Ahoj,
moc prosím o kontrolu logu. Podařilo se mi dost zavirovat počítač.
Např: automatické přesměrování ve webových prohlížečích. Nemožnost instalace většiny antivirových programů, vypnutí Copy/Paste ve webových prohlížečích apod.
Log z FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08.11.2018
Ran by Lubomir (administrator) on LUBOMIR-PC (09-11-2018 23:39:06)
Running from E:\
Loaded Profiles: Lubomir & DefaultAppPool (Available Profiles: Lubomir & DefaultAppPool)
Platform: Windows 10 Pro Version 1809 17763.55 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dropbox, Inc.) C:\Users\Lubomir\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(© 2015 Microsoft Corporation) C:\Users\Lubomir\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\CompPkgSrv.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Sysinternals - www.sysinternals.com) E:\Tcpview.exe
(C. Ghisler & Co.) C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] ()
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [99872 2017-11-13] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [700328 2017-01-06] (Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [Viber] => C:\Users\Lubomir\AppData\Local\Viber\Viber.exe [36762184 2018-10-22] (Viber Media S.Ã r.l.)
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [Dropbox Update] => C:\Users\Lubomir\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [BingSvc] => C:\Users\Lubomir\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [746376 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [Spotify] => C:\Users\Lubomir\AppData\Roaming\Spotify\Spotify.exe [25162472 2018-10-23] (Spotify Ltd)
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19467544 2018-10-23] (Piriform Ltd)
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Policies\Explorer: []
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\Voyasollam\DongPlus.dll => C:\ProgramData\Voyasollam\DongPlus.dll [342528 2018-11-09] ()
Startup: C:\Users\Lubomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-11-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lubomir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{22a6e55f-9392-4421-935c-e3d3f993f092}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{449b1cf4-f699-410e-8dd1-ab6df975a179}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{604f5457-fefe-4920-83ba-be3f608faa80}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{bb9f1de5-8f01-488a-aad9-7a6004b9182a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ef8a3065-58ab-40ec-b086-b1e501768d2c}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{ef8a3065-58ab-40ec-b086-b1e501768d2c}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{f364660c-3fa9-41b1-a089-921aa8563576}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130858014293927778&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420214614&from=ild&uid=KINGSTONXSV300S37A120G_50026B72370214E4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1420214614&from=ild&uid=KINGSTONXSV300S37A120G_50026B72370214E4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420214614&from=ild&uid=KINGSTONXSV300S37A120G_50026B72370214E4&q={searchTerms}
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1di8g13ev7hibvEWFfpQoRl5wfz-bm_wdfT5dGY0aXVr52D9A7Xt8VfrYkpvO6eqLgvuAQ9Cy_11C0TAiyFutoCU6ZUkVFwMmvPBGbgeUrvl3VGiYcerJjckJau6L5Kj2aupIQe_Q4TMIUYq1eppzVrTbw,&q={searchTerms}
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1di8g13ev7hibvEWFfpQoRl5wfz-bm_wdfT5dGY0aXVr52D9A7Xt8VfrYkpvO6eqLgjhj9DuSeFq6QBqA1XDhIfYjlcBFJkz-S8p2gCxUBte2C_6RBGkxxkMecCNGZGZA2Pl3h-iAugX_DvR0sI9-Ha3jo,
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={D4E6BB97-CADF-4A5D-B761-A0952A434F40}&i=
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1di8g13ev7hibvEWFfpQoRl5wfz-bm_wdfT5dGY0aXVr52D9A7Xt8VfrYkpvO6eqLgvuAQ9Cy_11C0TAiyFutoCU6ZUkVFwMmvPBGbgeUrvl3VGiYcerJjckJau6L5Kj2aupIQe_Q4TMIUYq1eppzVrTbw,&q={searchTerms}
SearchScopes: HKLM-x32 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1di8g13ev7hibvEWFfpQoRl5wfz-bm_wdfT5dGY0aXVr52D9A7Xt8VfrYkpvO6eqLgvuAQ9Cy_11C0TAiyFutoCU6ZUkVFwMmvPBGbgeUrvl3VGiYcerJjckJau6L5Kj2aupIQe_Q4TMIUYq1eppzVrTbw,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10181_1360_171116__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> {C9B32267-1775-4FC7-92C9-F6F42FD28C53} URL = hxxp://search.eshield.com/serp?guid={D4E6BB97-CADF-4A5D-B761-A0952A434F40}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1di8g13ev7hibvEWFfpQoRl5wfz-bm_wdfT5dGY0aXVr52D9A7Xt8VfrYkpvO6eqLgvuAQ9Cy_11C0TAiyFutoCU6ZUkVFwMmvPBGbgeUrvl3VGiYcerJjckJau6L5Kj2aupIQe_Q4TMIUYq1eppzVrTbw,&q={searchTerms}
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-10-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-28] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-28] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> No Name - {00011268-E188-40DF-A514-835FCD78B1BF} - No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-16] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-26] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-26] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-26] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-26] (Microsoft Corporation)
Edge:
======
Edge Extension: (BookReader) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets [2018-09-15]
Edge Extension: (PinJSAPI) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [2018-09-15]
FireFox:
========
FF DefaultProfile: 1txgspni.default
FF ProfilePath: C:\Users\Lubomir\AppData\Roaming\Mozilla\Firefox\Profiles\1txgspni.default [2018-11-09]
FF NewTab: Mozilla\Firefox\Profiles\1txgspni.default -> file:///C:/ProgramData/Voyasollams/ff.NT
FF Extension: (Refundo Toolbar) - C:\Users\Lubomir\AppData\Roaming\Mozilla\Firefox\Profiles\1txgspni.default\Extensions\toolbar@refundo.cz.xpi [2018-01-02]
FF Extension: (Avast Online Security) - C:\Users\Lubomir\AppData\Roaming\Mozilla\Firefox\Profiles\1txgspni.default\Extensions\wrc@avast.com.xpi [2018-09-17]
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\Lubomir\AppData\Roaming\Mozilla\Firefox\Profiles\1txgspni.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-10-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-10-06] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-08-16] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft OneDrive\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-08-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3332989908-1278005487-3233361258-1000: www.mydlink.com/Uplayer -> C:\Users\Lubomir\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-Link Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1di8g13ev7hibvEWFfpQoRl5wfz-bm_wdfT5dGY0aXVr52D9A7Xt8VfrYkpvO6eqLgvr4rwZvNTe-7xvE9JP9vJ5KERDYWKpSfJolcc3OViO3qY0L8Aq23ujgHcRWQ8QqUlt6GOKtOI7xnKi9YhcZgMQ8I,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Profile: C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default [2018-11-09]
CHR Extension: (Dokumenty) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Disk Google) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-07]
CHR Extension: (Vyhledávání Google) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-07]
CHR Extension: (eShield) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp [2016-02-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-18]
CHR Extension: (Bing) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-03-08]
CHR Extension: (Tabulky) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-31]
CHR Extension: (NewTab) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\imhlianhlhdicjchlbmbfaefhhjencbe [2017-12-30]
CHR Extension: (mydlink services plugin) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2016-11-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-01]
CHR HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lubomir\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-11-26]
CHR HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1290744 2017-01-06] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R2 BrokerInfrastructure; C:\WINDOWS\System32\psmsrv.dll [241664 2018-09-15] (Microsoft Corporation)
S3 cbdhsvc; C:\WINDOWS\System32\cbdhsvc.dll [961024 2018-09-15] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9667872 2018-10-24] (Microsoft Corporation)
S3 ConsentUxUserSvc; C:\WINDOWS\System32\ConsentUxClient.dll [157696 2018-09-15] (Microsoft Corporation)
S3 DisplayEnhancementService; C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [914944 2018-09-15] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3346856 2018-05-30] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2213696 2018-09-06] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3084104 2018-09-06] (Electronic Arts)
S3 perceptionsimulation; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [78848 2018-09-15] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-09-01] ()
R2 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381624 2018-09-15] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2018-10-04] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-09] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-09] (Microsoft Corporation)
S3 WManSvc; C:\WINDOWS\system32\Windows.Management.Service.dll [370176 2018-09-15] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BasicDisplay; C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys [68096 2018-09-15] (Microsoft Corporation)
R1 BasicRender; C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys [37376 2018-09-15] (Microsoft Corporation)
S3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [34816 2018-09-15] (Microsoft Corporation)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2016-03-09] ()
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-05-22] (LogMeIn Inc.)
S3 hidspi; C:\WINDOWS\System32\drivers\hidspi.sys [60928 2018-09-15] (Microsoft Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [180736 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2018-09-15] (Intel Corporation)
S3 MbbCx; C:\WINDOWS\System32\drivers\MbbCx.sys [290816 2018-09-15] (Microsoft Corporation)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [53760 2018-09-15] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 PktMon; C:\WINDOWS\System32\drivers\PktMon.sys [85504 2018-09-15] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Realtek )
R0 Si3114r5; C:\WINDOWS\System32\drivers\Si3114r5.sys [327720 2008-04-29] (Silicon Image, Inc)
S3 Si3531; C:\WINDOWS\System32\drivers\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\drivers\SiWinAcc.sys [22568 2008-04-29] (Silicon Image, Inc.)
R0 SiRemFil; C:\WINDOWS\System32\drivers\SiRemFil.sys [16936 2008-04-29] (Silicon Image, Inc.)
S0 SmartSAMD; C:\WINDOWS\System32\drivers\SmartSAMD.sys [219960 2018-09-15] (Microsemi Corportation)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 UcmUcsiAcpiClient; C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys [31232 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\WINDOWS\System32\Drivers\UcmUcsiCx.sys [99840 2018-09-15] (Microsoft Corporation)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-11-09] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-11-09] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-09] (Microsoft Corporation)
R3 WinQuic; C:\WINDOWS\System32\drivers\winquic.sys [156984 2018-09-15] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-09 23:38 - 2018-11-09 23:39 - 000000000 ____D C:\FRST
2018-11-09 23:10 - 2018-11-09 23:10 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-11-09 22:54 - 2018-11-09 22:54 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-09 22:54 - 2018-11-09 22:54 - 000002864 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-11-09 22:54 - 2018-11-09 22:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-09 22:54 - 2018-11-09 22:54 - 000000000 ____D C:\Program Files\CCleaner
2018-11-09 21:30 - 2018-11-09 22:20 - 115343360 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-11-09 21:23 - 2018-11-09 21:30 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-11-09 19:42 - 2018-11-09 19:42 - 000000270 __RSH C:\Users\Lubomir\ntuser.pol
2018-11-09 19:40 - 2018-11-09 19:40 - 000000000 ___HD C:\$AV_ASW
2018-11-09 19:39 - 2018-11-09 20:11 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-11-09 19:39 - 2018-11-09 20:09 - 000000000 ____D C:\ProgramData\Voyasollam
2018-11-09 19:39 - 2018-11-09 19:40 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\CRMSvc
2018-11-09 19:39 - 2018-11-09 19:40 - 000000000 ____D C:\ProgramData\PrefsSecure
2018-11-09 19:39 - 2018-11-09 19:39 - 007800320 _____ C:\Users\Lubomir\AppData\Local\agent.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 002019900 _____ C:\Users\Lubomir\AppData\Local\Superla.tst
2018-11-09 19:39 - 2018-11-09 19:39 - 000722944 _____ C:\Users\Lubomir\AppData\Local\sham.db
2018-11-09 19:39 - 2018-11-09 19:39 - 000140800 _____ C:\Users\Lubomir\AppData\Local\installer.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000126464 _____ C:\Users\Lubomir\AppData\Local\noah.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000070896 _____ C:\Users\Lubomir\AppData\Local\Config.xml
2018-11-09 19:39 - 2018-11-09 19:39 - 000018432 _____ C:\Users\Lubomir\AppData\Local\Main.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000016416 _____ C:\Users\Lubomir\AppData\Local\InstallationConfiguration.xml
2018-11-09 19:39 - 2018-11-09 19:39 - 000015606 _____ C:\WINDOWS\SysWOW64\findit.xml
2018-11-09 19:39 - 2018-11-09 19:39 - 000005568 _____ C:\Users\Lubomir\AppData\Local\md.xml
2018-11-09 19:39 - 2018-11-09 19:39 - 000000000 ____D C:\ProgramData\Voyasollams
2018-11-09 19:39 - 2018-11-09 19:39 - 000000000 ____D C:\ProgramData\953862eb-65f7-0
2018-11-09 19:39 - 2018-11-09 19:39 - 000000000 ____D C:\ProgramData\953862eb-1447-1
2018-11-09 19:38 - 2018-11-09 20:01 - 000000000 ____D C:\Program Files\S2G9BEIMIR
2018-11-09 19:38 - 2018-11-09 19:48 - 000000000 ____D C:\Program Files (x86)\Multitimer
2018-11-09 19:38 - 2018-11-09 19:47 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\jldgp2nt5f5
2018-11-09 19:38 - 2018-11-09 19:44 - 000000000 ____D C:\Program Files (x86)\SHSK
2018-11-09 19:38 - 2018-11-09 19:42 - 000000404 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2018-11-09 19:38 - 2018-11-09 19:42 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2018-11-09 19:38 - 2018-11-09 19:42 - 000000372 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2018-11-09 19:38 - 2018-11-09 19:38 - 000003298 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2018-11-09 19:38 - 2018-11-09 19:38 - 000000000 ____D C:\Program Files (x86)\Microleaves
2018-11-09 19:37 - 2018-11-09 19:37 - 000000000 ____D C:\ProgramData\Blogger
2018-11-09 19:34 - 2018-11-09 19:35 - 000000000 ____D C:\ProgramData\red
2018-11-09 19:33 - 2018-11-09 20:13 - 000000000 ____D C:\Users\Lubomir\AppData\Local\William
2018-11-09 19:00 - 2018-11-09 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-11-09 19:00 - 2018-11-09 19:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2018-11-09 18:59 - 2018-11-09 18:59 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Microleaves
2018-11-09 18:59 - 2018-11-09 18:59 - 000000000 ____D C:\Users\Lubomir\AppData\Local\AdvinstAnalytics
2018-11-07 21:34 - 2018-11-07 21:34 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Tempzxpsign53f4723f67ad5804
2018-11-07 21:23 - 2018-11-07 21:23 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Tempzxpsign44b51582ecfe9b31
2018-11-07 20:34 - 2018-11-07 20:34 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Tempzxpsigna19744f587b9ce8f
2018-11-07 20:16 - 2018-11-07 20:16 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-11-07 20:13 - 2018-11-07 20:14 - 000000000 ____D C:\ProgramData\Wondershare
2018-11-07 20:13 - 2018-11-07 20:13 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Wondershare
2018-11-07 20:12 - 2018-11-07 20:13 - 000000000 ____D C:\Users\Lubomir\Documents\Wondershare Filmora
2018-11-07 20:11 - 2018-11-07 20:13 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-10-28 15:13 - 2018-11-08 20:27 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Viber
2018-10-28 12:34 - 2018-11-09 19:49 - 000000000 ____D C:\Program Files (x86)\Autodesk
2018-10-28 12:33 - 2018-10-28 12:45 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Autodesk
2018-10-28 12:33 - 2018-10-28 12:42 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Autodesk
2018-10-28 12:33 - 2018-10-28 12:33 - 000000000 ____D C:\Users\Lubomir\Documents\Inventor Server SDK ACAD 2018
2018-10-28 12:32 - 2018-10-28 12:46 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2018-10-28 12:32 - 2018-10-28 12:46 - 000000000 ____D C:\Program Files\Autodesk
2018-10-28 12:31 - 2018-10-28 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2018-10-28 12:30 - 2018-10-28 12:52 - 000000000 ____D C:\ProgramData\Autodesk
2018-10-28 12:28 - 2018-10-28 12:28 - 000000000 ____D C:\Autodesk
2018-10-11 07:24 - 2018-10-11 07:24 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-10-10 06:59 - 2018-10-10 06:59 - 026805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 023440384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 022112072 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 020809216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 019024384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 012857856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 012151296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 011744256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 009951744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 009696768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-10-10 06:59 - 2018-10-10 06:59 - 007861248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 006543224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 006062592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 005584056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 005440016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 004588032 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-10-10 06:59 - 2018-10-10 06:59 - 003981312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 003662336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-10-10 06:59 - 2018-10-10 06:59 - 003600896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 003556864 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 003380736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 003378176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-10-10 06:59 - 2018-10-10 06:59 - 002927096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-10 06:59 - 2018-10-10 06:59 - 002893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 002832896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 002721280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-10-10 06:59 - 2018-10-10 06:59 - 002625552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-10 06:59 - 2018-10-10 06:59 - 002488320 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-10-10 06:59 - 2018-10-10 06:59 - 002469648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 002435488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 002323904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 002186752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 002020560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 001884672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 001863168 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 001830912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 001797128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 001672072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 001590288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 001520208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 001466992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 001360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-10-10 06:59 - 2018-10-10 06:59 - 001255952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-10-10 06:59 - 2018-10-10 06:59 - 001050640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-10-10 06:59 - 2018-10-10 06:59 - 000918496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 000863752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-10 06:59 - 2018-10-10 06:59 - 000850960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 000582248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-10 06:59 - 2018-10-10 06:59 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-10 06:59 - 2018-10-10 06:59 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 000402376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 000398208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-10 06:59 - 2018-10-10 06:59 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-09 23:26 - 2016-11-15 22:34 - 000000000 ____D C:\Users\Lubomir\AppData\LocalLow\Mozilla
2018-11-09 23:25 - 2017-12-04 18:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Codecs
2018-11-09 23:25 - 2014-11-23 19:50 - 000006650 _____ C:\WINDOWS\WINCMD.INI
2018-11-09 23:24 - 2018-07-22 19:27 - 000000000 ____D C:\Users\Lubomir\AppData\Local\LogMeIn Hamachi
2018-11-09 23:19 - 2018-10-04 17:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-11-09 22:58 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-09 22:58 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-09 22:58 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-09 22:58 - 2017-12-10 09:45 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Packages
2018-11-09 22:56 - 2018-09-18 15:47 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\MPC-HC
2018-11-09 22:56 - 2015-05-24 10:20 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-09 22:56 - 2014-11-23 22:41 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\TeamViewer
2018-11-09 22:56 - 2014-11-23 22:41 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-11-09 22:56 - 2014-11-23 20:13 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\uTorrent
2018-11-09 22:55 - 2018-10-04 16:10 - 000000000 ___DC C:\WINDOWS\Panther
2018-11-09 22:55 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-09 22:55 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
2018-11-09 22:55 - 2015-06-10 19:18 - 000000000 ____D C:\Users\Lubomir\AppData\Local\CrashDumps
2018-11-09 22:48 - 2018-10-04 17:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-09 22:27 - 2018-10-04 17:43 - 001921554 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-09 22:27 - 2018-09-15 18:39 - 000781602 _____ C:\WINDOWS\system32\perfh005.dat
2018-11-09 22:27 - 2018-09-15 18:39 - 000172220 _____ C:\WINDOWS\system32\perfc005.dat
2018-11-09 22:23 - 2018-08-11 19:51 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Spotify
2018-11-09 22:23 - 2018-08-11 19:50 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Spotify
2018-11-09 22:21 - 2018-10-04 17:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-09 22:21 - 2016-08-16 11:57 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-09 22:21 - 2015-10-25 13:46 - 000000000 __SHD C:\Users\Lubomir\IntelGraphicsProfiles
2018-11-09 22:20 - 2018-09-15 07:09 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-11-09 22:13 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-09 22:13 - 2018-08-15 09:12 - 000000000 ____D C:\Users\Lubomir\Documents\Soubory aplikace Outlook
2018-11-09 21:31 - 2016-03-12 19:29 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-09 21:21 - 2017-12-29 10:25 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\vlc
2018-11-09 21:01 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-09 21:00 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Windows Defender
2018-11-09 21:00 - 2018-07-22 19:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-11-09 20:51 - 2018-09-17 10:36 - 000000000 ____D C:\Users\Lubomir\AppData\Local\AVAST Software
2018-11-09 20:50 - 2018-09-15 07:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-09 20:50 - 2014-11-23 20:36 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-09 19:42 - 2018-10-04 17:35 - 000000000 ____D C:\Users\Lubomir
2018-11-09 19:42 - 2015-06-18 05:19 - 000000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3332989908-1278005487-3233361258-1000UA.job
2018-11-09 19:42 - 2015-06-18 05:19 - 000000874 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3332989908-1278005487-3233361258-1000Core.job
2018-11-09 19:39 - 2016-08-16 12:05 - 000003636 __RSH C:\ProgramData\ntuser.pol
2018-11-09 19:38 - 2009-07-14 04:20 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-11-09 17:39 - 2018-10-04 17:41 - 000003818 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-09 17:39 - 2018-10-04 17:41 - 000003696 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3332989908-1278005487-3233361258-1000UA
2018-11-09 17:39 - 2018-10-04 17:41 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-11-09 17:39 - 2018-10-04 17:41 - 000003428 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3332989908-1278005487-3233361258-1000Core
2018-11-09 17:39 - 2018-10-04 17:41 - 000003400 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-09 17:39 - 2018-10-04 17:41 - 000003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-09 17:39 - 2018-10-04 17:41 - 000003176 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-09 17:39 - 2018-10-04 17:41 - 000003084 _____ C:\WINDOWS\System32\Tasks\{422CF431-AB16-0FAA-B9C8-36E08940984A}
2018-11-09 17:39 - 2018-10-04 17:41 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3332989908-1278005487-3233361258-1000
2018-11-09 17:39 - 2018-10-04 17:41 - 000002768 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Lubomir-PC-Lubomir
2018-11-09 17:39 - 2018-10-04 17:41 - 000002722 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-Lubomir-PC-Lubomir
2018-11-09 17:39 - 2018-10-04 17:41 - 000002306 _____ C:\WINDOWS\System32\Tasks\{441454EE-061A-4E56-A6ED-78A0B503EC7E}
2018-11-09 17:39 - 2018-10-04 17:41 - 000002226 _____ C:\WINDOWS\System32\Tasks\{A35F0F3D-A239-4200-8E13-2E018388A19B}
2018-11-09 08:05 - 2014-11-26 09:15 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Adobe
2018-11-09 08:02 - 2018-10-04 17:30 - 005390384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-09 08:01 - 2016-11-15 21:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-09 08:01 - 2016-03-12 19:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-08 22:02 - 2017-01-04 22:25 - 000000000 ____D C:\Users\Lubomir\Documents\ViberDownloads
2018-11-08 20:27 - 2015-02-16 20:54 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\ViberPC
2018-11-08 19:39 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-08 19:38 - 2018-09-15 08:39 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2018-11-07 20:16 - 2014-11-23 19:52 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Dropbox
2018-11-06 20:52 - 2015-12-08 22:07 - 000077666 ____H C:\Users\Lubomir\AppData\Local\IconCache.db.backup
2018-11-04 08:26 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-03 15:39 - 2016-03-12 19:28 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-28 21:11 - 2014-11-23 20:47 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Ubisoft Game Launcher
2018-10-28 16:51 - 2016-04-18 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-28 16:51 - 2014-11-23 19:59 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-28 16:50 - 2014-11-23 19:59 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-10-28 12:55 - 2017-12-09 22:25 - 000017920 _____ C:\Users\Lubomir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-26 18:59 - 2017-12-29 10:39 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\dvdcss
2018-10-26 14:16 - 2018-10-04 17:35 - 000002437 _____ C:\Users\Lubomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-26 14:16 - 2015-10-25 13:48 - 000000000 ___RD C:\Users\Lubomir\OneDrive
2018-10-26 07:44 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-10-26 07:43 - 2016-11-19 12:49 - 000000000 ____D C:\Program Files\Microsoft Office
2018-10-17 17:50 - 2014-12-11 10:32 - 000000000 ____D C:\Users\Lubomir\AppData\Local\ElevatedDiagnostics
2018-10-16 06:10 - 2018-07-22 19:49 - 000000000 ____D C:\ProgramData\Packages
2018-10-12 16:40 - 2017-12-10 09:51 - 000000000 ___RD C:\Users\Lubomir\3D Objects
2018-10-12 16:40 - 2015-09-10 06:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-12 16:39 - 2018-09-15 18:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-10-12 16:39 - 2018-09-15 18:40 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-10-12 16:39 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-10-12 16:39 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-10 20:46 - 2018-09-15 07:09 - 000000000 ____D C:\WINDOWS\servicing
2018-10-10 06:58 - 2018-09-15 08:36 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-10-10 06:58 - 2018-09-15 08:36 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-10 06:58 - 2014-11-24 07:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-10 06:56 - 2014-11-24 07:44 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2018-03-03 10:31 - 2018-09-18 18:48 - 000000034 _____ () C:\Users\Lubomir\AppData\Roaming\AdobeWLCMCache.dat
2015-08-12 14:45 - 2015-08-12 14:45 - 000000024 _____ () C:\Users\Lubomir\AppData\Roaming\appdataFr25.bin
2018-11-09 19:39 - 2018-11-09 19:39 - 007800320 _____ () C:\Users\Lubomir\AppData\Local\agent.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000070896 _____ () C:\Users\Lubomir\AppData\Local\Config.xml
2017-12-09 22:25 - 2018-10-28 12:55 - 000017920 _____ () C:\Users\Lubomir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-11-09 19:39 - 2018-11-09 19:39 - 000016416 _____ () C:\Users\Lubomir\AppData\Local\InstallationConfiguration.xml
2018-11-09 19:39 - 2018-11-09 19:39 - 000140800 _____ () C:\Users\Lubomir\AppData\Local\installer.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000018432 _____ () C:\Users\Lubomir\AppData\Local\Main.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000005568 _____ () C:\Users\Lubomir\AppData\Local\md.xml
2018-11-09 19:39 - 2018-11-09 19:39 - 000126464 _____ () C:\Users\Lubomir\AppData\Local\noah.dat
2018-09-28 08:16 - 2018-09-28 08:16 - 000000000 _____ () C:\Users\Lubomir\AppData\Local\oobelibMkey.log
2015-11-08 19:08 - 2016-07-26 20:53 - 000007597 _____ () C:\Users\Lubomir\AppData\Local\Resmon.ResmonCfg
2018-11-09 19:39 - 2018-11-09 19:39 - 000722944 _____ () C:\Users\Lubomir\AppData\Local\sham.db
2018-11-09 19:39 - 2018-11-09 19:39 - 002019900 _____ () C:\Users\Lubomir\AppData\Local\Superla.tst
2015-06-10 18:37 - 2015-06-10 18:38 - 000108288 _____ () C:\Users\Lubomir\AppData\Local\TempSpCoder.vbs
2018-11-09 19:39 - 2018-11-09 19:39 - 000032038 _____ () C:\Users\Lubomir\AppData\Local\uninstall_temp.ico
2015-05-29 19:40 - 2015-06-28 14:45 - 000006840 _____ () C:\Users\Lubomir\AppData\Local\ViberUpdater.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zavirováno. Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zavirováno. Prosím o kontrolu logu
- Přílohy
-
- FRST.rar
- (32.71 KiB) Staženo 83 x
Re: Zavirováno. Prosím o kontrolu logu
Ahoj 
Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
- Uloz na plochu a ukonci vsetky programy
- Spusti AdwCleaner ako spravca
- Odsuhlas licencne podmienky
- Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
- Nechaj zaskrtnute vsetky nalezy
- Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
- Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
- Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Zavirováno. Prosím o kontrolu logu
Díky moc
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-10-2018
# Duration: 00:00:47
# OS: Windows 10 Pro
# Cleaned: 151
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc
Deleted C:\Users\Lubomir\AppData\Roaming\CRMSvc
Deleted C:\Program Files (x86)\Microleaves
Deleted C:\Users\Lubomir\AppData\Roaming\Microleaves
Deleted C:\ProgramData\Voyasollams
Deleted C:\ProgramData\953862EB-65F7-0
Deleted C:\ProgramData\953862EB-1447-1
Deleted C:\Program Files (x86)\Hiru
Deleted C:\Program Files (x86)\myfree codec
Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\ProgramData\PrefsSecure
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
***** [ Files ] *****
Deleted C:\Users\Lubomir\appdata\local\installationconfiguration.xml
Deleted C:\Users\Lubomir\AppData\Local\Main.dat
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\System32\drivers\EsgScanner.sys
Deleted C:\Windows\SysWOW64\findit.xml
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Deleted C:\Users\Lubomir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Deleted C:\Users\Lubomir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
***** [ Tasks ] *****
Deleted C:\Windows\Tasks\Online Application V2G5.job
Deleted C:\Windows\Tasks\Online Application V2G6.job
Deleted C:\Windows\System32\Tasks\{441454EE-061A-4E56-A6ED-78A0B503EC7E}
Deleted C:\Windows\Tasks\Updater_Online_Application.job
Deleted C:\Windows\System32\Tasks\Updater_Online_Application
***** [ Registry ] *****
Deleted HKLM\Software\CRMSvc
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOYASOLLAM.EXE
Deleted HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOYASOLLAM.EXE
Deleted HKCU\Software\mtVoyasollam
Deleted HKLM\Software\Wow6432Node\mtVoyasollam
Deleted HKLM\Software\Wow6432Node\Microleaves
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3a29b21c}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{441454EE-061A-4E56-A6ED-78A0B503EC7E}
Deleted HKCU\Software\1ClickDownload
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted HKLM\Software\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted HKLM\Software\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Deleted HKLM\Software\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted HKLM\Software\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted HKLM\Software\Wow6432Node\5da059a482fd494db3f252126fbc3d5b
Deleted HKLM\Software\5da059a482fd494db3f252126fbc3d5b
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted HKLM\Software\Wow6432Node\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Deleted HKCU\Software\distromatic
Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Voyasollam.exe
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted HKLM\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted HKLM\Software\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{00011268-E188-40DF-A514-835FCD78B1BF}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Deleted HKLM\Software\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Deleted HKLM\Software\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted HKLM\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Deleted HKLM\Software\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted HKLM\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted HKLM\Software\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Deleted HKLM\Software\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Deleted HKLM\Software\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Deleted HKLM\Software\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Deleted HKLM\Software\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted HKLM\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted HKLM\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted HKLM\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted HKLM\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted HKLM\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted HKLM\Software\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Deleted HKLM\Software\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted HKLM\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted HKLM\Software\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Deleted HKLM\Software\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Deleted HKLM\Software\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted HKLM\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Deleted HKLM\Software\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef8a3065-58ab-40ec-b086-b1e501768d2c}|NameServer - "95.211.158.134"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{604f5457-fefe-4920-83ba-be3f608faa80}|NameServer - "95.211.158.134"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef8a3065-58ab-40ec-b086-b1e501768d2c}|NameServer - "82.163.142.7"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef8a3065-58ab-40ec-b086-b1e501768d2c}|DhcpNameServer - "82.163.142.7"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{604f5457-fefe-4920-83ba-be3f608faa80}|NameServer - "82.163.142.7"
Deleted HKCU\Software\Classes\TornTvDownloader.File
Deleted HKLM\Software\Classes\TornTvDownloader.File
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\IePluginServices
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C9B32267-1775-4FC7-92C9-F6F42FD28C53}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKCU\Environment|SNP
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93C4A23D-E0CA-45AB-8BB4-FB2D49EDB589}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93C4A23D-E0CA-45AB-8BB4-FB2D49EDB589}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted HKCU\Environment|SNF
Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\TNT2
Deleted HKCU\Software\TNT2
Deleted HKU\S-1-5-18\Software\TornTv Downloader
Deleted HKU\.DEFAULT\Software\TornTv Downloader
Deleted HKLM\Software\TornTv Downloader
Deleted HKLM\Software\Wow6432Node\supWindowsMangerProtect
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\SupHpUISoft
***** [ Chromium (and derivatives) ] *****
Deleted eShield
Deleted NewTab
Deleted MSN Homepage & Bing Search Engine
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [16512 octets] - [10/11/2018 07:29:35]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-10-2018
# Duration: 00:00:47
# OS: Windows 10 Pro
# Cleaned: 151
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc
Deleted C:\Users\Lubomir\AppData\Roaming\CRMSvc
Deleted C:\Program Files (x86)\Microleaves
Deleted C:\Users\Lubomir\AppData\Roaming\Microleaves
Deleted C:\ProgramData\Voyasollams
Deleted C:\ProgramData\953862EB-65F7-0
Deleted C:\ProgramData\953862EB-1447-1
Deleted C:\Program Files (x86)\Hiru
Deleted C:\Program Files (x86)\myfree codec
Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\ProgramData\PrefsSecure
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
***** [ Files ] *****
Deleted C:\Users\Lubomir\appdata\local\installationconfiguration.xml
Deleted C:\Users\Lubomir\AppData\Local\Main.dat
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\System32\drivers\EsgScanner.sys
Deleted C:\Windows\SysWOW64\findit.xml
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
Deleted C:\Users\Lubomir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Deleted C:\Users\Lubomir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
***** [ Tasks ] *****
Deleted C:\Windows\Tasks\Online Application V2G5.job
Deleted C:\Windows\Tasks\Online Application V2G6.job
Deleted C:\Windows\System32\Tasks\{441454EE-061A-4E56-A6ED-78A0B503EC7E}
Deleted C:\Windows\Tasks\Updater_Online_Application.job
Deleted C:\Windows\System32\Tasks\Updater_Online_Application
***** [ Registry ] *****
Deleted HKLM\Software\CRMSvc
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOYASOLLAM.EXE
Deleted HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VOYASOLLAM.EXE
Deleted HKCU\Software\mtVoyasollam
Deleted HKLM\Software\Wow6432Node\mtVoyasollam
Deleted HKLM\Software\Wow6432Node\Microleaves
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3a29b21c}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{441454EE-061A-4E56-A6ED-78A0B503EC7E}
Deleted HKCU\Software\1ClickDownload
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted HKLM\Software\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted HKLM\Software\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Deleted HKLM\Software\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted HKLM\Software\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted HKLM\Software\Wow6432Node\5da059a482fd494db3f252126fbc3d5b
Deleted HKLM\Software\5da059a482fd494db3f252126fbc3d5b
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted HKLM\Software\Wow6432Node\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Deleted HKCU\Software\distromatic
Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Voyasollam.exe
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted HKLM\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted HKLM\Software\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{00011268-E188-40DF-A514-835FCD78B1BF}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Deleted HKLM\Software\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Deleted HKLM\Software\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted HKLM\Software\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Deleted HKLM\Software\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted HKLM\Software\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Deleted HKLM\Software\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Deleted HKLM\Software\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Deleted HKLM\Software\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Deleted HKLM\Software\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Deleted HKLM\Software\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted HKLM\Software\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted HKLM\Software\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted HKLM\Software\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted HKLM\Software\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted HKLM\Software\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Deleted HKLM\Software\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Deleted HKLM\Software\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted HKLM\Software\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Deleted HKLM\Software\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Deleted HKLM\Software\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Deleted HKLM\Software\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted HKLM\Software\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Deleted HKLM\Software\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef8a3065-58ab-40ec-b086-b1e501768d2c}|NameServer - "95.211.158.134"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{604f5457-fefe-4920-83ba-be3f608faa80}|NameServer - "95.211.158.134"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef8a3065-58ab-40ec-b086-b1e501768d2c}|NameServer - "82.163.142.7"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef8a3065-58ab-40ec-b086-b1e501768d2c}|DhcpNameServer - "82.163.142.7"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{604f5457-fefe-4920-83ba-be3f608faa80}|NameServer - "82.163.142.7"
Deleted HKCU\Software\Classes\TornTvDownloader.File
Deleted HKLM\Software\Classes\TornTvDownloader.File
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\IePluginServices
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C9B32267-1775-4FC7-92C9-F6F42FD28C53}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKCU\Environment|SNP
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93C4A23D-E0CA-45AB-8BB4-FB2D49EDB589}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93C4A23D-E0CA-45AB-8BB4-FB2D49EDB589}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted HKCU\Environment|SNF
Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\TNT2
Deleted HKCU\Software\TNT2
Deleted HKU\S-1-5-18\Software\TornTv Downloader
Deleted HKU\.DEFAULT\Software\TornTv Downloader
Deleted HKLM\Software\TornTv Downloader
Deleted HKLM\Software\Wow6432Node\supWindowsMangerProtect
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\SupHpUISoft
***** [ Chromium (and derivatives) ] *****
Deleted eShield
Deleted NewTab
Deleted MSN Homepage & Bing Search Engine
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [16512 octets] - [10/11/2018 07:29:35]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Re: Zavirováno. Prosím o kontrolu logu
Poprosim o nove logy z FRST.Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Zavirováno. Prosím o kontrolu logu
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by Lubomir (administrator) on LUBOMIR-PC (11-11-2018 18:12:59)
Running from E:\
Loaded Profiles: Lubomir (Available Profiles: Lubomir & DefaultAppPool)
Platform: Windows 10 Pro Version 1809 17763.55 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dropbox, Inc.) C:\Users\Lubomir\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Lubomir\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Lubomir\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Avira) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(C. Ghisler & Co.) C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [700328 2017-01-06] (Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-10-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [323632 2018-11-06] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [] => [X]
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Policies\Explorer: []
Startup: C:\Users\Lubomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-11-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lubomir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{22a6e55f-9392-4421-935c-e3d3f993f092}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{449b1cf4-f699-410e-8dd1-ab6df975a179}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bb9f1de5-8f01-488a-aad9-7a6004b9182a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f364660c-3fa9-41b1-a089-921aa8563576}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1di8g13ev7hibvEWFfpQoRl5wfz-bm_wdfT5dGY0aXVr52D9A7Xt8VfrYkpvO6eqLgvuAQ9Cy_11C0TAiyFutoCU6ZUkVFwMmvPBGbgeUrvl3VGiYcerJjckJau6L5Kj2aupIQe_Q4TMIUYq1eppzVrTbw,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2017-03-16] (Crawler Group, LLC)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-10-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-28] (Oracle Corporation)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll [2017-03-16] (Crawler Group, LLC)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-28] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-16] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-26] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-26] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-26] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-26] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge Extension: (BookReader) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets [2018-09-15]
Edge Extension: (PinJSAPI) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [2018-09-15]
FireFox:
========
FF DefaultProfile: 1txgspni.default
FF ProfilePath: C:\Users\Lubomir\AppData\Roaming\Mozilla\Firefox\Profiles\1txgspni.default [2018-11-11]
FF NewTab: Mozilla\Firefox\Profiles\1txgspni.default -> file:///C:/ProgramData/Voyasollams/ff.NT
FF Extension: (Refundo Toolbar) - C:\Users\Lubomir\AppData\Roaming\Mozilla\Firefox\Profiles\1txgspni.default\Extensions\toolbar@refundo.cz.xpi [2018-01-02]
FF Extension: (Avast Online Security) - C:\Users\Lubomir\AppData\Roaming\Mozilla\Firefox\Profiles\1txgspni.default\Extensions\wrc@avast.com.xpi [2018-11-10]
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\Lubomir\AppData\Roaming\Mozilla\Firefox\Profiles\1txgspni.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-10-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-10-06] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-08-16] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft OneDrive\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-08-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3332989908-1278005487-3233361258-1000: www.mydlink.com/Uplayer -> C:\Users\Lubomir\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-Link Corporation)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default [2018-11-10]
CHR Extension: (Dokumenty) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Disk Google) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-07]
CHR Extension: (Avira Password Manager) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-11-10]
CHR Extension: (Vyhledávání Google) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-18]
CHR Extension: (Bing) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-11-10]
CHR Extension: (Tabulky) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-31]
CHR Extension: (NewTab) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\imhlianhlhdicjchlbmbfaefhhjencbe [2018-11-10]
CHR Extension: (mydlink services plugin) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2016-11-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-01]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lubomir\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-11-26]
CHR HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1290744 2017-01-06] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [891472 2018-10-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [248312 2018-10-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [248312 2018-10-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1162120 2018-10-19] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [433224 2018-10-26] (Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2974400 2018-11-06] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [343424 2018-11-08] (Avira Operations GmbH & Co. KG)
R2 BrokerInfrastructure; C:\WINDOWS\System32\psmsrv.dll [241664 2018-09-15] (Microsoft Corporation)
S3 cbdhsvc; C:\WINDOWS\System32\cbdhsvc.dll [961024 2018-09-15] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9667872 2018-10-24] (Microsoft Corporation)
S3 ConsentUxUserSvc; C:\WINDOWS\System32\ConsentUxClient.dll [157696 2018-09-15] (Microsoft Corporation)
S3 DisplayEnhancementService; C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [914944 2018-09-15] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3346856 2018-05-30] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2213696 2018-09-06] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3084104 2018-09-06] (Electronic Arts)
S3 perceptionsimulation; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [78848 2018-09-15] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-09-01] ()
R2 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381624 2018-09-15] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2018-10-04] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3292416 2017-03-16] (Crawler Group, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-09] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-09] (Microsoft Corporation)
S3 WManSvc; C:\WINDOWS\system32\Windows.Management.Service.dll [370176 2018-09-15] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [69656 2018-10-19] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-10-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-10-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-10-19] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2018-10-19] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2018-10-19] (Avira Operations GmbH & Co. KG)
R1 BasicDisplay; C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys [68096 2018-09-15] (Microsoft Corporation)
R1 BasicRender; C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys [37376 2018-09-15] (Microsoft Corporation)
S3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [34816 2018-09-15] (Microsoft Corporation)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-05-22] (LogMeIn Inc.)
S3 hidspi; C:\WINDOWS\System32\drivers\hidspi.sys [60928 2018-09-15] (Microsoft Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [180736 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2018-09-15] (Intel Corporation)
S3 MbbCx; C:\WINDOWS\System32\drivers\MbbCx.sys [290816 2018-09-15] (Microsoft Corporation)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [53760 2018-09-15] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 PktMon; C:\WINDOWS\System32\drivers\PktMon.sys [85504 2018-09-15] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Realtek )
R0 Si3114r5; C:\WINDOWS\System32\drivers\Si3114r5.sys [327720 2008-04-29] (Silicon Image, Inc)
S3 Si3531; C:\WINDOWS\System32\drivers\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\drivers\SiWinAcc.sys [22568 2008-04-29] (Silicon Image, Inc.)
R0 SiRemFil; C:\WINDOWS\System32\drivers\SiRemFil.sys [16936 2008-04-29] (Silicon Image, Inc.)
S0 SmartSAMD; C:\WINDOWS\System32\drivers\SmartSAMD.sys [219960 2018-09-15] (Microsemi Corportation)
R2 sp_rsdrv2; C:\WINDOWS\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 UcmUcsiAcpiClient; C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys [31232 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\WINDOWS\System32\Drivers\UcmUcsiCx.sys [99840 2018-09-15] (Microsoft Corporation)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-11-09] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-11-09] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-09] (Microsoft Corporation)
R3 WinQuic; C:\WINDOWS\System32\drivers\winquic.sys [156984 2018-09-15] (Microsoft Corporation)
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-10 17:49 - 2018-11-10 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-11-10 17:48 - 2018-11-10 17:48 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2018-11-10 17:48 - 2018-11-10 17:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2018-11-10 07:28 - 2018-11-10 07:30 - 000000000 ____D C:\AdwCleaner
2018-11-10 07:24 - 2018-11-11 18:11 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-11-10 07:24 - 2018-11-10 07:24 - 000003780 _____ C:\WINDOWS\System32\Tasks\AviraSystemSpeedupUpdate
2018-11-09 23:59 - 2018-11-10 09:33 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Avira
2018-11-09 23:59 - 2018-11-10 07:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avira
2018-11-09 23:59 - 2018-11-09 23:59 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2018-11-09 23:59 - 2018-11-09 23:59 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2018-11-09 23:59 - 2018-10-19 18:48 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2018-11-09 23:59 - 2018-10-19 18:48 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2018-11-09 23:59 - 2018-10-19 18:48 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2018-11-09 23:59 - 2018-10-19 18:48 - 000069656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2018-11-09 23:59 - 2018-10-19 18:48 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2018-11-09 23:59 - 2018-10-19 18:48 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2018-11-09 23:58 - 2018-11-09 23:58 - 000000000 ____D C:\Users\Public\PrivacyPal Sessions
2018-11-09 23:53 - 2018-11-10 00:50 - 000000000 ____D C:\ProgramData\Spyware Terminator
2018-11-09 23:53 - 2018-11-09 23:53 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Spyware Terminator
2018-11-09 23:53 - 2018-11-09 23:53 - 000000000 ____D C:\Users\Lubomir\AppData\LocalLow\Spyware Terminator
2018-11-09 23:53 - 2018-11-09 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2018-11-09 23:53 - 2018-11-09 23:53 - 000000000 ____D C:\Program Files (x86)\Spyware Terminator
2018-11-09 23:50 - 2018-11-10 07:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-11-09 23:50 - 2018-11-10 07:24 - 000000000 ____D C:\ProgramData\Avira
2018-11-09 23:50 - 2018-11-10 07:24 - 000000000 ____D C:\Program Files (x86)\Avira
2018-11-09 23:38 - 2018-11-11 18:12 - 000000000 ____D C:\FRST
2018-11-09 23:10 - 2018-11-09 23:10 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-11-09 22:54 - 2018-11-10 10:55 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-09 22:54 - 2018-11-09 22:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-09 22:54 - 2018-11-09 22:54 - 000000000 ____D C:\Program Files\CCleaner
2018-11-09 21:30 - 2018-11-10 09:57 - 115867648 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-11-09 21:23 - 2018-11-09 21:30 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-11-09 19:42 - 2018-11-09 19:42 - 000000270 __RSH C:\Users\Lubomir\ntuser.pol
2018-11-09 19:40 - 2018-11-09 19:40 - 000000000 ___HD C:\$AV_ASW
2018-11-09 19:39 - 2018-11-09 19:39 - 007800320 _____ C:\Users\Lubomir\AppData\Local\agent.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 002019900 _____ C:\Users\Lubomir\AppData\Local\Superla.tst
2018-11-09 19:39 - 2018-11-09 19:39 - 000722944 _____ C:\Users\Lubomir\AppData\Local\sham.db
2018-11-09 19:39 - 2018-11-09 19:39 - 000140800 _____ C:\Users\Lubomir\AppData\Local\installer.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000126464 _____ C:\Users\Lubomir\AppData\Local\noah.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000070896 _____ C:\Users\Lubomir\AppData\Local\Config.xml
2018-11-09 19:39 - 2018-11-09 19:39 - 000005568 _____ C:\Users\Lubomir\AppData\Local\md.xml
2018-11-09 19:38 - 2018-11-09 20:01 - 000000000 ____D C:\Program Files\S2G9BEIMIR
2018-11-09 19:38 - 2018-11-09 19:48 - 000000000 ____D C:\Program Files (x86)\Multitimer
2018-11-09 19:38 - 2018-11-09 19:47 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\jldgp2nt5f5
2018-11-09 19:38 - 2018-11-09 19:44 - 000000000 ____D C:\Program Files (x86)\SHSK
2018-11-09 19:37 - 2018-11-09 19:37 - 000000000 ____D C:\ProgramData\Blogger
2018-11-09 19:34 - 2018-11-10 07:18 - 000000000 ____D C:\ProgramData\red
2018-11-09 19:33 - 2018-11-09 20:13 - 000000000 ____D C:\Users\Lubomir\AppData\Local\William
2018-11-09 18:59 - 2018-11-09 18:59 - 000000000 ____D C:\Users\Lubomir\AppData\Local\AdvinstAnalytics
2018-11-07 21:34 - 2018-11-07 21:34 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Tempzxpsign53f4723f67ad5804
2018-11-07 21:23 - 2018-11-07 21:23 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Tempzxpsign44b51582ecfe9b31
2018-11-07 20:34 - 2018-11-07 20:34 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Tempzxpsigna19744f587b9ce8f
2018-11-07 20:16 - 2018-11-07 20:16 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-11-07 20:13 - 2018-11-07 20:13 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Wondershare
2018-11-07 20:12 - 2018-11-07 20:13 - 000000000 ____D C:\Users\Lubomir\Documents\Wondershare Filmora
2018-11-07 20:11 - 2018-11-07 20:13 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-10-28 15:13 - 2018-11-08 20:27 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Viber
2018-10-28 12:34 - 2018-11-09 19:49 - 000000000 ____D C:\Program Files (x86)\Autodesk
2018-10-28 12:33 - 2018-10-28 12:45 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Autodesk
2018-10-28 12:33 - 2018-10-28 12:42 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Autodesk
2018-10-28 12:33 - 2018-10-28 12:33 - 000000000 ____D C:\Users\Lubomir\Documents\Inventor Server SDK ACAD 2018
2018-10-28 12:32 - 2018-10-28 12:46 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2018-10-28 12:32 - 2018-10-28 12:46 - 000000000 ____D C:\Program Files\Autodesk
2018-10-28 12:31 - 2018-10-28 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2018-10-28 12:30 - 2018-10-28 12:52 - 000000000 ____D C:\ProgramData\Autodesk
2018-10-28 12:28 - 2018-10-28 12:28 - 000000000 ____D C:\Autodesk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-11 18:12 - 2018-10-04 17:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-11 18:12 - 2018-08-15 09:12 - 000000000 ____D C:\Users\Lubomir\Documents\Soubory aplikace Outlook
2018-11-11 18:12 - 2016-11-15 22:34 - 000000000 ____D C:\Users\Lubomir\AppData\LocalLow\Mozilla
2018-11-11 18:12 - 2014-11-23 19:50 - 000006421 _____ C:\WINDOWS\WINCMD.INI
2018-11-11 18:05 - 2018-10-04 17:41 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3332989908-1278005487-3233361258-1000
2018-11-11 18:05 - 2018-10-04 17:35 - 000002437 _____ C:\Users\Lubomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-11 18:05 - 2015-10-25 13:48 - 000000000 ___RD C:\Users\Lubomir\OneDrive
2018-11-11 18:02 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-11 18:02 - 2014-11-26 09:15 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Adobe
2018-11-11 17:57 - 2018-10-04 17:43 - 001921554 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-11 17:57 - 2018-09-15 18:39 - 000781602 _____ C:\WINDOWS\system32\perfh005.dat
2018-11-11 17:57 - 2018-09-15 18:39 - 000172220 _____ C:\WINDOWS\system32\perfc005.dat
2018-11-11 17:57 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
2018-11-11 17:53 - 2018-10-04 17:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-11 17:53 - 2016-08-16 11:57 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-11 17:53 - 2015-10-25 13:46 - 000000000 __SHD C:\Users\Lubomir\IntelGraphicsProfiles
2018-11-10 23:05 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-10 09:57 - 2018-09-15 07:09 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-11-10 07:32 - 2018-10-04 17:30 - 005398896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-10 07:30 - 2017-11-16 23:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-11-10 07:29 - 2015-06-10 19:18 - 000000000 ____D C:\Users\Lubomir\AppData\Local\CrashDumps
2018-11-10 07:23 - 2017-12-04 18:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Codecs
2018-11-10 00:19 - 2014-11-23 20:13 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\uTorrent
2018-11-09 23:50 - 2016-05-24 18:27 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-09 23:24 - 2018-07-22 19:27 - 000000000 ____D C:\Users\Lubomir\AppData\Local\LogMeIn Hamachi
2018-11-09 23:19 - 2018-10-04 17:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-11-09 22:58 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-09 22:58 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-09 22:58 - 2017-12-10 09:45 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Packages
2018-11-09 22:56 - 2018-09-18 15:47 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\MPC-HC
2018-11-09 22:56 - 2015-05-24 10:20 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-09 22:56 - 2014-11-23 22:41 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\TeamViewer
2018-11-09 22:56 - 2014-11-23 22:41 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-11-09 22:55 - 2018-10-04 16:10 - 000000000 ___DC C:\WINDOWS\Panther
2018-11-09 22:55 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-09 22:23 - 2018-08-11 19:51 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Spotify
2018-11-09 22:23 - 2018-08-11 19:50 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Spotify
2018-11-09 22:13 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-09 21:31 - 2016-03-12 19:29 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-09 21:21 - 2017-12-29 10:25 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\vlc
2018-11-09 21:01 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-09 21:00 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Windows Defender
2018-11-09 21:00 - 2018-07-22 19:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-11-09 20:51 - 2018-09-17 10:36 - 000000000 ____D C:\Users\Lubomir\AppData\Local\AVAST Software
2018-11-09 20:50 - 2018-09-15 07:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-09 20:50 - 2014-11-23 20:36 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-09 19:42 - 2018-10-04 17:35 - 000000000 ____D C:\Users\Lubomir
2018-11-09 19:42 - 2015-06-18 05:19 - 000000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3332989908-1278005487-3233361258-1000UA.job
2018-11-09 19:42 - 2015-06-18 05:19 - 000000874 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3332989908-1278005487-3233361258-1000Core.job
2018-11-09 19:39 - 2016-08-16 12:05 - 000003636 __RSH C:\ProgramData\ntuser.pol
2018-11-09 19:38 - 2009-07-14 04:20 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-11-09 17:39 - 2018-10-04 17:41 - 000003818 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-09 17:39 - 2018-10-04 17:41 - 000003696 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3332989908-1278005487-3233361258-1000UA
2018-11-09 17:39 - 2018-10-04 17:41 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-11-09 17:39 - 2018-10-04 17:41 - 000003428 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3332989908-1278005487-3233361258-1000Core
2018-11-09 17:39 - 2018-10-04 17:41 - 000003400 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-09 17:39 - 2018-10-04 17:41 - 000003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-09 17:39 - 2018-10-04 17:41 - 000003176 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-09 17:39 - 2018-10-04 17:41 - 000003084 _____ C:\WINDOWS\System32\Tasks\{422CF431-AB16-0FAA-B9C8-36E08940984A}
2018-11-09 17:39 - 2018-10-04 17:41 - 000002768 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Lubomir-PC-Lubomir
2018-11-09 17:39 - 2018-10-04 17:41 - 000002722 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-Lubomir-PC-Lubomir
2018-11-09 17:39 - 2018-10-04 17:41 - 000002226 _____ C:\WINDOWS\System32\Tasks\{A35F0F3D-A239-4200-8E13-2E018388A19B}
2018-11-09 08:01 - 2016-11-15 21:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-09 08:01 - 2016-03-12 19:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-08 22:02 - 2017-01-04 22:25 - 000000000 ____D C:\Users\Lubomir\Documents\ViberDownloads
2018-11-08 20:27 - 2015-02-16 20:54 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\ViberPC
2018-11-08 19:39 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-08 19:38 - 2018-09-15 08:39 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2018-11-07 20:16 - 2014-11-23 19:52 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Dropbox
2018-11-06 20:52 - 2015-12-08 22:07 - 000077666 ____H C:\Users\Lubomir\AppData\Local\IconCache.db.backup
2018-11-03 15:39 - 2016-03-12 19:28 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-28 21:11 - 2014-11-23 20:47 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Ubisoft Game Launcher
2018-10-28 16:51 - 2016-04-18 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-28 16:51 - 2014-11-23 19:59 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-28 16:50 - 2014-11-23 19:59 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-10-28 12:55 - 2017-12-09 22:25 - 000017920 _____ C:\Users\Lubomir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-26 18:59 - 2017-12-29 10:39 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\dvdcss
2018-10-26 07:44 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-10-26 07:43 - 2016-11-19 12:49 - 000000000 ____D C:\Program Files\Microsoft Office
2018-10-17 17:50 - 2014-12-11 10:32 - 000000000 ____D C:\Users\Lubomir\AppData\Local\ElevatedDiagnostics
2018-10-16 06:10 - 2018-07-22 19:49 - 000000000 ____D C:\ProgramData\Packages
2018-10-12 16:40 - 2017-12-10 09:51 - 000000000 ___RD C:\Users\Lubomir\3D Objects
2018-10-12 16:40 - 2015-09-10 06:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-12 16:39 - 2018-09-15 18:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-10-12 16:39 - 2018-09-15 18:40 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-10-12 16:39 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-10-12 16:39 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr
==================== Files in the root of some directories =======
2018-03-03 10:31 - 2018-09-18 18:48 - 000000034 _____ () C:\Users\Lubomir\AppData\Roaming\AdobeWLCMCache.dat
2015-08-12 14:45 - 2015-08-12 14:45 - 000000024 _____ () C:\Users\Lubomir\AppData\Roaming\appdataFr25.bin
2018-11-09 19:39 - 2018-11-09 19:39 - 007800320 _____ () C:\Users\Lubomir\AppData\Local\agent.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000070896 _____ () C:\Users\Lubomir\AppData\Local\Config.xml
2017-12-09 22:25 - 2018-10-28 12:55 - 000017920 _____ () C:\Users\Lubomir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-11-09 19:39 - 2018-11-09 19:39 - 000140800 _____ () C:\Users\Lubomir\AppData\Local\installer.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000005568 _____ () C:\Users\Lubomir\AppData\Local\md.xml
2018-11-09 19:39 - 2018-11-09 19:39 - 000126464 _____ () C:\Users\Lubomir\AppData\Local\noah.dat
2018-09-28 08:16 - 2018-09-28 08:16 - 000000000 _____ () C:\Users\Lubomir\AppData\Local\oobelibMkey.log
2015-11-08 19:08 - 2016-07-26 20:53 - 000007597 _____ () C:\Users\Lubomir\AppData\Local\Resmon.ResmonCfg
2018-11-09 19:39 - 2018-11-09 19:39 - 000722944 _____ () C:\Users\Lubomir\AppData\Local\sham.db
2018-11-09 19:39 - 2018-11-09 19:39 - 002019900 _____ () C:\Users\Lubomir\AppData\Local\Superla.tst
2018-11-09 19:39 - 2018-11-09 19:39 - 000032038 _____ () C:\Users\Lubomir\AppData\Local\uninstall_temp.ico
2015-05-29 19:40 - 2015-06-28 14:45 - 000006840 _____ () C:\Users\Lubomir\AppData\Local\ViberUpdater.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Ran by Lubomir (administrator) on LUBOMIR-PC (11-11-2018 18:12:59)
Running from E:\
Loaded Profiles: Lubomir (Available Profiles: Lubomir & DefaultAppPool)
Platform: Windows 10 Pro Version 1809 17763.55 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dropbox, Inc.) C:\Users\Lubomir\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Lubomir\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Lubomir\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Avira) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(C. Ghisler & Co.) C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\WINDOWS\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [700328 2017-01-06] (Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-10-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [323632 2018-11-06] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [] => [X]
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Policies\Explorer: []
Startup: C:\Users\Lubomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-11-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lubomir\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{22a6e55f-9392-4421-935c-e3d3f993f092}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{449b1cf4-f699-410e-8dd1-ab6df975a179}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bb9f1de5-8f01-488a-aad9-7a6004b9182a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f364660c-3fa9-41b1-a089-921aa8563576}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1di8g13ev7hibvEWFfpQoRl5wfz-bm_wdfT5dGY0aXVr52D9A7Xt8VfrYkpvO6eqLgvuAQ9Cy_11C0TAiyFutoCU6ZUkVFwMmvPBGbgeUrvl3VGiYcerJjckJau6L5Kj2aupIQe_Q4TMIUYq1eppzVrTbw,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2017-03-16] (Crawler Group, LLC)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-10-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-28] (Oracle Corporation)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll [2017-03-16] (Crawler Group, LLC)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-28] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-16] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-26] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-26] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-26] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-26] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge Extension: (BookReader) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets [2018-09-15]
Edge Extension: (PinJSAPI) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [2018-09-15]
FireFox:
========
FF DefaultProfile: 1txgspni.default
FF ProfilePath: C:\Users\Lubomir\AppData\Roaming\Mozilla\Firefox\Profiles\1txgspni.default [2018-11-11]
FF NewTab: Mozilla\Firefox\Profiles\1txgspni.default -> file:///C:/ProgramData/Voyasollams/ff.NT
FF Extension: (Refundo Toolbar) - C:\Users\Lubomir\AppData\Roaming\Mozilla\Firefox\Profiles\1txgspni.default\Extensions\toolbar@refundo.cz.xpi [2018-01-02]
FF Extension: (Avast Online Security) - C:\Users\Lubomir\AppData\Roaming\Mozilla\Firefox\Profiles\1txgspni.default\Extensions\wrc@avast.com.xpi [2018-11-10]
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\Lubomir\AppData\Roaming\Mozilla\Firefox\Profiles\1txgspni.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-10-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-10-06] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-08-16] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft OneDrive\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-08-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3332989908-1278005487-3233361258-1000: www.mydlink.com/Uplayer -> C:\Users\Lubomir\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-Link Corporation)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default [2018-11-10]
CHR Extension: (Dokumenty) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Disk Google) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-07]
CHR Extension: (Avira Password Manager) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-11-10]
CHR Extension: (Vyhledávání Google) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-18]
CHR Extension: (Bing) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-11-10]
CHR Extension: (Tabulky) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-31]
CHR Extension: (NewTab) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\imhlianhlhdicjchlbmbfaefhhjencbe [2018-11-10]
CHR Extension: (mydlink services plugin) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2016-11-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\Lubomir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-01]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lubomir\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-11-26]
CHR HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1290744 2017-01-06] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [891472 2018-10-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [248312 2018-10-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [248312 2018-10-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1162120 2018-10-19] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [433224 2018-10-26] (Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2974400 2018-11-06] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [343424 2018-11-08] (Avira Operations GmbH & Co. KG)
R2 BrokerInfrastructure; C:\WINDOWS\System32\psmsrv.dll [241664 2018-09-15] (Microsoft Corporation)
S3 cbdhsvc; C:\WINDOWS\System32\cbdhsvc.dll [961024 2018-09-15] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9667872 2018-10-24] (Microsoft Corporation)
S3 ConsentUxUserSvc; C:\WINDOWS\System32\ConsentUxClient.dll [157696 2018-09-15] (Microsoft Corporation)
S3 DisplayEnhancementService; C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [914944 2018-09-15] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3346856 2018-05-30] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2213696 2018-09-06] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3084104 2018-09-06] (Electronic Arts)
S3 perceptionsimulation; C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe [78848 2018-09-15] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-09-01] ()
R2 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5381624 2018-09-15] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2018-10-04] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3292416 2017-03-16] (Crawler Group, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-09] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-09] (Microsoft Corporation)
S3 WManSvc; C:\WINDOWS\system32\Windows.Management.Service.dll [370176 2018-09-15] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [69656 2018-10-19] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-10-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-10-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-10-19] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2018-10-19] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2018-10-19] (Avira Operations GmbH & Co. KG)
R1 BasicDisplay; C:\WINDOWS\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys [68096 2018-09-15] (Microsoft Corporation)
R1 BasicRender; C:\WINDOWS\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys [37376 2018-09-15] (Microsoft Corporation)
S3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [34816 2018-09-15] (Microsoft Corporation)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-05-22] (LogMeIn Inc.)
S3 hidspi; C:\WINDOWS\System32\drivers\hidspi.sys [60928 2018-09-15] (Microsoft Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_CNL.sys [180736 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2018-09-15] (Intel Corporation)
S3 MbbCx; C:\WINDOWS\System32\drivers\MbbCx.sys [290816 2018-09-15] (Microsoft Corporation)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [53760 2018-09-15] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 PktMon; C:\WINDOWS\System32\drivers\PktMon.sys [85504 2018-09-15] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Realtek )
R0 Si3114r5; C:\WINDOWS\System32\drivers\Si3114r5.sys [327720 2008-04-29] (Silicon Image, Inc)
S3 Si3531; C:\WINDOWS\System32\drivers\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\drivers\SiWinAcc.sys [22568 2008-04-29] (Silicon Image, Inc.)
R0 SiRemFil; C:\WINDOWS\System32\drivers\SiRemFil.sys [16936 2008-04-29] (Silicon Image, Inc.)
S0 SmartSAMD; C:\WINDOWS\System32\drivers\SmartSAMD.sys [219960 2018-09-15] (Microsemi Corportation)
R2 sp_rsdrv2; C:\WINDOWS\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 UcmUcsiAcpiClient; C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys [31232 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\WINDOWS\System32\Drivers\UcmUcsiCx.sys [99840 2018-09-15] (Microsoft Corporation)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-11-09] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-11-09] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-09] (Microsoft Corporation)
R3 WinQuic; C:\WINDOWS\System32\drivers\winquic.sys [156984 2018-09-15] (Microsoft Corporation)
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-10 17:49 - 2018-11-10 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-11-10 17:48 - 2018-11-10 17:48 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2018-11-10 17:48 - 2018-11-10 17:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2018-11-10 07:28 - 2018-11-10 07:30 - 000000000 ____D C:\AdwCleaner
2018-11-10 07:24 - 2018-11-11 18:11 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-11-10 07:24 - 2018-11-10 07:24 - 000003780 _____ C:\WINDOWS\System32\Tasks\AviraSystemSpeedupUpdate
2018-11-09 23:59 - 2018-11-10 09:33 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Avira
2018-11-09 23:59 - 2018-11-10 07:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avira
2018-11-09 23:59 - 2018-11-09 23:59 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2018-11-09 23:59 - 2018-11-09 23:59 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2018-11-09 23:59 - 2018-10-19 18:48 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2018-11-09 23:59 - 2018-10-19 18:48 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2018-11-09 23:59 - 2018-10-19 18:48 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2018-11-09 23:59 - 2018-10-19 18:48 - 000069656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2018-11-09 23:59 - 2018-10-19 18:48 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2018-11-09 23:59 - 2018-10-19 18:48 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2018-11-09 23:58 - 2018-11-09 23:58 - 000000000 ____D C:\Users\Public\PrivacyPal Sessions
2018-11-09 23:53 - 2018-11-10 00:50 - 000000000 ____D C:\ProgramData\Spyware Terminator
2018-11-09 23:53 - 2018-11-09 23:53 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Spyware Terminator
2018-11-09 23:53 - 2018-11-09 23:53 - 000000000 ____D C:\Users\Lubomir\AppData\LocalLow\Spyware Terminator
2018-11-09 23:53 - 2018-11-09 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2018-11-09 23:53 - 2018-11-09 23:53 - 000000000 ____D C:\Program Files (x86)\Spyware Terminator
2018-11-09 23:50 - 2018-11-10 07:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-11-09 23:50 - 2018-11-10 07:24 - 000000000 ____D C:\ProgramData\Avira
2018-11-09 23:50 - 2018-11-10 07:24 - 000000000 ____D C:\Program Files (x86)\Avira
2018-11-09 23:38 - 2018-11-11 18:12 - 000000000 ____D C:\FRST
2018-11-09 23:10 - 2018-11-09 23:10 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-11-09 22:54 - 2018-11-10 10:55 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-09 22:54 - 2018-11-09 22:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-09 22:54 - 2018-11-09 22:54 - 000000000 ____D C:\Program Files\CCleaner
2018-11-09 21:30 - 2018-11-10 09:57 - 115867648 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-11-09 21:23 - 2018-11-09 21:30 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-11-09 19:42 - 2018-11-09 19:42 - 000000270 __RSH C:\Users\Lubomir\ntuser.pol
2018-11-09 19:40 - 2018-11-09 19:40 - 000000000 ___HD C:\$AV_ASW
2018-11-09 19:39 - 2018-11-09 19:39 - 007800320 _____ C:\Users\Lubomir\AppData\Local\agent.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 002019900 _____ C:\Users\Lubomir\AppData\Local\Superla.tst
2018-11-09 19:39 - 2018-11-09 19:39 - 000722944 _____ C:\Users\Lubomir\AppData\Local\sham.db
2018-11-09 19:39 - 2018-11-09 19:39 - 000140800 _____ C:\Users\Lubomir\AppData\Local\installer.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000126464 _____ C:\Users\Lubomir\AppData\Local\noah.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000070896 _____ C:\Users\Lubomir\AppData\Local\Config.xml
2018-11-09 19:39 - 2018-11-09 19:39 - 000005568 _____ C:\Users\Lubomir\AppData\Local\md.xml
2018-11-09 19:38 - 2018-11-09 20:01 - 000000000 ____D C:\Program Files\S2G9BEIMIR
2018-11-09 19:38 - 2018-11-09 19:48 - 000000000 ____D C:\Program Files (x86)\Multitimer
2018-11-09 19:38 - 2018-11-09 19:47 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\jldgp2nt5f5
2018-11-09 19:38 - 2018-11-09 19:44 - 000000000 ____D C:\Program Files (x86)\SHSK
2018-11-09 19:37 - 2018-11-09 19:37 - 000000000 ____D C:\ProgramData\Blogger
2018-11-09 19:34 - 2018-11-10 07:18 - 000000000 ____D C:\ProgramData\red
2018-11-09 19:33 - 2018-11-09 20:13 - 000000000 ____D C:\Users\Lubomir\AppData\Local\William
2018-11-09 18:59 - 2018-11-09 18:59 - 000000000 ____D C:\Users\Lubomir\AppData\Local\AdvinstAnalytics
2018-11-07 21:34 - 2018-11-07 21:34 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Tempzxpsign53f4723f67ad5804
2018-11-07 21:23 - 2018-11-07 21:23 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Tempzxpsign44b51582ecfe9b31
2018-11-07 20:34 - 2018-11-07 20:34 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Tempzxpsigna19744f587b9ce8f
2018-11-07 20:16 - 2018-11-07 20:16 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-11-07 20:13 - 2018-11-07 20:13 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Wondershare
2018-11-07 20:12 - 2018-11-07 20:13 - 000000000 ____D C:\Users\Lubomir\Documents\Wondershare Filmora
2018-11-07 20:11 - 2018-11-07 20:13 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-10-28 15:13 - 2018-11-08 20:27 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Viber
2018-10-28 12:34 - 2018-11-09 19:49 - 000000000 ____D C:\Program Files (x86)\Autodesk
2018-10-28 12:33 - 2018-10-28 12:45 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Autodesk
2018-10-28 12:33 - 2018-10-28 12:42 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Autodesk
2018-10-28 12:33 - 2018-10-28 12:33 - 000000000 ____D C:\Users\Lubomir\Documents\Inventor Server SDK ACAD 2018
2018-10-28 12:32 - 2018-10-28 12:46 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2018-10-28 12:32 - 2018-10-28 12:46 - 000000000 ____D C:\Program Files\Autodesk
2018-10-28 12:31 - 2018-10-28 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2018-10-28 12:30 - 2018-10-28 12:52 - 000000000 ____D C:\ProgramData\Autodesk
2018-10-28 12:28 - 2018-10-28 12:28 - 000000000 ____D C:\Autodesk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-11 18:12 - 2018-10-04 17:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-11 18:12 - 2018-08-15 09:12 - 000000000 ____D C:\Users\Lubomir\Documents\Soubory aplikace Outlook
2018-11-11 18:12 - 2016-11-15 22:34 - 000000000 ____D C:\Users\Lubomir\AppData\LocalLow\Mozilla
2018-11-11 18:12 - 2014-11-23 19:50 - 000006421 _____ C:\WINDOWS\WINCMD.INI
2018-11-11 18:05 - 2018-10-04 17:41 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3332989908-1278005487-3233361258-1000
2018-11-11 18:05 - 2018-10-04 17:35 - 000002437 _____ C:\Users\Lubomir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-11 18:05 - 2015-10-25 13:48 - 000000000 ___RD C:\Users\Lubomir\OneDrive
2018-11-11 18:02 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-11 18:02 - 2014-11-26 09:15 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Adobe
2018-11-11 17:57 - 2018-10-04 17:43 - 001921554 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-11 17:57 - 2018-09-15 18:39 - 000781602 _____ C:\WINDOWS\system32\perfh005.dat
2018-11-11 17:57 - 2018-09-15 18:39 - 000172220 _____ C:\WINDOWS\system32\perfc005.dat
2018-11-11 17:57 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
2018-11-11 17:53 - 2018-10-04 17:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-11 17:53 - 2016-08-16 11:57 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-11 17:53 - 2015-10-25 13:46 - 000000000 __SHD C:\Users\Lubomir\IntelGraphicsProfiles
2018-11-10 23:05 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-10 09:57 - 2018-09-15 07:09 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-11-10 07:32 - 2018-10-04 17:30 - 005398896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-10 07:30 - 2017-11-16 23:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-11-10 07:29 - 2015-06-10 19:18 - 000000000 ____D C:\Users\Lubomir\AppData\Local\CrashDumps
2018-11-10 07:23 - 2017-12-04 18:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Codecs
2018-11-10 00:19 - 2014-11-23 20:13 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\uTorrent
2018-11-09 23:50 - 2016-05-24 18:27 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-09 23:24 - 2018-07-22 19:27 - 000000000 ____D C:\Users\Lubomir\AppData\Local\LogMeIn Hamachi
2018-11-09 23:19 - 2018-10-04 17:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-11-09 22:58 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-09 22:58 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-09 22:58 - 2017-12-10 09:45 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Packages
2018-11-09 22:56 - 2018-09-18 15:47 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\MPC-HC
2018-11-09 22:56 - 2015-05-24 10:20 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-09 22:56 - 2014-11-23 22:41 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\TeamViewer
2018-11-09 22:56 - 2014-11-23 22:41 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-11-09 22:55 - 2018-10-04 16:10 - 000000000 ___DC C:\WINDOWS\Panther
2018-11-09 22:55 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-09 22:23 - 2018-08-11 19:51 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Spotify
2018-11-09 22:23 - 2018-08-11 19:50 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Spotify
2018-11-09 22:13 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-09 21:31 - 2016-03-12 19:29 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-09 21:21 - 2017-12-29 10:25 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\vlc
2018-11-09 21:01 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-09 21:00 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Windows Defender
2018-11-09 21:00 - 2018-07-22 19:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-11-09 20:51 - 2018-09-17 10:36 - 000000000 ____D C:\Users\Lubomir\AppData\Local\AVAST Software
2018-11-09 20:50 - 2018-09-15 07:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-09 20:50 - 2014-11-23 20:36 - 000559880 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-09 19:42 - 2018-10-04 17:35 - 000000000 ____D C:\Users\Lubomir
2018-11-09 19:42 - 2015-06-18 05:19 - 000000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3332989908-1278005487-3233361258-1000UA.job
2018-11-09 19:42 - 2015-06-18 05:19 - 000000874 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3332989908-1278005487-3233361258-1000Core.job
2018-11-09 19:39 - 2016-08-16 12:05 - 000003636 __RSH C:\ProgramData\ntuser.pol
2018-11-09 19:38 - 2009-07-14 04:20 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-11-09 17:39 - 2018-10-04 17:41 - 000003818 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-09 17:39 - 2018-10-04 17:41 - 000003696 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3332989908-1278005487-3233361258-1000UA
2018-11-09 17:39 - 2018-10-04 17:41 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-11-09 17:39 - 2018-10-04 17:41 - 000003428 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3332989908-1278005487-3233361258-1000Core
2018-11-09 17:39 - 2018-10-04 17:41 - 000003400 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-09 17:39 - 2018-10-04 17:41 - 000003362 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-09 17:39 - 2018-10-04 17:41 - 000003176 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-09 17:39 - 2018-10-04 17:41 - 000003084 _____ C:\WINDOWS\System32\Tasks\{422CF431-AB16-0FAA-B9C8-36E08940984A}
2018-11-09 17:39 - 2018-10-04 17:41 - 000002768 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Lubomir-PC-Lubomir
2018-11-09 17:39 - 2018-10-04 17:41 - 000002722 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-Lubomir-PC-Lubomir
2018-11-09 17:39 - 2018-10-04 17:41 - 000002226 _____ C:\WINDOWS\System32\Tasks\{A35F0F3D-A239-4200-8E13-2E018388A19B}
2018-11-09 08:01 - 2016-11-15 21:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-09 08:01 - 2016-03-12 19:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-08 22:02 - 2017-01-04 22:25 - 000000000 ____D C:\Users\Lubomir\Documents\ViberDownloads
2018-11-08 20:27 - 2015-02-16 20:54 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\ViberPC
2018-11-08 19:39 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-08 19:38 - 2018-09-15 08:39 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2018-11-07 20:16 - 2014-11-23 19:52 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\Dropbox
2018-11-06 20:52 - 2015-12-08 22:07 - 000077666 ____H C:\Users\Lubomir\AppData\Local\IconCache.db.backup
2018-11-03 15:39 - 2016-03-12 19:28 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-28 21:11 - 2014-11-23 20:47 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Ubisoft Game Launcher
2018-10-28 16:51 - 2016-04-18 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-28 16:51 - 2014-11-23 19:59 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-28 16:50 - 2014-11-23 19:59 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-10-28 12:55 - 2017-12-09 22:25 - 000017920 _____ C:\Users\Lubomir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-26 18:59 - 2017-12-29 10:39 - 000000000 ____D C:\Users\Lubomir\AppData\Roaming\dvdcss
2018-10-26 07:44 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-10-26 07:43 - 2016-11-19 12:49 - 000000000 ____D C:\Program Files\Microsoft Office
2018-10-17 17:50 - 2014-12-11 10:32 - 000000000 ____D C:\Users\Lubomir\AppData\Local\ElevatedDiagnostics
2018-10-16 06:10 - 2018-07-22 19:49 - 000000000 ____D C:\ProgramData\Packages
2018-10-12 16:40 - 2017-12-10 09:51 - 000000000 ___RD C:\Users\Lubomir\3D Objects
2018-10-12 16:40 - 2015-09-10 06:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-12 16:39 - 2018-09-15 18:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-10-12 16:39 - 2018-09-15 18:40 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-10-12 16:39 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-10-12 16:39 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr
==================== Files in the root of some directories =======
2018-03-03 10:31 - 2018-09-18 18:48 - 000000034 _____ () C:\Users\Lubomir\AppData\Roaming\AdobeWLCMCache.dat
2015-08-12 14:45 - 2015-08-12 14:45 - 000000024 _____ () C:\Users\Lubomir\AppData\Roaming\appdataFr25.bin
2018-11-09 19:39 - 2018-11-09 19:39 - 007800320 _____ () C:\Users\Lubomir\AppData\Local\agent.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000070896 _____ () C:\Users\Lubomir\AppData\Local\Config.xml
2017-12-09 22:25 - 2018-10-28 12:55 - 000017920 _____ () C:\Users\Lubomir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-11-09 19:39 - 2018-11-09 19:39 - 000140800 _____ () C:\Users\Lubomir\AppData\Local\installer.dat
2018-11-09 19:39 - 2018-11-09 19:39 - 000005568 _____ () C:\Users\Lubomir\AppData\Local\md.xml
2018-11-09 19:39 - 2018-11-09 19:39 - 000126464 _____ () C:\Users\Lubomir\AppData\Local\noah.dat
2018-09-28 08:16 - 2018-09-28 08:16 - 000000000 _____ () C:\Users\Lubomir\AppData\Local\oobelibMkey.log
2015-11-08 19:08 - 2016-07-26 20:53 - 000007597 _____ () C:\Users\Lubomir\AppData\Local\Resmon.ResmonCfg
2018-11-09 19:39 - 2018-11-09 19:39 - 000722944 _____ () C:\Users\Lubomir\AppData\Local\sham.db
2018-11-09 19:39 - 2018-11-09 19:39 - 002019900 _____ () C:\Users\Lubomir\AppData\Local\Superla.tst
2018-11-09 19:39 - 2018-11-09 19:39 - 000032038 _____ () C:\Users\Lubomir\AppData\Local\uninstall_temp.ico
2015-05-29 19:40 - 2015-06-28 14:45 - 000006840 _____ () C:\Users\Lubomir\AppData\Local\ViberUpdater.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.zip
- (32.66 KiB) Staženo 68 x
Re: Zavirováno. Prosím o kontrolu logu
Zapni obnovu systemu
- Stlac Win+R, napis "sysdm.cpl" (bez uvodzoviek) a stlac enter
- Klikni na kartu Ochrana systemu a potom na Konfigurovat
- Vyber moznost Zapnut ochranu systemu a klikni na OK
Otvor poznamkovy blok (Win+R -> notepad -> enter)
- Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:
Kód: Vybrat vše
Start CloseProcesses: CreateRestorePoint: PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe File: C:\Program Files\Intel\iCLS Client\HeciServer.exe File: C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe File: C:\PROGRA~3\3a29b21c\74398c44.dll File: C:\Windows\System32\ndptsp.tsp Folder: C:\ProgramData\Voyasollams Folder: C:\PROGRA~3\3a29b21c HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [] => [X] HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Policies\Explorer: [] GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1di8g13ev7hibvEWFfpQoRl5wfz-bm_wdfT5dGY0aXVr52D9A7Xt8VfrYkpvO6eqLgvuAQ9Cy_11C0TAiyFutoCU6ZUkVFwMmvPBGbgeUrvl3VGiYcerJjckJau6L5Kj2aupIQe_Q4TMIUYq1eppzVrTbw,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = FF NewTab: Mozilla\Firefox\Profiles\1txgspni.default -> file:///C:/ProgramData/Voyasollams/ff.NT FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [No File] FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft OneDrive\Office14\NPAUTHZ.DLL [No File] CHR HomePage: Default -> msn.com CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X] U3 idsvc; no ImagePath CustomCLSID: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F5D849D21103}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Task: {09E39A63-C7DD-4CF7-93DB-E8140441C668} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {0E5735A1-787A-4E29-8F86-83B8A70DF3B6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {14AF7C48-0215-4AE4-87A0-E5265785676D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {237C0530-E2A4-483F-AAC5-FB2B6B8EAEC9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {2668A604-7152-462E-8DCA-EE44EC9C4447} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {305B63AE-00B7-4811-9B83-373F348D8F3C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {603A8C21-F602-4BD3-BF57-DBD576CB3041} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {62DB96F2-6DEE-428F-9CD7-EDB8C06335F0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {66A67269-F044-41D7-A74F-77E1B2CEBB27} - \{441454EE-061A-4E56-A6ED-78A0B503EC7E} -> No File <==== ATTENTION Task: {67BE0CF8-4956-4B29-AB78-D33A9078344F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {8076338D-4A26-4E2E-BB2C-BE63BED32601} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {B664BF22-495B-4422-B0E0-38DEA3F95482} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {CB543D99-9983-464A-B819-560C38F9EB62} - System32\Tasks\{422CF431-AB16-0FAA-B9C8-36E08940984A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\3a29b21c\74398c44.dll" <==== ATTENTION Task: {D676D0D4-9536-462B-ABD0-4A6A4276E513} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {D790479B-1881-4459-9B8D-A71D55D36737} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {E507F484-039F-4E44-80F0-6FB7DE3A329A} - \CCleanerSkipUAC -> No File <==== ATTENTION HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) C:\ProgramData\Voyasollams C:\PROGRA~3\3a29b21c Hosts: EmptyTemp: End - Uloz na plochu s nazvom fixlist.txt
- Spusti znovu FRST a klikni na Fix
- Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
- Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Zavirováno. Prosím o kontrolu logu
Fix result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by Lubomir (12-11-2018 20:04:12) Run:1
Running from E:\
Loaded Profiles: Lubomir (Available Profiles: Lubomir & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
File: C:\Program Files\Intel\iCLS Client\HeciServer.exe
File: C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
File: C:\PROGRA~3\3a29b21c\74398c44.dll
File: C:\Windows\System32\ndptsp.tsp
Folder: C:\ProgramData\Voyasollams
Folder: C:\PROGRA~3\3a29b21c
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [] => [X]
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Policies\Explorer: []
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1di8g13ev7hibvEWFfpQoRl5wfz-bm_wdfT5dGY0aXVr52D9A7Xt8VfrYkpvO6eqLgvuAQ9Cy_11C0TAiyFutoCU6ZUkVFwMmvPBGbgeUrvl3VGiYcerJjckJau6L5Kj2aupIQe_Q4TMIUYq1eppzVrTbw,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
FF NewTab: Mozilla\Firefox\Profiles\1txgspni.default -> file:///C:/ProgramData/Voyasollams/ff.NT
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft OneDrive\Office14\NPAUTHZ.DLL [No File]
CHR HomePage: Default -> msn.com
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
U3 idsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F5D849D21103}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {09E39A63-C7DD-4CF7-93DB-E8140441C668} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {0E5735A1-787A-4E29-8F86-83B8A70DF3B6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {14AF7C48-0215-4AE4-87A0-E5265785676D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {237C0530-E2A4-483F-AAC5-FB2B6B8EAEC9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2668A604-7152-462E-8DCA-EE44EC9C4447} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {305B63AE-00B7-4811-9B83-373F348D8F3C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {603A8C21-F602-4BD3-BF57-DBD576CB3041} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {62DB96F2-6DEE-428F-9CD7-EDB8C06335F0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {66A67269-F044-41D7-A74F-77E1B2CEBB27} - \{441454EE-061A-4E56-A6ED-78A0B503EC7E} -> No File <==== ATTENTION
Task: {67BE0CF8-4956-4B29-AB78-D33A9078344F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8076338D-4A26-4E2E-BB2C-BE63BED32601} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B664BF22-495B-4422-B0E0-38DEA3F95482} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CB543D99-9983-464A-B819-560C38F9EB62} - System32\Tasks\{422CF431-AB16-0FAA-B9C8-36E08940984A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\3a29b21c\74398c44.dll" <==== ATTENTION
Task: {D676D0D4-9536-462B-ABD0-4A6A4276E513} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D790479B-1881-4459-9B8D-A71D55D36737} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E507F484-039F-4E44-80F0-6FB7DE3A329A} - \CCleanerSkipUAC -> No File <==== ATTENTION
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
C:\ProgramData\Voyasollams
C:\PROGRA~3\3a29b21c
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========
Count : 7
Average :
Sum : 7022
Maximum :
Minimum :
Property : Length
========= End of Powershell: =========
========================= File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe ========================
C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
File not signed
MD5: 1CF03C69B49ACB70C722DF92755C0C8C
Creation and modification date: 2005-04-04 00:41 - 2005-04-04 00:41
Size: 000069632
Attributes: ----A
Company Name: Macrovision Corporation
Internal Name: IDriverT
Original Name: IDriverT.exe
Product: InstallShield (R)
Description: IDriverT Module
File Version: 11.00.28844
Product Version: 11.00
Copyright: Copyright (C) 2005 Macrovision Corporation
VirusTotal: https://www.virustotal.com/file/c227850 ... 541900842/
====== End of File: ======
========================= File: C:\Program Files\Intel\iCLS Client\HeciServer.exe ========================
C:\Program Files\Intel\iCLS Client\HeciServer.exe
File not signed
MD5: DDA8E5AD97231AB50B81FED04C28F64C
Creation and modification date: 2013-02-13 12:46 - 2013-02-13 12:46
Size: 000731648
Attributes: ----A
Company Name: Intel(R) Corporation
Internal Name: HeciServer
Original Name: HeciServer.exe
Product: Intel(R) Capability Licensing Service Interface
Description: Intel(R) Capability Licensing Service Interface
File Version: 1.27.798.1 sys_sysscbld
Product Version: 1,27,798,1
Copyright: (C) Copyright Intel(R) Corporation
VirusTotal: https://www.virustotal.com/file/5c9e8f7 ... 540989760/
====== End of File: ======
========================= File: C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe ========================
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
File not signed
MD5: EA569D48B2E755AF6D96F03F3335D98A
Creation and modification date: 2015-08-31 20:22 - 2010-04-16 15:10
Size: 000036864
Attributes: ----A
Company Name: Realtek
Internal Name: RtlService
Original Name: RtlService.EXE
Product: RtlService Application
Description: RtlService MFC Application
File Version: 700, 1006, 416, 2010
Product Version: 700, 1006, 416, 2010
Copyright: Copyright (C) 2010
VirusTotal: https://www.virustotal.com/file/eed2dcd ... 537184126/
====== End of File: ======
========================= File: C:\PROGRA~3\3a29b21c\74398c44.dll ========================
"C:\PROGRA~3\3a29b21c\74398c44.dll" => not found
====== End of File: ======
========================= File: C:\Windows\System32\ndptsp.tsp ========================
"C:\Windows\System32\ndptsp.tsp" => not found
====== End of File: ======
========================= Folder: C:\ProgramData\Voyasollams ========================
not found.
====== End of Folder: ======
========================= Folder: C:\PROGRA~3\3a29b21c ========================
not found.
====== End of Folder: ======
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => removed successfully
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => not found
"Firefox newtab" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0 => removed successfully
"Chrome HomePage" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\imhlianhlhdicjchlbmbfaefhhjencbe => removed successfully
HKLM\System\CurrentControlSet\Services\EsgScanner => removed successfully
EsgScanner => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F5D849D21103} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => removed successfully
HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09E39A63-C7DD-4CF7-93DB-E8140441C668}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09E39A63-C7DD-4CF7-93DB-E8140441C668}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E5735A1-787A-4E29-8F86-83B8A70DF3B6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E5735A1-787A-4E29-8F86-83B8A70DF3B6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14AF7C48-0215-4AE4-87A0-E5265785676D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14AF7C48-0215-4AE4-87A0-E5265785676D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{237C0530-E2A4-483F-AAC5-FB2B6B8EAEC9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{237C0530-E2A4-483F-AAC5-FB2B6B8EAEC9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2668A604-7152-462E-8DCA-EE44EC9C4447}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2668A604-7152-462E-8DCA-EE44EC9C4447}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{305B63AE-00B7-4811-9B83-373F348D8F3C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{305B63AE-00B7-4811-9B83-373F348D8F3C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{603A8C21-F602-4BD3-BF57-DBD576CB3041}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{603A8C21-F602-4BD3-BF57-DBD576CB3041}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62DB96F2-6DEE-428F-9CD7-EDB8C06335F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62DB96F2-6DEE-428F-9CD7-EDB8C06335F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66A67269-F044-41D7-A74F-77E1B2CEBB27}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66A67269-F044-41D7-A74F-77E1B2CEBB27}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{441454EE-061A-4E56-A6ED-78A0B503EC7E}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67BE0CF8-4956-4B29-AB78-D33A9078344F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67BE0CF8-4956-4B29-AB78-D33A9078344F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8076338D-4A26-4E2E-BB2C-BE63BED32601}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8076338D-4A26-4E2E-BB2C-BE63BED32601}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B664BF22-495B-4422-B0E0-38DEA3F95482}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B664BF22-495B-4422-B0E0-38DEA3F95482}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB543D99-9983-464A-B819-560C38F9EB62}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB543D99-9983-464A-B819-560C38F9EB62}" => removed successfully
C:\WINDOWS\System32\Tasks\{422CF431-AB16-0FAA-B9C8-36E08940984A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{422CF431-AB16-0FAA-B9C8-36E08940984A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D676D0D4-9536-462B-ABD0-4A6A4276E513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D676D0D4-9536-462B-ABD0-4A6A4276E513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D790479B-1881-4459-9B8D-A71D55D36737}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D790479B-1881-4459-9B8D-A71D55D36737}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E507F484-039F-4E44-80F0-6FB7DE3A329A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E507F484-039F-4E44-80F0-6FB7DE3A329A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"C:\ProgramData\Voyasollams" => not found
"C:\PROGRA~3\3a29b21c" => not found
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42554194 B
Java, Flash, Steam htmlcache => 277040418 B
Windows/system/drivers => 10385846 B
Edge => 79438 B
Chrome => 46736304 B
Firefox => 777669724 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 39202 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5390 B
LocalService => 0 B
NetworkService => 970 B
NetworkService => 0 B
Lubomir => 147405822 B
DefaultAppPool => 39202 B
RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-11-2018 20:08:32)
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
==== End of Fixlog 20:08:33 ====
Ran by Lubomir (12-11-2018 20:04:12) Run:1
Running from E:\
Loaded Profiles: Lubomir (Available Profiles: Lubomir & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
File: C:\Program Files\Intel\iCLS Client\HeciServer.exe
File: C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
File: C:\PROGRA~3\3a29b21c\74398c44.dll
File: C:\Windows\System32\ndptsp.tsp
Folder: C:\ProgramData\Voyasollams
Folder: C:\PROGRA~3\3a29b21c
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Run: [] => [X]
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\...\Policies\Explorer: []
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkTHV_qFAQNhC1di8g13ev7hibvEWFfpQoRl5wfz-bm_wdfT5dGY0aXVr52D9A7Xt8VfrYkpvO6eqLgvuAQ9Cy_11C0TAiyFutoCU6ZUkVFwMmvPBGbgeUrvl3VGiYcerJjckJau6L5Kj2aupIQe_Q4TMIUYq1eppzVrTbw,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
FF NewTab: Mozilla\Firefox\Profiles\1txgspni.default -> file:///C:/ProgramData/Voyasollams/ff.NT
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [No File]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft OneDrive\Office14\NPAUTHZ.DLL [No File]
CHR HomePage: Default -> msn.com
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
U3 idsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-3332989908-1278005487-3233361258-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F5D849D21103}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {09E39A63-C7DD-4CF7-93DB-E8140441C668} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {0E5735A1-787A-4E29-8F86-83B8A70DF3B6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {14AF7C48-0215-4AE4-87A0-E5265785676D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {237C0530-E2A4-483F-AAC5-FB2B6B8EAEC9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2668A604-7152-462E-8DCA-EE44EC9C4447} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {305B63AE-00B7-4811-9B83-373F348D8F3C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {603A8C21-F602-4BD3-BF57-DBD576CB3041} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {62DB96F2-6DEE-428F-9CD7-EDB8C06335F0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {66A67269-F044-41D7-A74F-77E1B2CEBB27} - \{441454EE-061A-4E56-A6ED-78A0B503EC7E} -> No File <==== ATTENTION
Task: {67BE0CF8-4956-4B29-AB78-D33A9078344F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8076338D-4A26-4E2E-BB2C-BE63BED32601} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B664BF22-495B-4422-B0E0-38DEA3F95482} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CB543D99-9983-464A-B819-560C38F9EB62} - System32\Tasks\{422CF431-AB16-0FAA-B9C8-36E08940984A} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\3a29b21c\74398c44.dll" <==== ATTENTION
Task: {D676D0D4-9536-462B-ABD0-4A6A4276E513} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D790479B-1881-4459-9B8D-A71D55D36737} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E507F484-039F-4E44-80F0-6FB7DE3A329A} - \CCleanerSkipUAC -> No File <==== ATTENTION
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
C:\ProgramData\Voyasollams
C:\PROGRA~3\3a29b21c
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========
Count : 7
Average :
Sum : 7022
Maximum :
Minimum :
Property : Length
========= End of Powershell: =========
========================= File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe ========================
C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
File not signed
MD5: 1CF03C69B49ACB70C722DF92755C0C8C
Creation and modification date: 2005-04-04 00:41 - 2005-04-04 00:41
Size: 000069632
Attributes: ----A
Company Name: Macrovision Corporation
Internal Name: IDriverT
Original Name: IDriverT.exe
Product: InstallShield (R)
Description: IDriverT Module
File Version: 11.00.28844
Product Version: 11.00
Copyright: Copyright (C) 2005 Macrovision Corporation
VirusTotal: https://www.virustotal.com/file/c227850 ... 541900842/
====== End of File: ======
========================= File: C:\Program Files\Intel\iCLS Client\HeciServer.exe ========================
C:\Program Files\Intel\iCLS Client\HeciServer.exe
File not signed
MD5: DDA8E5AD97231AB50B81FED04C28F64C
Creation and modification date: 2013-02-13 12:46 - 2013-02-13 12:46
Size: 000731648
Attributes: ----A
Company Name: Intel(R) Corporation
Internal Name: HeciServer
Original Name: HeciServer.exe
Product: Intel(R) Capability Licensing Service Interface
Description: Intel(R) Capability Licensing Service Interface
File Version: 1.27.798.1 sys_sysscbld
Product Version: 1,27,798,1
Copyright: (C) Copyright Intel(R) Corporation
VirusTotal: https://www.virustotal.com/file/5c9e8f7 ... 540989760/
====== End of File: ======
========================= File: C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe ========================
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
File not signed
MD5: EA569D48B2E755AF6D96F03F3335D98A
Creation and modification date: 2015-08-31 20:22 - 2010-04-16 15:10
Size: 000036864
Attributes: ----A
Company Name: Realtek
Internal Name: RtlService
Original Name: RtlService.EXE
Product: RtlService Application
Description: RtlService MFC Application
File Version: 700, 1006, 416, 2010
Product Version: 700, 1006, 416, 2010
Copyright: Copyright (C) 2010
VirusTotal: https://www.virustotal.com/file/eed2dcd ... 537184126/
====== End of File: ======
========================= File: C:\PROGRA~3\3a29b21c\74398c44.dll ========================
"C:\PROGRA~3\3a29b21c\74398c44.dll" => not found
====== End of File: ======
========================= File: C:\Windows\System32\ndptsp.tsp ========================
"C:\Windows\System32\ndptsp.tsp" => not found
====== End of File: ======
========================= Folder: C:\ProgramData\Voyasollams ========================
not found.
====== End of Folder: ======
========================= Folder: C:\PROGRA~3\3a29b21c ========================
not found.
====== End of Folder: ======
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => removed successfully
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => not found
"Firefox newtab" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0 => removed successfully
"Chrome HomePage" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\imhlianhlhdicjchlbmbfaefhhjencbe => removed successfully
HKLM\System\CurrentControlSet\Services\EsgScanner => removed successfully
EsgScanner => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKU\S-1-5-21-3332989908-1278005487-3233361258-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F5D849D21103} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => removed successfully
HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09E39A63-C7DD-4CF7-93DB-E8140441C668}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09E39A63-C7DD-4CF7-93DB-E8140441C668}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E5735A1-787A-4E29-8F86-83B8A70DF3B6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E5735A1-787A-4E29-8F86-83B8A70DF3B6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14AF7C48-0215-4AE4-87A0-E5265785676D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14AF7C48-0215-4AE4-87A0-E5265785676D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{237C0530-E2A4-483F-AAC5-FB2B6B8EAEC9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{237C0530-E2A4-483F-AAC5-FB2B6B8EAEC9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2668A604-7152-462E-8DCA-EE44EC9C4447}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2668A604-7152-462E-8DCA-EE44EC9C4447}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{305B63AE-00B7-4811-9B83-373F348D8F3C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{305B63AE-00B7-4811-9B83-373F348D8F3C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{603A8C21-F602-4BD3-BF57-DBD576CB3041}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{603A8C21-F602-4BD3-BF57-DBD576CB3041}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62DB96F2-6DEE-428F-9CD7-EDB8C06335F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62DB96F2-6DEE-428F-9CD7-EDB8C06335F0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66A67269-F044-41D7-A74F-77E1B2CEBB27}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66A67269-F044-41D7-A74F-77E1B2CEBB27}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{441454EE-061A-4E56-A6ED-78A0B503EC7E}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67BE0CF8-4956-4B29-AB78-D33A9078344F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67BE0CF8-4956-4B29-AB78-D33A9078344F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8076338D-4A26-4E2E-BB2C-BE63BED32601}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8076338D-4A26-4E2E-BB2C-BE63BED32601}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B664BF22-495B-4422-B0E0-38DEA3F95482}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B664BF22-495B-4422-B0E0-38DEA3F95482}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB543D99-9983-464A-B819-560C38F9EB62}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB543D99-9983-464A-B819-560C38F9EB62}" => removed successfully
C:\WINDOWS\System32\Tasks\{422CF431-AB16-0FAA-B9C8-36E08940984A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{422CF431-AB16-0FAA-B9C8-36E08940984A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D676D0D4-9536-462B-ABD0-4A6A4276E513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D676D0D4-9536-462B-ABD0-4A6A4276E513}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D790479B-1881-4459-9B8D-A71D55D36737}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D790479B-1881-4459-9B8D-A71D55D36737}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E507F484-039F-4E44-80F0-6FB7DE3A329A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E507F484-039F-4E44-80F0-6FB7DE3A329A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"C:\ProgramData\Voyasollams" => not found
"C:\PROGRA~3\3a29b21c" => not found
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42554194 B
Java, Flash, Steam htmlcache => 277040418 B
Windows/system/drivers => 10385846 B
Edge => 79438 B
Chrome => 46736304 B
Firefox => 777669724 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 39202 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5390 B
LocalService => 0 B
NetworkService => 970 B
NetworkService => 0 B
Lubomir => 147405822 B
DefaultAppPool => 39202 B
RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-11-2018 20:08:32)
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
==== End of Fixlog 20:08:33 ====
Re: Zavirováno. Prosím o kontrolu logu
Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy? Stiahni a uloz na plochu ESET Online Scanner: ceska verzia | slovenska verzia
- Odsuhlas licencne podmienky
- Vyber moznost Zapnut detekciu potencialne nechcenych aplikacii
- Otvor rozsirene nastavenia
- Zaskrtni prvu moznost Zapnut detekciu potenciale zneuzitelnych aplikacii
- Klikni na Kontrola alebo Spustit
- Pockaj na dokoncenie - tento sken moze trvat aj niekolko hodin (zavisi od velkosti a rychlosti diskov)
- V pripade nalezov:
- Klikni na Ulozit do textoveho suboru
- Napis nazov napr. "eset" a uloz log na plochu
- Obsah tohto logu sem skopiruj
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Zavirováno. Prosím o kontrolu logu
Pomalu to vypadá, že to bude čistý. 5 nálezů, z toho 3 pravděpodobně z tohoto zavirování.
C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe varianta infiltrace Win32/Freemake.A potenciálně nechtěná aplikace vyléčen smazáním
C:\Program Files (x86)\Windows Live\Photo Gallery\WinMovieMakerEx.exe varianta infiltrace MSIL/MovieZilla.B potenciálně nechtěná aplikace vyléčen smazáním
C:\Program Files (x86)\Windows Live\Photo Gallery\Output_CMM\FaceBookUpload.exe varianta infiltrace MSIL/MovieZilla.A potenciálně nechtěná aplikace vyléčen smazáním
C:\Program Files (x86)\Windows Live\Photo Gallery\OutPut_Free\FaceBookUpload.exe varianta infiltrace MSIL/MovieZilla.A potenciálně nechtěná aplikace vyléčen smazáním
E:\Dropbox\Brácha\Střih videa\UPDATE11-Adobe Premiere Pro CC 2017.1 11.1.0.222 RePack by KpoJIuK.iso více hrozeb,NSIS/TrojanDropper.Addrop.B trojský kůň,Win32/Adware.HiRu.G aplikace,je v pořádku
C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe varianta infiltrace Win32/Freemake.A potenciálně nechtěná aplikace vyléčen smazáním
C:\Program Files (x86)\Windows Live\Photo Gallery\WinMovieMakerEx.exe varianta infiltrace MSIL/MovieZilla.B potenciálně nechtěná aplikace vyléčen smazáním
C:\Program Files (x86)\Windows Live\Photo Gallery\Output_CMM\FaceBookUpload.exe varianta infiltrace MSIL/MovieZilla.A potenciálně nechtěná aplikace vyléčen smazáním
C:\Program Files (x86)\Windows Live\Photo Gallery\OutPut_Free\FaceBookUpload.exe varianta infiltrace MSIL/MovieZilla.A potenciálně nechtěná aplikace vyléčen smazáním
E:\Dropbox\Brácha\Střih videa\UPDATE11-Adobe Premiere Pro CC 2017.1 11.1.0.222 RePack by KpoJIuK.iso více hrozeb,NSIS/TrojanDropper.Addrop.B trojský kůň,Win32/Adware.HiRu.G aplikace,je v pořádku
Re: Zavirováno. Prosím o kontrolu logu
Spusti este tento fixlist: Otvor poznamkovy blok (Win+R -> notepad -> enter)
- Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:
Kód: Vybrat vše
Start Folder: C:\Users\Public\Speedup Sessions Folder: C:\Program Files\S2G9BEIMIR Folder: C:\Users\Lubomir\AppData\Roaming\jldgp2nt5f5 Folder: C:\Program Files (x86)\Freemake Folder: C:\Program Files (x86)\Windows Live 2018-11-07 21:34 - 2018-11-07 21:34 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Tempzxpsign53f4723f67ad5804 2018-11-07 21:23 - 2018-11-07 21:23 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Tempzxpsign44b51582ecfe9b31 2018-11-07 20:34 - 2018-11-07 20:34 - 000000000 ____D C:\Users\Lubomir\AppData\Local\Tempzxpsigna19744f587b9ce8f End - Uloz na plochu s nazvom fixlist.txt
- Spusti znovu FRST a klikni na Fix
- Pockaj na dokoncenie
- Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Re: Zavirováno. Prosím o kontrolu logu
Fixlog je moc velký. Přikládám.
Díky
Díky
- Přílohy
-
- Fixlog.zip
- (31.04 KiB) Staženo 53 x
Re: Zavirováno. Prosím o kontrolu logu
Poprosim o obidva nove logy z FRST. Ako to vyzera s PC? Nastala nejaka zmena alebo su este nejake problemy?Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
Přispějete na provoz fóra?