Prosím o kontrolu

[yriv]

Zdravím, prosím o kontrolu, pc od včera po zapnutí nabehne normálne, po chvíli však všetko akoby zamrzne a vypne sa antivírus. Funguje len safe mod, obnova systému nefunguje, vždy mi napíše že zlyhala.

Logfile of random's system information tool 1.10 (written by random/random)
Run by ToM at 2019-03-20 07:57:36
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 163 GB (34%) free of 477 GB
Total RAM: 3575 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:57:47, on 20. 3. 2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\ToM\Desktop\RSIT.exe
C:\Program Files\trend micro\ToM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - C:\PROGRA~1\SPYWAR~1\STINTE~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ShadowPlay] "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTOS
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\72.0.3626.121\elevation_service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MRAC Service (mracsvc) - LLC Mail.Ru - C:\Windows\System32\mracsvc.exe
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler Group, LLC - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 6659 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\ToM\AppData\Roaming\Mozilla\Firefox\Profiles\fwzwd0n3.default-1535921260799

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"detgdp@gmail.com"=C:\Users\ToM\AppData\Roaming\Mozilla\Firefox\Profiles\ok13uiwk.default\extensions\detgdp@gmail.com
"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.142 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_142.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13]
"Description"=15.0.1.13
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
npwachk.dll
nsjsrealplayerplugin.xpt
QuickTimePlugin.class

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~1\SPYWAR~1\STINTE~1.DLL [2015-07-28 1255248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-01-04 10021480]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2016-11-17 67384]
"SpywareTerminatorShield"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2017-03-03 5349128]
"SpywareTerminatorUpdater"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2017-03-03 5585664]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"ShadowPlay"=C:\Windows\system32\nvspcap.dll [2017-09-19 1505728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2018-09-10 13797712]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2011-08-15 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2019-03-19 07:49:23 ----A---- C:\Windows\ntbtlog.txt

======List of files/folders modified in the last 1 month======

2019-03-20 07:57:36 ----D---- C:\Program Files\trend micro
2019-03-20 07:36:15 ----D---- C:\Program Files\Mozilla Firefox
2019-03-20 07:34:11 ----D---- C:\Windows\temp
2019-03-20 07:21:33 ----D---- C:\ProgramData\NVIDIA
2019-03-20 07:21:12 ----D---- C:\Program Files\Hi-Rez Studios
2019-03-19 08:02:11 ----SHD---- C:\Windows\Installer
2019-03-19 08:02:11 ----HD---- C:\Config.Msi
2019-03-19 08:02:01 ----SHD---- C:\System Volume Information
2019-03-19 08:01:47 ----D---- C:\Program Files\Google
2019-03-19 08:01:16 ----D---- C:\Windows\Prefetch
2019-03-19 07:59:03 ----D---- C:\Windows\inf
2019-03-19 07:58:36 ----D---- C:\Windows
2019-03-19 07:44:33 ----D---- C:\Program Files\Opera
2019-03-19 07:43:21 ----D---- C:\Windows\SoftwareDistribution
2019-03-19 07:42:51 ----D---- C:\Windows\Minidump
2019-03-19 07:36:58 ----A---- C:\Users\ToM\AppData\Roaming\CamShapes.ini
2019-03-19 07:36:58 ----A---- C:\Users\ToM\AppData\Roaming\CamLayout.ini
2019-03-19 07:36:58 ----A---- C:\Users\ToM\AppData\Roaming\Camdata.ini
2019-03-19 07:19:05 ----D---- C:\ProgramData\Spyware Terminator
2019-03-18 13:17:17 ----D---- C:\Windows\system32\config
2019-03-18 08:07:57 ----D---- C:\Windows\system32\catroot2
2019-03-04 18:56:09 ----D---- C:\Program Files\Steam
2019-03-02 07:22:05 ----D---- C:\Program Files\Common Files\Steam
2019-02-26 20:40:53 ----D---- C:\Users\ToM\AppData\Roaming\uTorrent
2019-02-25 07:50:27 ----D---- C:\Windows\System32
2019-02-25 07:50:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2019-02-23 15:36:49 ----A---- C:\Windows\system32\mracsvc.exe
2019-02-23 12:57:56 ----D---- C:\Users\ToM\AppData\Roaming\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-19 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-17 218688]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-01-26 32256]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-01-26 52224]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 MEI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2010-09-21 41088]
R3 nvvhci;NVVHCI Enumerator Service; C:\Windows\system32\DRIVERS\nvvhci.sys [2017-06-21 50296]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-12-24 327784]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
S1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
S1 MpKsl95ab5e85;MpKsl95ab5e85; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{90910165-A896-4B79-B578-7D54B5651615}\MpKsl95ab5e85.sys [2019-03-19 49504]
S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-06-21 32768]
S2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ALSysIO;ALSysIO; \??\C:\Users\ToM\AppData\Local\Temp\ALSysIO.sys []
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-01-04 3358120]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 mracdrv;MRAC Driver; C:\Windows\System32\drivers\mracdrv.sys [2019-02-23 8134568]
S3 MSICDSetup;MSICDSetup; \??\D:\CDriver.sys []
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2017-09-16 183896]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-09-19 27584]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2017-10-11 44992]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\Windows\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2016-03-28 45056]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-06-12 82112]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-09-22 67384]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 390416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27 144200]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [2017-09-20 9728]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11 466368]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-09-16 425592]
S2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-09-19 449984]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2017-03-15 2133768]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 EasyAntiCheat;EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [2017-10-03 382504]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files\Google\Chrome\Application\72.0.3626.121\elevation_service.exe [2019-03-01 1043440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27 144200]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2019-02-10 217040]
S3 mracsvc;MRAC Service; C:\Windows\System32\mracsvc.exe [2019-02-23 8869528]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11 466368]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 Origin Client Service;Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2016-08-09 2122248]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2019-02-18 1693472]
S3 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2013-11-06 758224]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

-----------------EOF-----------------

[JaRon]

ahoj,
1. ako je to s legalnostou w7
2. prescanuj s AVPTool

[yriv]

PC skladal známy pred rokmi, takže popravde neviem.
Prescanoval som, program našiel nejaký Adware, po zmazaní problém trvá.

[JaRon]

vycisti PC s ADWCleanerom a vloz oba logy FRST po vycisteni

[yriv]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-03-2019
Ran by ToM (administrator) on TOM-PC (21-03-2019 07:37:58)
Running from C:\Users\ToM\Desktop
Loaded Profiles: ToM (Available Profiles: ToM)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Angličtina (USA)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10021480 2011-01-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) [File not signed]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997408 2010-11-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [5349128 2017-03-03] (Crawler Group, LLC -> Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [5585664 2017-03-03] (Crawler Group, LLC -> Crawler Group, LLC)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) [File not signed]
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1505728 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
HKU\S-1-5-21-3048799603-1129691480-120217510-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd -> DT Soft Ltd)
HKU\S-1-5-21-3048799603-1129691480-120217510-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [447752 2008-09-04] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [447752 2008-09-04] (Electronic Arts -> On2.com)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-06] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-11-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1D2228EB-8F05-43B7-905D-D7A0FC61BF1F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3048799603-1129691480-120217510-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3048799603-1129691480-120217510-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3048799603-1129691480-120217510-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3048799603-1129691480-120217510-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files\Spyware Terminator\STInternetGuard.dll [2015-07-28] (Crawler Group, LLC -> Crawler Group, LLC)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fwzwd0n3.default-1535921260799
FF ProfilePath: C:\Users\ToM\AppData\Roaming\Mozilla\Firefox\Profiles\fwzwd0n3.default-1535921260799 [2019-03-21]
FF Extension: (Video DownloadHelper) - C:\Users\ToM\AppData\Roaming\Mozilla\Firefox\Profiles\fwzwd0n3.default-1535921260799\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-09-04]
FF Extension: (No Name) - C:\Users\ToM\AppData\Roaming\Mozilla\Firefox\Profiles\fwzwd0n3.default-1535921260799\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-03-15]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-02-02] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\ToM\AppData\Roaming\Mozilla\Firefox\Profiles\ok13uiwk.default\extensions\detgdp@gmail.com => not found
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-11-09] [Legacy] [not signed]
FF HKU\S-1-5-21-3048799603-1129691480-120217510-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-17] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-09-16] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-09-16] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin: @real.com/nprjplug;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-02-02] (RealNetworks, Inc.) [File not signed]
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-02-02] (RealNetworks, Inc.) [File not signed]
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-02-02] (RealNetworks, Inc.) [File not signed]
FF Plugin: @real.com/nprpjplug;version=15.0.1.13 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2012-02-02] (RealNetworks, Inc.) [File not signed]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\ToM\AppData\Local\Google\Chrome\User Data\Default [2019-03-19]
CHR Extension: (Dokumenty) - C:\Users\ToM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-01]
CHR Extension: (Google Drive) - C:\Users\ToM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-26]
CHR Extension: (YouTube) - C:\Users\ToM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-26]
CHR Extension: (Adblock Plus) - C:\Users\ToM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-20]
CHR Extension: (Tabuľky) - C:\Users\ToM\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-01]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\ToM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-01]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\ToM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2017-04-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ToM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-01]
CHR Extension: (Gmail) - C:\Users\ToM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\ToM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-20]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-02-02]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.delta-homes.com/?type=sc&ts=1419578 ... 2438324383

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [382504 2017-10-03] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-20] (Hi-Rez Studios) [File not signed]
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 mracsvc; C:\Windows\System32\mracsvc.exe [8869528 2019-02-23] (Mail.Ru LLC -> LLC Mail.Ru)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation -> Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [206360 2010-11-11] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2122248 2016-08-09] (Electronic Arts, Inc. -> Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
S2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [2133768 2017-03-15] (Crawler Group, LLC -> Crawler Group, LLC)
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] (Giga-Byte Technology -> )
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-06-17] (DT Soft Ltd -> DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft Inc. -> SlySoft, Inc.)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [25160 2007-08-07] (Elaborate Bytes AG -> Elaborate Bytes AG)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32256 2011-01-26] (Etron Technology, Inc. -> Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52224 2011-01-26] (Etron Technology, Inc. -> Etron Technology Inc)
S3 EverestDriver; C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [7168 2005-08-17] () [File not signed]
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation -> Microsoft Corporation)
S1 MpKsl95ab5e85; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{90910165-A896-4B79-B578-7D54B5651615}\MpKsl95ab5e85.sys [49504 2019-03-19] () [File not signed]
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation -> Microsoft Corporation)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [8134568 2019-02-23] (Mail.Ru LLC -> LLC Mail.Ru)
S2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44992 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [50296 2017-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
S3 s716bus; C:\Windows\System32\DRIVERS\s716bus.sys [83208 2007-04-04] (MCCI Corporation -> MCCI Corporation)
S3 s716mdfl; C:\Windows\System32\DRIVERS\s716mdfl.sys [15112 2007-04-04] (MCCI Corporation -> MCCI Corporation)
S3 s716mdm; C:\Windows\System32\DRIVERS\s716mdm.sys [108552 2007-04-04] (MCCI Corporation -> MCCI Corporation)
S3 s716mgmt; C:\Windows\System32\DRIVERS\s716mgmt.sys [100360 2007-04-04] (MCCI Corporation -> MCCI Corporation)
S3 s716obex; C:\Windows\System32\DRIVERS\s716obex.sys [98568 2007-04-04] (MCCI Corporation -> MCCI Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net GmbH -> Tunngle.net)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 ALSysIO; \??\C:\Users\ToM\AppData\Local\Temp\ALSysIO.sys [X] <==== ATTENTION
U2 eamonm; no ImagePath
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S1 sp_rsdrv2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-21 07:37 - 2019-03-21 07:38 - 000020396 _____ C:\Users\ToM\Desktop\FRST.txt
2019-03-21 07:37 - 2019-03-21 07:37 - 000000000 ____D C:\FRST
2019-03-21 07:36 - 2019-03-21 07:36 - 001793024 _____ (Farbar) C:\Users\ToM\Desktop\FRST.exe
2019-03-21 07:27 - 2019-03-21 07:27 - 000000288 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2019-03-21 07:24 - 2019-03-21 07:24 - 007316688 _____ (Malwarebytes) C:\Users\ToM\Downloads\adwcleaner_7.2.7.0.exe
2019-03-20 09:10 - 2019-03-20 11:20 - 000000000 ____D C:\KVRT_Data
2019-03-20 09:09 - 2019-03-20 09:09 - 158769448 _____ (AO Kaspersky Lab) C:\Users\ToM\Downloads\KVRT.exe
2019-03-19 07:49 - 2019-03-21 07:28 - 000886228 _____ C:\Windows\ntbtlog.txt
2019-03-18 15:05 - 2019-03-18 15:05 - 007505920 _____ C:\Users\ToM\Desktop\4.avi
2019-03-18 14:36 - 2019-03-18 14:36 - 009658368 _____ C:\Users\ToM\Desktop\1.avi
2019-03-01 10:00 - 2019-03-01 10:00 - 000078474 _____ C:\Users\ToM\Desktop\ako-si-poradit-s-uzkostou-2.pdf
2019-02-23 12:27 - 2019-02-23 12:52 - 000000000 ____D C:\Users\ToM\Desktop\American.Honey.2016.HDRip.XviD.AC3-EVO

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-21 07:38 - 2016-11-19 16:17 - 000000000 ____D C:\Users\ToM\AppData\LocalLow\Mozilla
2019-03-21 07:35 - 2017-07-01 05:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-03-21 07:26 - 2014-12-26 10:11 - 000000000 ____D C:\AdwCleaner
2019-03-20 11:34 - 2011-06-16 17:31 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-20 11:32 - 2017-10-03 12:15 - 000000000 ____D C:\Program Files\Hi-Rez Studios
2019-03-20 11:31 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-20 11:30 - 2009-07-14 05:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-20 11:30 - 2009-07-14 05:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-20 11:28 - 2014-10-13 18:47 - 000000000 ____D C:\ProgramData\Spyware Terminator
2019-03-20 07:57 - 2015-11-06 20:40 - 000000000 ____D C:\Program Files\trend micro
2019-03-19 08:01 - 2011-06-19 11:09 - 000000000 ____D C:\Program Files\Google
2019-03-19 07:59 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-03-19 07:44 - 2011-06-16 12:20 - 000000000 ____D C:\Program Files\Opera
2019-03-19 07:42 - 2011-06-16 12:33 - 000000000 ____D C:\Windows\Minidump
2019-03-19 07:36 - 2014-02-28 21:28 - 000004545 _____ C:\Users\ToM\AppData\Roaming\CamStudio.cfg
2019-03-19 07:36 - 2014-02-28 21:28 - 000000408 _____ C:\Users\ToM\AppData\Roaming\CamShapes.ini
2019-03-19 07:36 - 2014-02-28 21:28 - 000000408 _____ C:\Users\ToM\AppData\Roaming\CamLayout.ini
2019-03-19 07:36 - 2014-02-28 21:28 - 000000096 _____ C:\Users\ToM\AppData\Roaming\Camdata.ini
2019-03-19 07:36 - 2014-02-28 21:27 - 000000096 _____ C:\Users\ToM\AppData\Roaming\version2.xml
2019-03-19 07:16 - 2009-07-14 05:53 - 000032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-03-18 15:13 - 2014-02-28 21:27 - 000000000 ____D C:\Users\ToM\Documents\My CamStudio Temp Files
2019-03-18 15:06 - 2014-02-28 21:27 - 000000000 ____D C:\Users\ToM\Documents\My CamStudio Videos
2019-03-10 16:52 - 2011-06-18 06:59 - 000000000 ____D C:\Users\ToM\AppData\Local\Paint.NET
2019-03-04 18:56 - 2013-09-16 18:03 - 000000000 ____D C:\Program Files\Steam
2019-03-04 18:54 - 2017-03-19 12:32 - 000000000 ____D C:\Users\ToM\AppData\Local\CrashDumps
2019-03-02 09:38 - 2019-02-01 09:06 - 000000000 ____D C:\Users\ToM\Documents\Euro Truck Simulator 2
2019-03-02 07:22 - 2011-06-18 13:45 - 000000000 ____D C:\Program Files\Common Files\Steam
2019-03-01 15:41 - 2017-09-12 06:31 - 000000000 ____D C:\Users\ToM\dwhelper
2019-02-26 20:40 - 2017-03-05 13:42 - 000000000 ____D C:\Users\ToM\AppData\Roaming\uTorrent
2019-02-25 07:50 - 2011-06-16 17:28 - 000785526 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-23 15:36 - 2017-10-13 09:39 - 008134568 _____ (LLC Mail.Ru) C:\Windows\system32\Drivers\mracdrv.sys
2019-02-23 15:36 - 2017-10-13 09:38 - 008869528 _____ (LLC Mail.Ru) C:\Windows\system32\mracsvc.exe
2019-02-23 15:08 - 2011-06-16 16:06 - 000000000 ____D C:\Users\ToM\AppData\Local\SecondLife
2019-02-23 12:57 - 2015-01-19 20:26 - 000000000 ____D C:\Users\ToM\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2014-05-28 07:06 - 2014-05-28 07:06 - 000000000 ____D () C:\Users\ToM\zal.reg
2013-03-30 12:16 - 2013-03-30 12:27 - 000000004 _____ () C:\Users\ToM\AppData\Roaming\AltShell.ini
2014-01-26 11:02 - 2017-03-05 13:09 - 000000000 _____ () C:\Users\ToM\AppData\Roaming\bitlord_log.txt
2014-02-28 21:28 - 2019-03-19 07:36 - 000000096 _____ () C:\Users\ToM\AppData\Roaming\Camdata.ini
2014-02-28 21:28 - 2019-03-19 07:36 - 000000408 _____ () C:\Users\ToM\AppData\Roaming\CamLayout.ini
2014-02-28 21:28 - 2019-03-19 07:36 - 000000408 _____ () C:\Users\ToM\AppData\Roaming\CamShapes.ini
2014-02-28 21:28 - 2019-03-19 07:36 - 000004545 _____ () C:\Users\ToM\AppData\Roaming\CamStudio.cfg
2014-02-28 21:27 - 2019-03-19 07:36 - 000000096 _____ () C:\Users\ToM\AppData\Roaming\version2.xml
2014-04-19 09:57 - 2014-04-19 09:57 - 000000000 ___SH () C:\Users\ToM\AppData\Local\LumaEmu
2017-03-05 13:12 - 2017-03-05 13:12 - 000000218 _____ () C:\Users\ToM\AppData\Local\recently-used.xbel
2011-10-23 20:35 - 2011-10-23 20:35 - 000007597 _____ () C:\Users\ToM\AppData\Local\Resmon.ResmonCfg
2011-06-16 16:47 - 2012-08-28 13:52 - 000076503 _____ () C:\Users\ToM\AppData\Local\SRDownloader.err
2012-04-18 14:01 - 2012-04-18 14:01 - 000000040 _____ () C:\Users\ToM\AppData\Local\SRDownloader.log
2011-06-16 16:47 - 2012-09-23 11:20 - 000001368 _____ () C:\Users\ToM\AppData\Local\SRDownloader.nast
2017-08-14 12:35 - 2017-08-14 12:36 - 000000000 _____ () C:\Users\ToM\AppData\Local\{24799CF6-8BE5-4389-8E6A-1853AE752C00}

Files to move or delete:
====================
C:\Users\ToM\AppData\Roaming\AltShell.ini


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-03-15 17:01

==================== End of FRST.txt ============================

[yriv]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-03-2019
Ran by ToM (21-03-2019 07:39:02)
Running from C:\Users\ToM\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2011-06-16 16:10:51)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3048799603-1129691480-120217510-500 - Administrator - Disabled)
Guest (S-1-5-21-3048799603-1129691480-120217510-501 - Limited - Disabled)
ToM (S-1-5-21-3048799603-1129691480-120217510-1000 - Administrator - Enabled) => C:\Users\ToM

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3048799603-1129691480-120217510-1000\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0015-041B-0000-0000000FF1CE}_ENTERPRISE_{F69A7281-8297-47E2-B583-36EAA37C89EE}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0016-041B-0000-0000000FF1CE}_ENTERPRISE_{F69A7281-8297-47E2-B583-36EAA37C89EE}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0018-041B-0000-0000000FF1CE}_ENTERPRISE_{F69A7281-8297-47E2-B583-36EAA37C89EE}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0019-041B-0000-0000000FF1CE}_ENTERPRISE_{F69A7281-8297-47E2-B583-36EAA37C89EE}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001A-041B-0000-0000000FF1CE}_ENTERPRISE_{F69A7281-8297-47E2-B583-36EAA37C89EE}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001B-041B-0000-0000000FF1CE}_ENTERPRISE_{F69A7281-8297-47E2-B583-36EAA37C89EE}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-040E-0000-0000000FF1CE}_ENTERPRISE_{573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0044-041B-0000-0000000FF1CE}_ENTERPRISE_{F69A7281-8297-47E2-B583-36EAA37C89EE}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-006E-041B-0000-0000000FF1CE}_ENTERPRISE_{8AF3A9EB-FBB9-449F-AC11-94CE39930037}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-00A1-041B-0000-0000000FF1CE}_ENTERPRISE_{F69A7281-8297-47E2-B583-36EAA37C89EE}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-00BA-041B-0000-0000000FF1CE}_ENTERPRISE_{F69A7281-8297-47E2-B583-36EAA37C89EE}) (Version: - Microsoft) Hidden
32 Bit HP CIO Components Installer (HKLM\...\{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}) (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Slovak (HKLM\...\{AC76BA86-7AD7-1051-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
AIO_CDB_Software (HKLM\...\{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Aktualizácie NVIDIA 28.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 28.0.0.0 - NVIDIA Corporation) Hidden
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.69 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5 (HKLM\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.5.24 - Autodesk, Inc.)
BitLord 2.5 (HKLM\...\BitLord) (Version: 2.4.5-316 - House of Life)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Caesar IV (HKLM\...\{B7666229-351B-47D9-AA6F-DF777CF04BBF}) (Version: 1.1 - Tilted Mill Entertainment)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Cities XL 2012 (HKLM\...\Cities XL 2012) (Version: 1.0.0 - Focus Home Interactive)
CloneCD (HKLM\...\CloneCD) (Version: - SlySoft)
Copy (HKLM\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Český dabing do hry Dear Esther (HKLM\...\Český dabing do hry Dear Esther) (Version: - )
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dear Esther (HKLM\...\Dear Esther_is1) (Version: - )
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DiRT 3 (HKLM\...\{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters) Hidden
DiRT 3 (HKLM\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DocProc (HKLM\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.95 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.95 - Etron Technology)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
F1 2014 (HKLM\...\RjEyMDE0_is1) (Version: 1 - )
Fax (HKLM\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Firestorm-Release (HKLM\...\Firestorm-Release) (Version: 5.1.7.55786 - The Phoenix Firestorm Project, Inc.)
Free AVI Video Converter version 5.0.16.821 (HKLM\...\Free AVI Video Converter_is1) (Version: 5.0.16.821 - DVDVideoSoft Ltd.)
GameRanger (HKU\S-1-5-21-3048799603-1129691480-120217510-1000\...\GameRanger) (Version: - GameRanger Technologies)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 72.0.3626.121 - Spoločnosť Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grand Theft Auto IV (HKLM\...\{5454083B-1308-4485-BF17-1110000D8301}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (HKLM\...\{5454083B-1308-4485-BF17-1110000D8302}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
HiPatch (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.6.3 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (HKLM\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IGdm 2.6.1 (HKU\S-1-5-21-3048799603-1129691480-120217510-1000\...\1ead4f81-c61a-5fa6-9e81-7a8c0c868952) (Version: 2.6.1 - ifedapo olarewaju)
Image Grabber II (HKLM\...\Image Grabber II) (Version: - )
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Life Is Strange Episode 5 (HKLM\...\Life Is Strange Episode 5_is1) (Version: - )
Mafia II DLC Jimmy's Vendetta (HKLM\...\Mafia II DLC Jimmy's Vendetta_is1) (Version: - )
Mafia II DLC Joe's Adventures (HKLM\...\Mafia II_is1) (Version: - )
MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 65.0 (x86 sk) (HKLM\...\Mozilla Firefox 65.0 (x86 sk)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.0.6963 - Mozilla)
My.com Game Center (HKU\S-1-5-21-3048799603-1129691480-120217510-1000\...\MyComGames) (Version: 3.215 - My.com B.V.)
Nero 7 Ultra Edition (HKLM\...\{91C0B95B-B83A-4828-A775-BBE2DD421051}) (Version: 7.02.9752 - Nero AG)
Network (HKLM\...\{75247E38-5C9B-45D6-ADF8-E11CB56B4990}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NHL 2004 (HKLM\...\{4816702A-0879-4499-0085-ACFC0F65E811}) (Version: - )
NVIDIA 3D Vision radič ovládača 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Grafický ovládač 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.69 - NVIDIA Corporation)
NVIDIA Ovládač 3D Vision 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.69 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
ON_OFF Charge B11.0110.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM\...\OpenAL) (Version: - )
Opera 11.64 (HKLM\...\Opera 11.64.1403) (Version: 11.64.1403 - Opera Software ASA)
Opera Stable 31.0.1889.174 (HKLM\...\Opera 31.0.1889.174) (Version: 31.0.1889.174 - Opera Software)
Origin (HKLM\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 385.69 (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 385.69 - NVIDIA Corporation) Hidden
oZone3D.Net FurMark v1.7.0 (HKLM\...\oZone3D.Net FurMark_is1) (Version: - oZone3D.Net)
Paint.NET v3.5.8 (HKLM\...\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}) (Version: 3.58.0 - dotPDN LLC)
Podpora Apple aplikácií (32-bit) (HKLM\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.36.1224.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Remember Me (HKLM\...\Remember Me_is1) (Version: 1.0.1 - Capcom)
Ruinsta version 0.0.2 (HKLM\...\{0BAB939C-6C75-43BF-A696-722A064DF567}_is1) (Version: 0.0.2 - Sapeks)
Scan (HKLM\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SecondLifeViewer (HKLM\...\SecondLifeViewer) (Version: 6.0.1.522263 - Linden Research, Inc.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SHOUTcast DSP Plug-in v2 (HKLM\...\SHOUTcast) (Version: - )
SmartWebPrinting (HKLM\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spyware Terminator 2012 (HKLM\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler, LLC)
Status (HKLM\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.18.2 (HKLM\...\Stellarium_is1) (Version: 0.18.2 - Stellarium team)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.0 - TeamSpeak Systems GmbH)
The Sims 4: City Living (HKLM\...\dGhlc2ltczRjaXR5bGl2aW5n_is1) (Version: 1 - )
The Sims™ 4 (HKLM\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.29.69.1020 - Electronic Arts Inc.)
This War of Mine (HKLM\...\{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1) (Version: 1 - 11 bit studios)
Time Adjuster STANDARD 3.1 (HKU\S-1-5-21-3048799603-1129691480-120217510-1000\...\TimeAdjuster) (Version: - IrekSoftware.com)
Toolbox (HKLM\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
TruckersMP 0.2.1.0.1 Alpha (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.1.0.1 Alpha - ETS2MP Team)
Tunngle beta (HKLM\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
vs2015_redist x86 (HKLM\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.1.632 (HKLM\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Warface My.Com (HKU\S-1-5-21-3048799603-1129691480-120217510-1000\...\Warface My.Com) (Version: 1.48 - My.com B.V.)
WebReg (HKLM\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3048799603-1129691480-120217510-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WRC 4 FIA World Rally Championship (HKLM\...\V1JDNEZJQVdvcmxkUmFsbHlDaGFtcGlvbnNoaXA=_is1) (Version: 1 - )
Youtube Downloader 4.65 (HKLM\...\Youtube Downloader_is1) (Version: - Youtube Downloader)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-3048799603-1129691480-120217510-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed]
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2217848 2009-02-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG -> Nero AG)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2010-11-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => C:\Program Files\Spyware Terminator\STShell.dll [2015-07-01] (Crawler Group, LLC -> Crawler Group)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] () [File not signed]
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2010-11-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => C:\Program Files\Spyware Terminator\STShell.dll [2015-07-01] (Crawler Group, LLC -> Crawler Group)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2010-11-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] () [File not signed]
ContextMenuHandlers5: [DreamScene] -> {BE800AEB-A440-4B63-94CD-AA6B43647DF9} => C:\Windows\System32\DreamScene.dll [2011-08-15] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-09-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => C:\Program Files\Spyware Terminator\STShell.dll [2015-07-01] (Crawler Group, LLC -> Crawler Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] () [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A4275A4-4294-462C-B505-C555763A24A7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {0FACD090-913A-4185-B560-0770EE5DE748} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {103343D9-FEF0-43CD-80FA-EF04A410C6DD} - \User_Feed_Synchronization-{CD0398FE-AEA4-4CFC-A197-0C5EF333F009} -> No File <==== ATTENTION
Task: {2D99493E-363F-4FED-A25B-FEC08D6ECC9E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {422CFB8F-454C-48B5-860C-422781D699AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {4BDB9F54-1BBC-4F20-BEED-65F1DAF89ACF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3048799603-1129691480-120217510-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {4C5437E4-12FC-4FE0-8FD7-12832C2C50FB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater32.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4C5DEAA4-F6E4-4CA3-AE71-C3F85128DAD0} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4EC41663-F1FB-4787-B3EC-7ED1ACC19C3B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {528B6BB1-BD4A-41AF-B996-4A7262DDF055} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {6DBB2503-3E10-483E-8424-6D58CE058FB5} - System32\Tasks\RealCreateProcessScheduledTask460265S-1-5-21-3048799603-1129691480-120217510-1000 => C:\Program Files\Real\RealPlayer\realplay.exe
Task: {733D9ED4-1C26-4715-9C59-86EF6BD0BD30} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {756098D4-AEEE-4523-9EA1-51538DB33228} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {766F0945-3802-49F5-8CD1-65CB3573657F} - System32\Tasks\RealDownloader Update Check => C:\Program Files\Real\RealDownloader\downloader2.exe
Task: {7C1C2F7C-57E8-4928-B182-EFE30F2806A4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater32.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7FF6485C-E6FE-4CD0-ACC4-9C4FC7B7729F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {80244EAC-6472-480E-BD77-E9A9291A6510} - System32\Tasks\Opera scheduled Autoupdate 1421436046 => C:\Program Files\Opera\launcher.exe (Opera Software ASA -> Opera Software)
Task: {85697CE1-DFBF-423E-9ED8-A837A872AFF2} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8B7B2A25-915F-4A5B-B8AF-B97426C12ED5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {90BDDF88-53AB-4112-9452-F411575AE711} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3048799603-1129691480-120217510-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {A3620513-1B71-4260-80CE-A6645D417CFF} - System32\Tasks\{98F14612-B728-4CBD-B96C-9A1E3CC7DB18} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\6C82D11B00011508005484B8F875EF7E\6C82D11B00011508005484B8F875EF7E.exe -c -u
Task: {B30043D5-E7D3-49E5-AF02-8781D31F17AF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B5EA97E7-5CF4-4307-9191-9FF33569330C} - \{C22AB329-14C4-4333-B1E2-BE265F93BFC6} -> No File <==== ATTENTION
Task: {F8FA2264-E6AD-42A0-AD67-B2EFFE286910} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\ToM\Downloads\adwcleaner_7.2.7.0.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-07-30 07:19 - 2014-07-30 07:19 - 000097280 _____ () C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
2011-08-15 14:16 - 2011-08-15 14:28 - 000233888 _____ () C:\Windows\System32\DreamScene.dll
2003-02-21 14:42 - 2003-02-21 14:42 - 000348160 _____ () C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll
2003-03-18 20:12 - 2003-03-18 20:12 - 001047552 _____ () C:\Program Files\Common Files\Ahead\Lib\MFC71U.DLL
2003-03-19 06:14 - 2003-03-19 06:14 - 000499712 _____ () C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll
2011-06-16 15:32 - 2011-05-28 21:04 - 000140288 _____ () C:\Program Files\WinRAR\rarext.dll
2010-11-18 17:08 - 2010-11-18 17:08 - 000055808 _____ () C:\Program Files\7-Zip\7-zip.dll
2003-03-19 06:20 - 2003-03-19 06:20 - 001060864 _____ () C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MFC71.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ToM:Heroes & Generals [38]
AlternateDataStreams: C:\Users\ToM\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b [79]
AlternateDataStreams: C:\Users\ToM\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2017-04-26 06:03 - 000000098 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Windows Live\Shared;C:\Program Files\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3048799603-1129691480-120217510-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{6F2D6CBC-E2B2-4D95-8407-C5FE4534B354}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{F1B900FA-0DCE-4EB0-8813-C3CC6BEBB5A3}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{B15341F6-6D7A-41F3-A2DE-EDF67863E230}] => (Allow) C:\Program Files\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{4F9D03BD-DA67-4190-9644-C611F3AFB958}] => (Allow) C:\Program Files\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [TCP Query User{507DB47D-A83A-49E6-A860-0CD345EE66FB}C:\program files\spyware terminator\spywareterminatorupdate.exe] => (Block) C:\program files\spyware terminator\spywareterminatorupdate.exe (Crawler Group, LLC -> Crawler Group, LLC)
FirewallRules: [UDP Query User{45C1FB8A-A8EC-4F37-BBD3-E74495150ACD}C:\program files\spyware terminator\spywareterminatorupdate.exe] => (Block) C:\program files\spyware terminator\spywareterminatorupdate.exe (Crawler Group, LLC -> Crawler Group, LLC)
FirewallRules: [TCP Query User{75F99C3C-6E5A-487A-98B8-4E82D162A7B9}C:\users\tom\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\tom\appdata\roaming\gameranger\gameranger\gameranger.exe (GameRanger Technologies -> GameRanger Technologies)
FirewallRules: [UDP Query User{9FCD013A-D085-4C5F-A247-17F4A644EEC3}C:\users\tom\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\tom\appdata\roaming\gameranger\gameranger\gameranger.exe (GameRanger Technologies -> GameRanger Technologies)
FirewallRules: [{B4E030E9-5AAD-4B81-8A37-1134A8F88893}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9869A078-CBB8-4E6D-9B4D-CF9BEC949929}] => (Allow) LPort=2869
FirewallRules: [{6A9F1F4A-9914-437C-9DD1-8AE9B63B9746}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{C56D7F01-9B78-4303-8E09-039FC8790820}C:\users\tom\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Block) C:\users\tom\appdata\roaming\gameranger\gameranger\gameranger.exe (GameRanger Technologies -> GameRanger Technologies)
FirewallRules: [UDP Query User{2E18E527-6CA4-4261-A5BF-222AFDA998FA}C:\users\tom\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Block) C:\users\tom\appdata\roaming\gameranger\gameranger\gameranger.exe (GameRanger Technologies -> GameRanger Technologies)
FirewallRules: [TCP Query User{DDDD245F-BBD2-44B9-B94A-D51140BD674E}C:\program files\secondlifeviewer\slvoice.exe] => (Block) C:\program files\secondlifeviewer\slvoice.exe (Mercer Road Corp -> )
FirewallRules: [UDP Query User{C1CED88C-3E51-44D1-B5A8-393345FDDF74}C:\program files\secondlifeviewer\slvoice.exe] => (Block) C:\program files\secondlifeviewer\slvoice.exe (Mercer Road Corp -> )
FirewallRules: [{66F00F61-C056-46B3-94D8-71D2C4203CCD}] => (Allow) C:\Program Files\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{49557E18-0451-4D93-8AEA-6C07E5B21305}] => (Allow) C:\Program Files\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{79EA7CE6-42E6-459D-B928-9DF201DA98B8}] => (Allow) C:\Windows\System32\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B76AA6BF-285C-4E27-A9DF-C204E31CB0F6}] => (Allow) C:\Windows\System32\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{EC018DA3-D591-4A2E-A489-424519F361DC}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe (Mercer Road Corp -> )
FirewallRules: [UDP Query User{E1A58AFE-04FC-4E4A-B7DE-285744E13963}C:\program files\secondlifeviewer\slvoice.exe] => (Allow) C:\program files\secondlifeviewer\slvoice.exe (Mercer Road Corp -> )
FirewallRules: [{883D59A2-C821-44BB-8DAA-286EEF26643E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EBC606AB-9C1C-46F1-816C-885D06A4DA13}] => (Allow) C:\Program Files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A20F5611-6D3E-4AC9-B165-4751CEBB2BD2}] => (Allow) C:\Program Files\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{7EFAC3E0-E6C7-414D-97AC-F67A1F06339E}C:\program files\electronic arts\fifa 14\fifa 14\game\fifa14.exe] => (Allow) C:\program files\electronic arts\fifa 14\fifa 14\game\fifa14.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [UDP Query User{AD3B03F6-F76A-4949-8F88-C051BEA9EEE1}C:\program files\electronic arts\fifa 14\fifa 14\game\fifa14.exe] => (Allow) C:\program files\electronic arts\fifa 14\fifa 14\game\fifa14.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{8626DF69-E6A9-4637-B9BA-972C5F4CEE2F}] => (Allow) C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{5F2CBE24-B7E9-41A2-825B-3CCCD0B82901}] => (Allow) C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{95204C3C-72AA-4898-B03F-849F86C709BD}] => (Allow) C:\Program Files\Tunngle\Tunngle.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{57577925-D16E-4E2A-B4F9-F814DD43CAEF}] => (Allow) C:\Program Files\Tunngle\Tunngle.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [TCP Query User{806E18D6-6A42-42A2-9674-5E34C4288AD3}C:\program files\wrc 4 fia world rally championship\wrc4.exe] => (Allow) C:\program files\wrc 4 fia world rally championship\wrc4.exe (Milestone S.r.l.) [File not signed]
FirewallRules: [UDP Query User{AF704634-0298-4A80-8894-4561540508BF}C:\program files\wrc 4 fia world rally championship\wrc4.exe] => (Allow) C:\program files\wrc 4 fia world rally championship\wrc4.exe (Milestone S.r.l.) [File not signed]
FirewallRules: [{D3B4E932-5737-4C1F-889A-1CA5CE0DCB0B}] => (Allow) C:\Program Files\Spyware Terminator\SpywareTerminator.exe (Crawler Group, LLC -> Crawler Group, LLC)
FirewallRules: [{0C0DD6F8-DEA2-49DD-A15B-860941B07BC0}] => (Allow) C:\Program Files\Spyware Terminator\SpywareTerminator.exe (Crawler Group, LLC -> Crawler Group, LLC)
FirewallRules: [{5B7418D1-F8D1-408F-A60D-961A9535E7D6}] => (Allow) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler Group, LLC -> Crawler Group, LLC)
FirewallRules: [{45991CDC-1D31-418C-905B-CF7CC9B1FB80}] => (Allow) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler Group, LLC -> Crawler Group, LLC)
FirewallRules: [{C9DE8A5E-10C2-4FB3-A32F-1E15E9711D9C}] => (Allow) C:\Program Files\ES Skyrim\The Elder Scrolls V Skyrim\SkyrimLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{803536E0-1E54-491D-9A2B-8E323BF4725B}] => (Allow) C:\Program Files\ES Skyrim\The Elder Scrolls V Skyrim\SkyrimLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{1075DCDD-B998-4F12-A67C-9005583D4C62}] => (Allow) C:\Program Files\ES Skyrim\The Elder Scrolls V Skyrim\SkyrimLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{B736441C-9689-4402-9CA2-74EF7A9F5C13}] => (Allow) C:\Program Files\ES Skyrim\The Elder Scrolls V Skyrim\SkyrimLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{6FED29B2-475B-4CF7-9B8E-9994316178BC}] => (Allow) C:\WarThunder\launcher.exe (Gaijin Entertainment LLP -> Gaijin Entertainment)
FirewallRules: [{33A969BF-A44C-4612-A0A9-9A0053807C84}] => (Allow) C:\WarThunder\launcher.exe (Gaijin Entertainment LLP -> Gaijin Entertainment)
FirewallRules: [{3977C93C-794D-4616-A878-64207233DCD1}] => (Allow) C:\WarThunder\bpreport.exe (Gaijin Entertainment LLP -> )
FirewallRules: [{883788B9-982C-4355-B6FF-642ABFEBDB86}] => (Allow) C:\WarThunder\bpreport.exe (Gaijin Entertainment LLP -> )
FirewallRules: [{679AE1D0-0A6B-41A7-B8EC-E65DAE08021D}] => (Allow) LPort=80
FirewallRules: [{8AA8CF3D-18D3-4483-A2D3-2A3E62656C35}] => (Allow) LPort=443
FirewallRules: [{4AFBF20D-E830-4B5C-8C69-59838775A82A}] => (Allow) LPort=20010
FirewallRules: [{676AEBAF-707F-4678-BFC2-F17E0AAF65E5}] => (Allow) LPort=3478
FirewallRules: [{A9AC34F3-1ECA-4DBF-98B0-1D969F94102C}] => (Allow) LPort=7850
FirewallRules: [{34001EB2-5D13-4289-9841-522D9EB2112E}] => (Allow) LPort=7852
FirewallRules: [{F1A4D191-115F-45CF-AD75-D9D7DB03DFE8}] => (Allow) LPort=7853
FirewallRules: [{6B7D9804-FA54-46C0-97AC-4E1353A95CAB}] => (Allow) LPort=27022
FirewallRules: [{3CD9C702-8414-499B-B3D1-7FE56AEE4C33}] => (Allow) LPort=6881
FirewallRules: [{058C32E2-8511-45D0-976B-EF9B0704E0CB}] => (Allow) LPort=33333
FirewallRules: [{FA4FCFD1-1510-43A4-BE8D-C331D941F1A7}] => (Allow) LPort=20443
FirewallRules: [{B601C3A2-A5B5-4D95-B9D5-E2A86F98724C}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{9243825C-BBE6-46FC-9924-82EF435DC028}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe (Gaijin Entertainment LLP -> )
FirewallRules: [UDP Query User{AF5E3E9E-46C5-4C94-8BC4-9B99D9AF29DD}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe (Gaijin Entertainment LLP -> )
FirewallRules: [{AC45F782-2AC4-4BEA-81AE-A9821AC8B741}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{6F6DA286-075F-48FF-A138-88B125C4A404}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{34FC5915-4954-49DF-904C-32FE04AABE5D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{376627E2-AC08-47D3-8B7C-943FEDB8DC3A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{01472A51-B028-41BC-91E6-6BA4DE2EEE2D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{95067902-C188-47B9-B56C-EECD8F5F7C88}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{C9732E65-3086-435B-966E-16069B783163}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{436729B6-988E-41EC-82FC-E1640584E10C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe () [File not signed]
FirewallRules: [{05E9A660-401E-4208-8FC9-D93952067A38}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{8B6E99A8-4423-49A8-9723-DB2598FDD99D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{AFC0805D-D548-4CB9-A3EF-F684002737DA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{BDCE847E-B238-4A76-AF4D-78D69E75486D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{4B37EE40-B1A4-40F6-8CB9-E69F0358F63E}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{76AD622C-19E8-42B5-8FDA-1E74E45536CF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{4F3EDF6E-0CF1-4C3D-BD80-7C6DB8B9656F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{022EF8CE-1289-4278-B840-25E4E3759931}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{7B6FB689-BD70-410D-921A-3FEABA3EF06E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{DC26FAEC-2354-4982-B23E-0521ECEB9B91}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe (Hewlett Packard -> Hewlett-Packard Development Co. L.P.)
FirewallRules: [{853F0593-C152-4000-BE6E-04CA9730DF58}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{B90258CD-AE97-4F66-B375-DB2262422D3C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{5A623719-86A4-4574-B92E-AA28B4BD27BF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{095BD61B-017E-4C97-BE18-6CF84E8D1F35}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{DE6833C7-D2BA-4AB9-A279-F1573B0D63F5}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{CFC01BC9-9A60-42A1-A1A7-1089CA6D40BB}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{BCB34251-C027-472C-9554-2EB5F3BD2792}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A8AC557D-F8F0-441A-A652-4FB31DAE94BC}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{CF6B895A-8067-4F0D-90CC-5A6552E2852F}] => (Allow) C:\Program Files\Steam\SteamApps\common\Warface\live\gflauncher.exe () [File not signed]
FirewallRules: [{F0407A0A-C85F-4AC3-B994-EB045EEC841E}] => (Allow) C:\Program Files\Steam\SteamApps\common\Warface\live\gflauncher.exe () [File not signed]
FirewallRules: [TCP Query User{B2E4A655-9569-4F0B-9565-F6D5B3DAF4BC}C:\users\tom\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\tom\appdata\local\mycomgames\mycomgames.exe (my.com .BV -> MY.COM B.V.)
FirewallRules: [UDP Query User{3A463FEF-CA91-465E-8427-97AB9828112F}C:\users\tom\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\tom\appdata\local\mycomgames\mycomgames.exe (my.com .BV -> MY.COM B.V.)
FirewallRules: [{B573BDAF-0677-4176-9A40-8EAF4CD53276}] => (Allow) C:\Users\ToM\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{FBB3A211-B193-4559-ACB6-70B02D97C9BF}] => (Allow) C:\Users\ToM\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B51174E0-B77A-42BC-9CFD-E9D6D4ED233B}] => (Allow) C:\Users\ToM\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{642D4F2D-51A2-4436-BDAB-ECF9FCA4A567}] => (Allow) C:\Users\ToM\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6F1A8F5C-9E4D-435B-914F-5F3BD7797380}] => (Allow) C:\Users\ToM\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A38A97F9-9252-4920-91D4-72D6D07E9C2A}] => (Allow) C:\Users\ToM\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BE43BC83-FE7E-47FD-B55D-CEE19033CF01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7DD79FC6-99CD-456A-A2C9-3E7ABAA5F40A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{95AB61B2-D0A4-4581-9E50-79C4D3A9FCF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C42CB0E2-5447-45C9-9DEA-6FAF5D5E6C28}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{8578DDFF-E442-46B9-B80A-924C8F07AF99}C:\program files\thechineseroom\dear esther\dearesther.exe] => (Allow) C:\program files\thechineseroom\dear esther\dearesther.exe () [File not signed]
FirewallRules: [UDP Query User{46A7EE88-6880-4BED-8738-868814854651}C:\program files\thechineseroom\dear esther\dearesther.exe] => (Allow) C:\program files\thechineseroom\dear esther\dearesther.exe () [File not signed]
FirewallRules: [{0EF54365-89E5-4F14-AAB0-1164B73C2451}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8E56295C-D0D8-49C4-BF41-3E0B8F590C18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E42F474C-41AE-413A-B31F-19216E3F7FFA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{245911D7-45E8-465F-8480-0810B65B1864}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{287A8B9B-32C0-4AE0-B374-6FF7F31BD7C0}] => (Allow) C:\Program Files\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe (Microsoft) [File not signed]
FirewallRules: [{CCC8FEFB-3B48-49EF-9F61-C0B88226698E}] => (Allow) C:\Program Files\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe (Microsoft) [File not signed]
FirewallRules: [TCP Query User{52174A90-C5ED-419F-9AD5-81888E7D919C}C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [UDP Query User{AD027BAA-3EA8-449E-B643-BAF00FA36B19}C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.)
FirewallRules: [{D64A2D5C-8D7A-4FC1-93AF-4FBDBE6FC4DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{07337324-7413-4E15-B5A5-72D99D510B95}] => (Allow) C:\Program Files\Steam\SteamApps\common\Warface\WarfaceMycomSteamLoader.exe (my.com .BV -> MY.COM B.V.)
FirewallRules: [{BC2952AD-310E-4D1D-A7DF-73C18DD50506}] => (Allow) C:\Program Files\Steam\SteamApps\common\Warface\WarfaceMycomSteamLoader.exe (my.com .BV -> MY.COM B.V.)
FirewallRules: [TCP Query User{EE4A9E06-B2D2-42B3-BDE4-B29965426B00}C:\program files\steam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) C:\program files\steam\steamapps\common\warface\mycomgames\mycomgames.exe (Mail.Ru, LLC -> )
FirewallRules: [UDP Query User{B000B7B8-95FB-48AD-A41C-ECCE64240DF8}C:\program files\steam\steamapps\common\warface\mycomgames\mycomgames.exe] => (Allow) C:\program files\steam\steamapps\common\warface\mycomgames\mycomgames.exe (Mail.Ru, LLC -> )
FirewallRules: [{1E369444-4627-4D06-8581-A3C9668CB437}] => (Allow) C:\Program Files\The Sims 4 City Living\Game\Bin\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{C932D4BA-0A12-406C-8EA0-82F5709CF965}] => (Allow) C:\Program Files\The Sims 4 City Living\Game\Bin\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{610E3A52-CB6D-46C2-8150-0D8FE2B59619}] => (Allow) C:\Program Files\The Sims 4 City Living\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{989C580A-26C8-4141-85CA-25884390B9DC}] => (Allow) C:\Program Files\The Sims 4 City Living\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{E900A9F6-39BD-4030-B60E-38F3854625A3}C:\program files\steam\steamapps\common\warface\mycomgames\gamecenter.exe] => (Allow) C:\program files\steam\steamapps\common\warface\mycomgames\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [UDP Query User{829FB6BE-0D90-47AE-95E7-89F635DB6560}C:\program files\steam\steamapps\common\warface\mycomgames\gamecenter.exe] => (Allow) C:\program files\steam\steamapps\common\warface\mycomgames\gamecenter.exe (Mail.Ru, LLC -> )
FirewallRules: [{663205EB-DCCE-4F07-860B-F4530F3563E4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{36525F75-846D-4C73-B219-7B757F951308}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B688A52B-F067-4425-B65F-2921C58C1622}C:\program files\steam\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) C:\program files\steam\steamapps\common\warface\warface\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
FirewallRules: [UDP Query User{603A40E5-72E9-4453-A275-4A42DCA7FDA0}C:\program files\steam\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) C:\program files\steam\steamapps\common\warface\warface\bin32release\game.exe (Mail.Ru, LLC -> Crytek GmbH)
FirewallRules: [{5F397AF3-4C12-4381-8DDD-653AE14AAEDF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C815FFA1-241A-4F4B-940E-AF333443E3D2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{4011E251-975D-4800-8CF3-45E23099BC8B}] => (Allow) C:\Users\ToM\AppData\Local\Temp\andy-x86\Setup.exe No File
FirewallRules: [{58ED2600-0ECE-4D69-80BB-C4114B081B2E}] => (Allow) C:\Users\ToM\AppData\Local\Temp\andy-x86\Setup.exe No File
FirewallRules: [{6BD78BD3-6F85-4A31-A120-D31DF7AD7963}] => (Allow) C:\Program Files\Andy\andy.exe No File
FirewallRules: [{8C7A07D6-1723-4766-BC27-9DEDBC0B0588}] => (Allow) C:\Program Files\Andy\andy.exe No File
FirewallRules: [{AEC8DA58-5FFA-4AA1-A7DE-CAABA908D139}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File
FirewallRules: [{10BA54EC-945C-4598-8581-264341A11150}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File
FirewallRules: [{B9031BB5-5C90-41DE-9F46-31C841C283CF}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File
FirewallRules: [{A56E7A55-310A-4386-B33C-C146620361E0}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File
FirewallRules: [{74E046FA-C952-4B07-A900-D988B1DA386F}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{20A0AA61-D70E-4C45-A3A4-0300BFD21925}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{B78664EC-0622-4DF3-903B-B94248002AC0}] => (Allow) C:\Users\ToM\AppData\Local\Temp\RemoveTemp.exe No File
FirewallRules: [{A4E7A950-F765-49EE-B648-442D86CAA8B5}] => (Allow) C:\Users\ToM\AppData\Local\Temp\RemoveTemp.exe No File
FirewallRules: [{FE9DF759-025A-48F1-AC6C-39E497AD674C}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe No File
FirewallRules: [{5E6E8E72-B2A5-42BF-B414-E6D113D3C322}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe No File
FirewallRules: [{CF9A111D-E6B5-4CE5-95E9-EDB230F4E6E4}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe No File
FirewallRules: [{819CC5A6-B8B2-4661-98AA-4178438B3DFE}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe No File
FirewallRules: [TCP Query User{E9ACD4E8-A506-45AE-8C5F-72899B64F9DC}C:\program files\firestorm-release\slvoice.exe] => (Allow) C:\program files\firestorm-release\slvoice.exe () [File not signed]
FirewallRules: [UDP Query User{F6EDE089-ED25-4E4C-8604-5A5E5E44529F}C:\program files\firestorm-release\slvoice.exe] => (Allow) C:\program files\firestorm-release\slvoice.exe () [File not signed]
FirewallRules: [{D2E882AF-4089-42DD-8CBC-E923DCDD4331}] => (Allow) C:\Program Files\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{5B5B89A9-27F5-469F-840E-514998AE6293}] => (Allow) C:\Program Files\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{632A81CC-A55F-41C3-9309-49708A5811B6}] => (Allow) C:\Program Files\Steam\SteamApps\common\Paladins\Binaries\Win32\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{7B62ACEB-7A92-4785-AD65-ACF9453A7E27}] => (Allow) C:\Program Files\Steam\SteamApps\common\Paladins\Binaries\Win32\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{DB7386EF-8050-4381-8AEE-63991AF8C4FD}] => (Allow) C:\Program Files\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{3C3F973F-8B1D-42EF-946B-FD682D491FE1}] => (Allow) C:\Program Files\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{C0780B97-3845-47B2-905D-E3D395F121DD}] => (Allow) C:\Program Files\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{4D83CD6D-AB30-4E5E-BEF8-2DB9AC3B40EE}] => (Allow) C:\Program Files\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{E5E576E2-267C-4B8D-9EDE-FB06BD68CEC7}] => (Allow) C:\Program Files\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{89999BDF-3079-4E86-80AC-701E1697073B}] => (Allow) C:\Program Files\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{FF31E617-442D-45AE-BE78-BFE0C81F1CCA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

07-03-2019 20:22:11 Windows Update
11-03-2019 08:02:35 Windows Update
15-03-2019 16:03:40 Windows Update
19-03-2019 07:27:17 Windows Update
19-03-2019 08:00:50 Removed Google Earth Pro
19-03-2019 08:01:57 Removed Google Earth Plug-in.

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2019 11:29:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: MsMpEng.exe, verzia: 3.0.8107.0, časová značka: 0x4cdc50ab
Názov chybového modulu: mpengine.dll, verzia: 1.1.15700.9, časová značka: 0x5c6dcbdf
Kód výnimky: 0xc0000005
Odstup chyby: 0x00585136
Identifikácia chybného procesu: 0x3b4
Čas spustenia chybnej aplikácie: 0x01d4df0720d14f12
Cesta chybnej aplikácie: c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
Cesta chybného modulu: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{90910165-A896-4B79-B578-7D54B5651615}\mpengine.dll
Identifikácia hlásenia: 19581488-4afb-11e9-8a88-1c6f65d90db5

Error: (03/19/2019 08:32:18 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: Vybratý bod obnovenia bol poškodený alebo odstránený počas obnovovania (Windows Update).

Error: (03/19/2019 08:26:58 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: Vybratý bod obnovenia bol poškodený alebo odstránený počas obnovovania (Windows Update).

Error: (03/19/2019 07:59:39 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: Vybratý bod obnovenia bol poškodený alebo odstránený počas obnovovania (Windows Update).

Error: (03/19/2019 07:46:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: MsMpEng.exe, verzia: 3.0.8107.0, časová značka: 0x4cdc50ab
Názov chybového modulu: mpengine.dll, verzia: 1.1.15700.9, časová značka: 0x5c6dcbdf
Kód výnimky: 0xc0000005
Odstup chyby: 0x00585136
Identifikácia chybného procesu: 0x3b0
Čas spustenia chybnej aplikácie: 0x01d4de1e74d993cb
Cesta chybnej aplikácie: c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
Cesta chybného modulu: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{90910165-A896-4B79-B578-7D54B5651615}\mpengine.dll
Identifikácia hlásenia: a933057d-4a12-11e9-b6bb-1c6f65d90db5

Error: (03/19/2019 07:37:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: MsMpEng.exe, verzia: 3.0.8107.0, časová značka: 0x4cdc50ab
Názov chybového modulu: mpengine.dll, verzia: 1.1.15700.9, časová značka: 0x5c6dcbdf
Kód výnimky: 0xc0000005
Odstup chyby: 0x00585136
Identifikácia chybného procesu: 0x3ac
Čas spustenia chybnej aplikácie: 0x01d4de1d728b0d7c
Cesta chybnej aplikácie: c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
Cesta chybného modulu: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{90910165-A896-4B79-B578-7D54B5651615}\mpengine.dll
Identifikácia hlásenia: 7c5b6428-4a11-11e9-8cc1-1c6f65d90db5

Error: (03/19/2019 07:30:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: MsMpEng.exe, verzia: 3.0.8107.0, časová značka: 0x4cdc50ab
Názov chybového modulu: mpengine.dll, verzia: 1.1.15700.9, časová značka: 0x5c6dcbdf
Kód výnimky: 0xc0000005
Odstup chyby: 0x00585136
Identifikácia chybného procesu: 0x3ac
Čas spustenia chybnej aplikácie: 0x01d4de1b406d127a
Cesta chybnej aplikácie: c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
Cesta chybného modulu: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{90910165-A896-4B79-B578-7D54B5651615}\mpengine.dll
Identifikácia hlásenia: 76acffe2-4a10-11e9-8623-1c6f65d90db5

Error: (03/18/2019 01:03:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\Steam\steamapps\common\Paladins\Binaries\Win64\ShippingPC-ChaosGame.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (03/21/2019 07:40:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
Závislú službu alebo skupinu sa nepodarilo spustiť.

Error: (03/21/2019 07:40:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
Závislú službu alebo skupinu sa nepodarilo spustiť.

Error: (03/21/2019 07:40:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
Závislú službu alebo skupinu sa nepodarilo spustiť.

Error: (03/21/2019 07:40:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
Závislú službu alebo skupinu sa nepodarilo spustiť.

Error: (03/21/2019 07:40:10 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Pri pokuse programu Microsoft Antimalware o aktualizáciu podpisov sa vyskytla chyba.

Nová verzia podpisu:

Predchádzajúca verzia podpisu: 1.289.1521.0

Zdroj aktualizácie: Server aktualizácií od spoločnosti Microsoft

Etapa aktualizácie: Hľadať

Zdrojová cesta: Default URL

Typ podpisu: AntiVirus

Typ aktualizácie: Úplná

Používateľ: NT AUTHORITY\SYSTEM

Aktuálna verzia nástroja:

Predchádzajúca verzia nástroja: 1.1.15700.9

Kód chyby: 0x8007043c

Popis chyby: Túto službu nie je možné spustiť v núdzovom režime.

Error: (03/21/2019 07:40:10 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (03/21/2019 07:36:42 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service NVDisplay.ContainerLocalSystem with arguments "" in order to run the server:
{DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (03/21/2019 07:28:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby Server, od ktorej závisí služba Computer Browser, zlyhalo kvôli nasledujúcej chybe:
Závislú službu alebo skupinu sa nepodarilo spustiť.


Windows Defender:
===================================
Date: 2013-03-30 13:07:00.243
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{F4915F11-78C4-4FB5-8F96-D71230331C2A}
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2013-03-30 12:53:55.499
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{14CE9ADA-87DB-4DBB-98E1-D187D1D93477}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2011-08-12 13:38:15.731
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... tid=159633
Name:Adware:Win32/OpenCandy
ID:159633
Severity:Low
Category:Adware
Path Found:containerfile:C:\Users\ToM\Downloads\VDownloaderSetup2.9.exe;file:C:\Users\ToM\Downloads\VDownloaderSetup2.9.exe->(inno#000028);process:pid:316;webfile:C:\Users\ToM\Downloads\VDownloaderSetup2.9.exe|http://ftp.stahuj.cz/dl/19ebe3af57e7090 ... tup2.9.exe
Detection Type:Concrete
Detection Source:Downloads and attachments
Status:Unknown
Process Name:C:\Program Files\Mozilla Firefox\firefox.exe

Date: 2011-08-12 13:37:51.697
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... tid=159633
Name:Adware:Win32/OpenCandy
ID:159633
Severity:Low
Category:Adware
Path Found:containerfile:C:\Users\ToM\Downloads\VDownloaderSetup2.9.exe;file:C:\Users\ToM\Downloads\VDownloaderSetup2.9.exe->(inno#000028);webfile:C:\Users\ToM\Downloads\VDownloaderSetup2.9.exe|http://ftp.stahuj.cz/dl/19ebe3af57e7090 ... tup2.9.exe
Detection Type:Concrete
Detection Source:Downloads and attachments
Status:Unknown
Process Name:C:\Program Files\Mozilla Firefox\firefox.exe

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 43%
Total physical RAM: 3575.24 MB
Available physical RAM: 2024.89 MB
Total Virtual: 7148.77 MB
Available Virtual: 5675.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:158.76 GB) NTFS

\\?\Volume{c2dced7b-9832-11e0-a90a-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 5B3A5B3A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[JaRon]

ahoj,
1. citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start
URLSearchHook: [S-1-5-21-3048799603-1129691480-120217510-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3048799603-1129691480-120217510-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.delta-homes.com/?type=sc&ts= ... 2438324383
S3 ALSysIO; \??\C:\Users\ToM\AppData\Local\Temp\ALSysIO.sys [X] <==== ATTENTION
U2 eamonm; no ImagePath
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S1 sp_rsdrv2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
AlternateDataStreams: C:\Users\ToM:Heroes & Generals [38]
AlternateDataStreams: C:\Users\ToM\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b [79]
AlternateDataStreams: C:\Users\ToM\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]



EmptyTemp:
Reboot:
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt


2. odinstaluj STerminator
3. nainstaluj MSIE11
4. vycisti registre CCleanerom
5. aka je velkost adresara plocha

[yriv]

Fix result of Farbar Recovery Scan Tool (x86) Version: 17-03-2019
Ran by ToM (21-03-2019 09:26:17) Run:1
Running from C:\Users\ToM\Desktop
Loaded Profiles: ToM (Available Profiles: ToM)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
Start
URLSearchHook: [S-1-5-21-3048799603-1129691480-120217510-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3048799603-1129691480-120217510-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.delta-homes.com/?type=sc&ts= ... 2438324383
S3 ALSysIO; \??\C:\Users\ToM\AppData\Local\Temp\ALSysIO.sys [X] <==== ATTENTION
U2 eamonm; no ImagePath
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S1 sp_rsdrv2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
AlternateDataStreams: C:\Users\ToM:Heroes & Generals [38]
AlternateDataStreams: C:\Users\ToM\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b [79]
AlternateDataStreams: C:\Users\ToM\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]



EmptyTemp:
Reboot:
End
*****************

Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-21-3048799603-1129691480-120217510-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => value restored successfully
HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully.
ALSysIO => service removed successfully.
HKLM\System\CurrentControlSet\Services\eamonm => removed successfully.
eamonm => service removed successfully.
HKLM\System\CurrentControlSet\Services\gdrv => removed successfully.
gdrv => service removed successfully.
HKLM\System\CurrentControlSet\Services\MSICDSetup => removed successfully.
MSICDSetup => service removed successfully.
HKLM\System\CurrentControlSet\Services\sp_rsdrv2 => removed successfully.
sp_rsdrv2 => service removed successfully.
HKLM\System\CurrentControlSet\Services\Synth3dVsc => removed successfully.
Synth3dVsc => service removed successfully.
HKLM\System\CurrentControlSet\Services\tsusbhub => removed successfully.
tsusbhub => service removed successfully.
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully.
VGPU => service removed successfully.
HKLM\System\CurrentControlSet\Services\vmci => removed successfully.
vmci => service removed successfully.
HKLM\System\CurrentControlSet\Services\VMnetAdapter => removed successfully.
VMnetAdapter => service removed successfully.
C:\Users\ToM => ":Heroes & Generals" ADS removed successfully.
C:\Users\ToM\Desktop\1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\ToM\Desktop\1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19998024 B
Java, Flash, Steam htmlcache => 150318098 B
Windows/system/drivers => 169997718 B
Edge => 0 B
Chrome => 279330 B
Firefox => 127284914 B
Opera => 427008 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 683024 B
LocalService => 0 B
NetworkService => 51660559 B
ToM => 4060992 B
UpdatusUser => 0 B
UpdatusUser => 0 B

RecycleBin => 1108512 B
EmptyTemp: => 501.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:26:47 ====

[yriv]

Hotovo. Problém vyriešený. Ešte mi vypínalo Security essentials pred chvíľou dokola ale už je to zdá sa ok. Prečo som musel odinštalovať Spyware terminator? Ten sa zíde či? Plocha má cez 20 GB musím to veru presunúť inam.

[JaRon]

STerminator je uz cca 10rokov len na ozdobu
plochu zredukuj pod 1GB - spomaluje to PC

[yriv]

A nejaká vhodná náhrada zaň? Vďaka za pomoc teda Ešte, aká môže byť príčina že zlyháva obnovenie systému? Nebolo to tak vždy.

[JaRon]

doporucujem obcasne prescanovanie s Adwcleanerom - to postaci
+
s príkazového riadku spust sfc/scannow to skontroluje subory systemu