCP Query User{8C5D110E-DBA3-44E8-B3F2-3C6F48F041FF}D:\program files (x86)\steam\steamapps\common\wolcen\win_x64\wolcen.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\wolcen\win_x64\wolcen.exe
FirewallRules: [UDP Query User{95C4142C-3940-4EFC-A0A7-9F681660A7CB}D:\program files (x86)\steam\steamapps\common\wolcen\win_x64\wolcen.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\wolcen\win_x64\wolcen.exe
FirewallRules: [TCP Query User{316D43C9-9478-42D6-B3F1-D09E5FC22806}D:\games\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D47C865E-0A3E-484D-8824-05131865F424}D:\games\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base65846\heroesofthestorm_x64.exe
FirewallRules: [{83BC747A-EE22-4507-A54B-CE2A41D69021}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{382D1FBB-E830-4636-B999-2F573BEBE971}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{CB18BE35-3445-4A84-8CC7-589DF140AB7A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe
FirewallRules: [{FAC3BD82-2E35-4D12-B361-C8834AEC0D08}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe
FirewallRules: [{BD12C662-D615-444C-AF8F-DC1A682BD25F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{D9177F28-0F92-4E5A-83E1-66AFA7924A6C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [TCP Query User{678E07EC-A358-4CD8-8671-B5A35C13703E}D:\games\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3F3D9FA8-4E93-4AFF-90D1-52E7F9F15A2B}D:\games\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0F93D101-1B85-43F5-BA96-B10BC293825E}D:\games\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{727D838E-A22A-4525-9563-483151BBD0DE}D:\games\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe
FirewallRules: [{89BEAFA1-74DC-49F9-8CF0-561EF7E985F7}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{F5FD41B8-C534-480E-8C0B-DF507508744C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [TCP Query User{3A145C2C-8D09-492C-816D-A64B97505C85}D:\program files\utorrent\utorrent.exe] => (Allow) D:\program files\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2020D703-978A-4A95-81DF-7B4F7BFFA559}D:\program files\utorrent\utorrent.exe] => (Allow) D:\program files\utorrent\utorrent.exe
FirewallRules: [TCP Query User{E812864B-EB24-481E-A006-8DCE191820CE}C:\quick games\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\quick games\world of warcraft\utils\wowvoiceproxy.exe
FirewallRules: [UDP Query User{F99DD956-CD51-4504-BB6D-8C955642FBAE}C:\quick games\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\quick games\world of warcraft\utils\wowvoiceproxy.exe
FirewallRules: [{DBF010B6-17D1-48FA-9530-BF4AEC0EF594}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{0033E51F-32EF-4C4A-8432-6670AA9B4DA8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{648964FA-8941-4C4C-A189-97EC023D37F0}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{E6139E14-6E0C-4A0D-9605-776B019FD2EE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{6ECB9205-D8FC-4687-99D8-710C4B0BB9C9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{B65087DF-0240-431E-AFD8-D3425A34D86F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-07-2018 23:01:05 Driver Booster : Intel(R) 100 Series/C230 Chipset Family SATA AHCI Controller
08-08-2018 11:03:00 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

Name: ASMedia USB Root Hub
Description: ASMedia USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: asmthub3
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2018 09:04:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/14/2018 08:41:41 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.

Error: (08/14/2018 08:08:32 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.

Error: (08/14/2018 07:57:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/13/2018 09:41:41 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.

Error: (08/13/2018 08:41:41 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.

Error: (08/13/2018 08:24:48 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadaný účet již existuje.

Error: (08/13/2018 08:14:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (08/14/2018 09:04:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (08/14/2018 09:03:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (08/14/2018 09:03:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/14/2018 09:03:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Telemetry Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (08/14/2018 09:03:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (08/14/2018 09:03:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/14/2018 07:57:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (08/13/2018 10:06:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {F9717507-6651-4EDB-BFF7-AE615179BCCF} se v daném časovém limitu neregistroval u služby DCOM.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16336.94 MB
Available physical RAM: 12970.23 MB
Total Virtual: 32672.04 MB
Available Virtual: 28633.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.02 GB) (Free:64.44 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:1863.01 GB) (Free:698.87 GB) NTFS

\\?\Volume{0ea20eea-00ec-4df4-ba5f-c47041e2dd82}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B7FE9059)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Bordel v PC

#7 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    Folder: C:\Program Files (x86)\Revora
    File: C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
    File: D:\Program Files (x86)\Tunngle\TnglCtrl.exe 
    CMD: echo %PATH%
    
    HKU\S-1-5-21-3068495315-2313553650-1538864807-1000\...\MountPoints2: {3ff902b2-a334-11e7-9703-d8cb8ac644e2} - E:\setup.exe
    IFEO\CNC3.exe: [Debugger] 
    IFEO\CNC3EP1.exe: [Debugger] 
    IFEO\generals.exe: [Debugger] 
    IFEO\RA3.exe: [Debugger] C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
    GroupPolicy: Restriction ? <==== ATTENTION
    CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps://www.google.com/"
    2018-08-14 21:12 - 2018-08-14 21:12 - 000112640 _____ (forum.viry.cz) C:\Users\Merm\Desktop\FRSTLauncher.exe
    2018-08-14 20:02 - 2018-08-14 20:02 - 000000000 ____D C:\rsit
    2018-08-14 20:02 - 2018-08-14 20:02 - 000000000 ____D C:\Program Files\trend micro
    2018-08-13 21:47 - 2018-08-14 19:57 - 000000000 ____D C:\ProgramData\McAfee
    2018-08-14 20:03 - 2017-09-13 14:28 - 000002882 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Merm)
    2018-07-25 20:08 - 2017-09-06 13:25 - 000000000 ____D C:\ProgramData\IObit
    2018-07-18 23:06 - 2017-09-06 13:25 - 000001170 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
    2018-07-18 22:46 - 2017-09-06 13:24 - 000000000 ____D C:\Users\Merm\AppData\Roaming\IObit
    
    Task: {D7433C2D-818A-4DF6-8CB2-C4C49C3580CE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-10-08] ()
    Task: {DC9C774F-06AD-4F1B-A0CD-ED789AAA0C66} - System32\Tasks\Driver Booster SkipUAC (Merm) => D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe [2017-07-28] (IObit)
    Task: {E1001D79-7160-4AD8-8641-4A447312F8A2} - System32\Tasks\{1806E023-2CC0-451E-A684-301D123E0705} => D:\Downloads\Warcraft-III-Setup (3).exe
    FirewallRules: [{270276FE-9DBE-4889-B3BE-9559DCC39E04}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
    FirewallRules: [{6932EE32-071D-4D9C-B327-90EB4D9CCB63}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
    FirewallRules: [{2A43DF8D-3B91-4651-9080-69E58C66413D}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DBDownloader.exe
    FirewallRules: [{2D8B3481-A5F1-4DD0-B010-431E760816AD}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DBDownloader.exe
    FirewallRules: [{C855F517-D751-4344-9FF1-1122F72C4491}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\AutoUpdate.exe
    FirewallRules: [{D242BEA5-0E7C-42BA-B87A-0BA98F8588C9}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\AutoUpdate.exe
    
    C:\Windows\AutoKMS\AutoKMS.exe
    C:\Program Files\IObit
    C:\Program Files (x86)\IObit
    C:\Program Files\Common Files\IObit
    C:\ProgramData\IObit
    C:\ProgramData\ProductData
    C:\Users\Merm\AppData\Roaming\IObit
    C:\Users\Merm\AppData\LocalLow\IObit
    C:\Users\Merm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Driver Booster*
    C:\Users\Merm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Advanced SystemCare*
    C:\Users\Default\AppData\Roaming\IObit
    C:\Users\Default\AppData\LocalLow\IObit
    C:\Users\Public\Desktop\*Driver Booster*
    C:\Users\Public\Desktop\*Advanced SystemCare*
    C:\Windows\IObit
    C:\Windows\Tasks\ImCleanDisabled
    C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Re: Bordel v PC

#8 Příspěvek od Windi »

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Merm (14-08-2018 22:09:49) Run:1
Running from C:\Users\Merm\Desktop
Loaded Profiles: Merm (Available Profiles: Merm)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Folder: C:\Program Files (x86)\Revora
File: C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
File: D:\Program Files (x86)\Tunngle\TnglCtrl.exe
CMD: echo %PATH%

HKU\S-1-5-21-3068495315-2313553650-1538864807-1000\...\MountPoints2: {3ff902b2-a334-11e7-9703-d8cb8ac644e2} - E:\setup.exe
IFEO\CNC3.exe: [Debugger]
IFEO\CNC3EP1.exe: [Debugger]
IFEO\generals.exe: [Debugger]
IFEO\RA3.exe: [Debugger] C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
GroupPolicy: Restriction ? <==== ATTENTION
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps: ... oogle.com/"
2018-08-14 21:12 - 2018-08-14 21:12 - 000112640 _____ (forum.viry.cz) C:\Users\Merm\Desktop\FRSTLauncher.exe
2018-08-14 20:02 - 2018-08-14 20:02 - 000000000 ____D C:\rsit
2018-08-14 20:02 - 2018-08-14 20:02 - 000000000 ____D C:\Program Files\trend micro
2018-08-13 21:47 - 2018-08-14 19:57 - 000000000 ____D C:\ProgramData\McAfee
2018-08-14 20:03 - 2017-09-13 14:28 - 000002882 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Merm)
2018-07-25 20:08 - 2017-09-06 13:25 - 000000000 ____D C:\ProgramData\IObit
2018-07-18 23:06 - 2017-09-06 13:25 - 000001170 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2018-07-18 22:46 - 2017-09-06 13:24 - 000000000 ____D C:\Users\Merm\AppData\Roaming\IObit

Task: {D7433C2D-818A-4DF6-8CB2-C4C49C3580CE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-10-08] ()
Task: {DC9C774F-06AD-4F1B-A0CD-ED789AAA0C66} - System32\Tasks\Driver Booster SkipUAC (Merm) => D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe [2017-07-28] (IObit)
Task: {E1001D79-7160-4AD8-8641-4A447312F8A2} - System32\Tasks\{1806E023-2CC0-451E-A684-301D123E0705} => D:\Downloads\Warcraft-III-Setup (3).exe
FirewallRules: [{270276FE-9DBE-4889-B3BE-9559DCC39E04}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
FirewallRules: [{6932EE32-071D-4D9C-B327-90EB4D9CCB63}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
FirewallRules: [{2A43DF8D-3B91-4651-9080-69E58C66413D}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DBDownloader.exe
FirewallRules: [{2D8B3481-A5F1-4DD0-B010-431E760816AD}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\DBDownloader.exe
FirewallRules: [{C855F517-D751-4344-9FF1-1122F72C4491}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\AutoUpdate.exe
FirewallRules: [{D242BEA5-0E7C-42BA-B87A-0BA98F8588C9}] => (Allow) D:\Program Files (x86)\IObit\Driver Booster\4.5.0\AutoUpdate.exe

C:\Windows\AutoKMS\AutoKMS.exe
C:\Program Files\IObit
C:\Program Files (x86)\IObit
C:\Program Files\Common Files\IObit
C:\ProgramData\IObit
C:\ProgramData\ProductData
C:\Users\Merm\AppData\Roaming\IObit
C:\Users\Merm\AppData\LocalLow\IObit
C:\Users\Merm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Driver Booster*
C:\Users\Merm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Advanced SystemCare*
C:\Users\Default\AppData\Roaming\IObit
C:\Users\Default\AppData\LocalLow\IObit
C:\Users\Public\Desktop\*Driver Booster*
C:\Users\Public\Desktop\*Advanced SystemCare*
C:\Windows\IObit
C:\Windows\Tasks\ImCleanDisabled
C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= Folder: C:\Program Files (x86)\Revora ========================

2018-02-16 19:25 - 2018-02-16 19:25 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files (x86)\Revora\CNCOnline
2014-12-29 20:06 - 2014-12-29 20:06 - 000016896 ____A [1BD5176B69ED63B53799205E68BF3045] (Revora) C:\Program Files (x86)\Revora\CNCOnline\cnconline.dll
2014-12-29 20:06 - 2014-12-29 20:06 - 000972800 ____A [CC6F1C5A22FBB82B008BCD3CE8714211] (Revora) C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
2009-03-07 14:02 - 2009-03-07 14:02 - 000098304 ____A [86A7B1535194628A2B5859AED61EF0F8] () C:\Program Files (x86)\Revora\CNCOnline\EasyHook32.dll
2014-12-29 20:06 - 2014-12-29 20:06 - 000008192 ____A [ACA97D44C992EAF3C2FA2ED6C4CC713A] (Revora) C:\Program Files (x86)\Revora\CNCOnline\EReg.exe
2014-12-29 20:06 - 2014-12-29 20:06 - 000014336 ____A [A3930404F315F483AFE94B01EF1C8607] (Revora) C:\Program Files (x86)\Revora\CNCOnline\ifeo.exe
2014-04-20 19:25 - 2014-04-20 19:25 - 000535008 ____A [3E29914113EC4B968BA5EB1F6D194A0A] (Microsoft Corporation) C:\Program Files (x86)\Revora\CNCOnline\msvcp110.dll
2014-04-20 19:25 - 2014-04-20 19:25 - 000875472 ____A [4BA25D2CBE1587A841DCFB8C8C4A6EA6] (Microsoft Corporation) C:\Program Files (x86)\Revora\CNCOnline\msvcr110.dll
2013-09-12 17:12 - 2013-09-12 17:12 - 000943616 ____A [E796C2EC3D27460629759CD618EA0A48] (winsparkle.org) C:\Program Files (x86)\Revora\CNCOnline\WinSparkle.dll

====== End of Folder: ======


========================= File: C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe ========================

C:\Program Files (x86)\Revora\CNCOnline\cnconline.exe
File not signed
MD5: CC6F1C5A22FBB82B008BCD3CE8714211
Creation and modification date: 2014-12-29 20:06 - 2014-12-29 20:06
Size: 000972800
Attributes: ----A
Company Name: Revora
Internal Name: cnconline
Original Name: cnconline.exe
Product: C&C:Online
Description: C&C:Online Launcher
File Version: 2.0.7
Product Version: 2.0.7
Copyright: Copyright (C) 2014 Philippe Baumann
VirusTotal: https://www.virustotal.com/file/8d15f2c ... 523918712/

====== End of File: ======


========================= File: D:\Program Files (x86)\Tunngle\TnglCtrl.exe ========================

D:\Program Files (x86)\Tunngle\TnglCtrl.exe
File not signed
MD5: BA48236FFCFF9E9905D76EC041C336A0
Creation and modification date: 2017-03-14 18:45 - 2017-06-30 14:07
Size: 000873968
Attributes: ----A
Company Name: Tunngle.net GmbH
Internal Name: TunngleService
Original Name: TnglCtrl.exe
Product: Tunngle Network Service
Description: Tunngle Service
File Version: 5.8.9.0
Product Version: Release
Copyright: Copyright © Tunngle.net GmbH. All rights reserved.
VirusTotal: https://www.virustotal.com/file/d8ab8b6 ... 533654076/

====== End of File: ======


========= echo %PATH% =========

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common

========= End of CMD: =========

"HKU\S-1-5-21-3068495315-2313553650-1538864807-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ff902b2-a334-11e7-9703-d8cb8ac644e2}" => removed successfully
HKLM\Software\Classes\CLSID\{3ff902b2-a334-11e7-9703-d8cb8ac644e2} => not found
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CNC3.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CNC3EP1.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\generals.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RA3.exe" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"Chrome StartupUrls" => removed successfully
C:\Users\Merm\Desktop\FRSTLauncher.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Merm) => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Users\Public\Desktop\Driver Booster 4.lnk => moved successfully
C:\Users\Merm\AppData\Roaming\IObit => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D7433C2D-818A-4DF6-8CB2-C4C49C3580CE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7433C2D-818A-4DF6-8CB2-C4C49C3580CE}" => removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC9C774F-06AD-4F1B-A0CD-ED789AAA0C66}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC9C774F-06AD-4F1B-A0CD-ED789AAA0C66}" => removed successfully
"C:\Windows\System32\Tasks\Driver Booster SkipUAC (Merm)" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Merm)" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1001D79-7160-4AD8-8641-4A447312F8A2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1001D79-7160-4AD8-8641-4A447312F8A2}" => removed successfully
C:\Windows\System32\Tasks\{1806E023-2CC0-451E-A684-301D123E0705} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1806E023-2CC0-451E-A684-301D123E0705}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{270276FE-9DBE-4889-B3BE-9559DCC39E04}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6932EE32-071D-4D9C-B327-90EB4D9CCB63}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A43DF8D-3B91-4651-9080-69E58C66413D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D8B3481-A5F1-4DD0-B010-431E760816AD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C855F517-D751-4344-9FF1-1122F72C4491}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D242BEA5-0E7C-42BA-B87A-0BA98F8588C9}" => removed successfully
C:\Windows\AutoKMS\AutoKMS.exe => moved successfully
"C:\Program Files\IObit" => not found
"C:\Program Files (x86)\IObit" => not found
"C:\Program Files\Common Files\IObit" => not found
"C:\ProgramData\IObit" => not found
C:\ProgramData\ProductData => moved successfully
"C:\Users\Merm\AppData\Roaming\IObit" => not found
C:\Users\Merm\AppData\LocalLow\IObit => moved successfully

=========== "C:\Users\Merm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Driver Booster*" ==========

not found

========= End -> "C:\Users\Merm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Driver Booster*" ========


=========== "C:\Users\Merm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Advanced SystemCare*" ==========

not found

========= End -> "C:\Users\Merm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*Advanced SystemCare*" ========

"C:\Users\Default\AppData\Roaming\IObit" => not found
"C:\Users\Default\AppData\LocalLow\IObit" => not found

=========== "C:\Users\Public\Desktop\*Driver Booster*" ==========

not found

========= End -> "C:\Users\Public\Desktop\*Driver Booster*" ========


=========== "C:\Users\Public\Desktop\*Advanced SystemCare*" ==========

not found

========= End -> "C:\Users\Public\Desktop\*Advanced SystemCare*" ========

C:\Windows\IObit => moved successfully
"C:\Windows\Tasks\ImCleanDisabled" => not found
"C:\ProgramData\{13CFD044-61E4-4EAC-AD61-02536D961216}" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78675010 B
Java, Flash, Steam htmlcache => 350680635 B
Windows/system/drivers => 167756220 B
Edge => 0 B
Chrome => 818662238 B
Firefox => 49178507 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 0 B
Merm => 1413582657 B

RecycleBin => 3796698736 B
EmptyTemp: => 6.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:10:38 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Bordel v PC

#9 Příspěvek od Conder »

:arrow: Poznas tieto subory?
C:\Users\Merm\Desktop\2050 227.mws
C:\Users\Merm\Desktop\2050 227
C:\Users\Merm\Desktop\227 2050.mp

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    Folder: C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Pockaj na dokoncenie
  • Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Re: Bordel v PC

#10 Příspěvek od Windi »

Conder píše::arrow: Poznas tieto subory?
C:\Users\Merm\Desktop\2050 227.mws
C:\Users\Merm\Desktop\2050 227
C:\Users\Merm\Desktop\227 2050.mp

Ano, to jsou soubory, které jsem vyrobil multipingem.

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Merm (15-08-2018 19:18:13) Run:2
Running from C:\Users\Merm\Desktop
Loaded Profiles: Merm (Available Profiles: Merm)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
Folder: C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4
End
*****************


========================= Folder: C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4 ========================

2018-08-13 21:49 - 2018-08-13 21:49 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4\GPUCache
2018-08-13 21:49 - 2018-08-13 21:49 - 000008192 ____A [CF89D16BB9107C631DAABF0C0EE58EFB] () C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4\GPUCache\data_0
2018-08-13 21:49 - 2018-08-13 21:49 - 000270336 ____A [D0D388F3865D0523E451D6BA0BE34CC4] () C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4\GPUCache\data_1
2018-08-13 21:49 - 2018-08-13 21:49 - 000008192 ____A [0962291D6D367570BEE5454721C17E11] () C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4\GPUCache\data_2
2018-08-13 21:49 - 2018-08-13 21:49 - 000008192 ____A [41876349CB12D6DB992F1309F22DF3F0] () C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4\GPUCache\data_3
2018-08-13 21:49 - 2018-08-13 21:49 - 000262512 ____A [6B9D299557CD813E287061751FF5444B] () C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4\GPUCache\index

====== End of Folder: ======


==== End of Fixlog 19:18:13 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Bordel v PC

#11 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Re: Bordel v PC

#12 Příspěvek od Windi »

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Merm (15-08-2018 22:20:39) Run:3
Running from C:\Users\Merm\Desktop
Loaded Profiles: Merm (Available Profiles: Merm)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Users\Merm\AppData\Roaming\facebook-nativefier-1252c4 => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18729443 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 11156584 B
Edge => 0 B
Chrome => 388436629 B
Firefox => 44755701 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Merm => 13845754 B

RecycleBin => 0 B
EmptyTemp: => 462.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:20:56 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Bordel v PC

#13 Příspěvek od Conder »

:arrow: Vyzera to uz OK. Su este nejake problemy s PC?

:arrow: Odporucam doinstalovat vsetky dolezite aktualizacie cez Windows Update.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Windi
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 15 pro 2011 20:56

Re: Bordel v PC

#14 Příspěvek od Windi »

Vypadá to okay. :thumbsup:
Moc děkuji za pomoc. Skvělá práce :guitar:

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Bordel v PC

#15 Příspěvek od Conder »

Nie je zaco, rad som pomohol :)
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět