Kontrola logu.

[ketez67]

Dobrý den mám Windows 7 profesional a používám jako ochranu Malware bytes placenou verzi.
Dnes jsem se nemohl přihlásit do PC , ale podařilo se mi dostat do nouzového režimu z kterého píšu.
Spustil jsem Malware pro kontrolu systému sken nedokončen restart a Malware bytes zmizel
Za kontrolu a případnou pomoc předem děkuji.


Logfile of random's system information tool 1.10 (written by random/random)
Run by Pater at 2019-09-05 17:01:13
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 130 GB (55%) free of 237 GB
Total RAM: 8053 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:01:19, on 5.9.2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Safe mode with network support

Running processes:
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.53\opera_crashreporter.exe
C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe
C:\Program Files\trend micro\Pater.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files (x86)\Offline Explorer\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files (x86)\Offline Explorer\Add_AllO.htm
O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\ASDownloadAll.htm
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes IService (MBAMIService) - Malwarebytes - C:\ProgramData\MB3Install\MBAMIService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6156 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
taskmgr.exe /2
ctfmon.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe" -noautoupdate --ran-launcher --flag-switches-begin --disable-features=SharedArrayBuffer --flag-switches-end --enable-quic --lowered-browser -- "D:\Prace\Programy\kontrola pc\Nastaveni.html"
"C:\Program Files (x86)\Opera\63.0.3368.53\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pater\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Pater\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=63.0.3368.53 --initial-client-data=0x17c,0x180,0x184,0x178,0x188,0x720de458,0x720de468,0x720de474
"C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe" --type=renderer --field-trial-handle=1264,633906729501440409,4793747107719490463,131072 --disable-features=SharedArrayBuffer --lang=cs --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8261462924380923172 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
"C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe" --type=renderer --field-trial-handle=1264,633906729501440409,4793747107719490463,131072 --disable-features=SharedArrayBuffer --lang=cs --extension-process --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4727962911989780047 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
"C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe" --type=renderer --field-trial-handle=1264,633906729501440409,4793747107719490463,131072 --disable-features=SharedArrayBuffer --lang=cs --extension-process --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7862531643374959314 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
"C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe" --type=renderer --field-trial-handle=1264,633906729501440409,4793747107719490463,131072 --disable-features=SharedArrayBuffer --lang=cs --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9335055828539800573 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
"C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe" --type=renderer --field-trial-handle=1264,633906729501440409,4793747107719490463,131072 --disable-features=SharedArrayBuffer --lang=cs --extension-process --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15302563848139784202 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
"C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe" --type=gpu-process --field-trial-handle=1264,633906729501440409,4793747107719490463,131072 --disable-features=SharedArrayBuffer --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --use-gl=swiftshader-webgl --service-request-channel-token=11519213668062991151 --mojo-platform-channel-handle=1536 --ignored=" --type=renderer " /prefetch:2
"C:\Windows\system32\NOTEPAD.EXE" D:\Prace\Návody a manuály\Nový objekt.zet
"C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe" --type=renderer --field-trial-handle=1264,633906729501440409,4793747107719490463,131072 --disable-features=SharedArrayBuffer --disable-gpu-compositing --lang=cs --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6142406460569335920 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
"C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe" --type=renderer --field-trial-handle=1264,633906729501440409,4793747107719490463,131072 --disable-features=SharedArrayBuffer --disable-gpu-compositing --lang=cs --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8589767592957129264 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
"C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe" --type=renderer --field-trial-handle=1264,633906729501440409,4793747107719490463,131072 --disable-features=SharedArrayBuffer --disable-gpu-compositing --lang=cs --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4081124456031987141 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
"D:\Download\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MFNetworkScanUtility"=C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [2012-09-27 486552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe /MONITOR []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe -update pepperplugin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFNetworkScanUtility]
C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [2012-09-27 486552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Pater\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Pater\AppData\Roaming\Spotify\SpotifyWebHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spy Protector]
C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [2015-01-20 143696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2016-09-20 2858272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04 597552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
C:\PROGRA~2\D-Link\DWA-171\WIRELE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pater^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skype.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pater^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~2\MICROS~1\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2010-11-20 115200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=1
"NoDrives"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"aux1"=wdmaud.drv
"aux2"=wdmaud.drv
"aux3"=wdmaud.drv
"aux4"=wdmaud.drv
"aux6"=wdmaud.drv
"aux5"=wdmaud.drv
"aux7"=wdmaud.drv
"aux8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - C:\PROGRA~2\PSPADE~1\PSPad.exe "%1"

======List of files/folders created in the last 1 month======

2019-09-05 16:48:24 ----D---- C:\rsit
2019-09-05 16:42:25 ----D---- C:\Users\Pater\AppData\Roaming\Malwarebytes
2019-09-05 16:42:20 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2019-09-05 16:42:19 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2019-09-05 16:42:19 ----A---- C:\Windows\system32\drivers\mbam.sys
2019-09-05 16:41:06 ----D---- C:\ProgramData\MB3Migration
2019-09-05 16:41:06 ----D---- C:\ProgramData\MB3CoreBackup
2019-09-05 15:51:29 ----D---- C:\ProgramData\Malwarebytes
2019-09-05 15:48:40 ----D---- C:\ProgramData\MB3Install
2019-09-05 07:36:46 ----D---- C:\Program Files\MAXON
2019-09-05 07:33:54 ----D---- C:\Users\Pater\AppData\Roaming\MAXON
2019-08-14 07:59:19 ----D---- C:\Users\Pater\AppData\Roaming\Room Arranger
2019-08-14 07:59:08 ----D---- C:\ProgramData\Room Arranger
2019-08-14 07:59:00 ----D---- C:\Program Files (x86)\Room Arranger

======List of files/folders modified in the last 1 month======

2019-09-05 17:01:13 ----D---- C:\Program Files\trend micro
2019-09-05 16:52:16 ----A---- C:\Windows\ntbtlog.txt
2019-09-05 16:51:28 ----D---- C:\Windows\system32\drivers
2019-09-05 16:42:20 ----D---- C:\Windows\SYSWOW64\drivers
2019-09-05 16:42:19 ----RD---- C:\Program Files (x86)
2019-09-05 16:41:09 ----D---- C:\Windows\temp
2019-09-05 16:41:06 ----D---- C:\ProgramData
2019-09-05 15:51:48 ----AD---- C:\Windows
2019-09-05 15:49:15 ----D---- C:\Windows\Prefetch
2019-09-05 10:13:34 ----SHD---- C:\System Volume Information
2019-09-05 10:07:28 ----D---- C:\Windows\system32\config
2019-09-05 08:56:49 ----SHD---- C:\Windows\Installer
2019-09-05 08:56:48 ----D---- C:\Config.Msi
2019-09-05 08:55:41 ----D---- C:\Windows\system32\Tasks
2019-09-05 08:40:40 ----D---- C:\Windows\Tasks
2019-09-05 08:40:36 ----D---- C:\Users\Pater\AppData\Roaming\Samsung
2019-09-05 07:40:12 ----D---- C:\Program Files (x86)\Common Files
2019-09-05 07:39:48 ----AD---- C:\Windows\System32
2019-09-05 07:39:41 ----D---- C:\ProgramData\Package Cache
2019-09-05 07:36:46 ----RD---- C:\Program Files
2019-08-28 17:39:21 ----D---- C:\Program Files (x86)\Opera
2019-08-26 12:33:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2019-08-26 12:33:06 ----D---- C:\Windows\inf
2019-08-24 14:13:25 ----D---- C:\Windows\SysWOW64
2019-08-24 03:38:20 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2019-08-24 03:38:17 ----D---- C:\Windows\system32\Macromed
2019-08-24 03:38:16 ----D---- C:\Windows\SYSWOW64\Macromed
2019-08-19 06:46:59 ----D---- C:\ProgramData\PMS
2019-08-15 05:45:41 ----D---- C:\Program Files (x86)\Ulozto File Manager

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-03-22 564824]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athwx.sys [2014-03-31 2157768]
S0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2016-10-06 235184]
S0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2016-10-06 489712]
S1 RapportCerberus_1609053;RapportCerberus_1609053; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [2016-10-12 1181672]
S1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2016-10-06 566248]
S1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2016-10-06 547888]
S3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-09-18 3752448]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
S3 bbcap;bb_capture_driver; C:\Windows\system32\DRIVERS\bbcap.sys [2011-02-04 4608]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2012-02-20 615976]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-02-20 184360]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2012-02-20 211496]
S3 BTWDPAN;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\btwdpan.sys [2011-08-25 89640]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-02-20 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-02-20 21544]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz134;cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
S3 cpuz137;cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [2014-02-17 26856]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-10-23 4187664]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 66840]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 60696]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2010-08-24 41040]
S3 MBAMFarflt;MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys []
S3 MBAMWebProtection;MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys []
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver; C:\Windows\System32\Drivers\nx6000.sys [2010-12-13 36720]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-03-03 174184]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver; C:\Windows\system32\DRIVERS\PcaSp60.sys [2010-05-19 38912]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2016-12-21 40240]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2012-03-02 244224]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2010-11-13 34032]
S3 semav6msr64;semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [2016-03-09 21984]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 tmbulk;Thrustmaster Series Bulk Driver (tmbulk); C:\Windows\System32\Drivers\tmbulk.sys [2014-06-20 129264]
S3 tmhidusb;Thrustmaster HID USB Driver; C:\Windows\system32\DRIVERS\tmhidusb.sys [2018-12-18 340480]
S3 tmwbulk;Thrustmaster Series Bulk Driver (tmwbulk); C:\Windows\System32\Drivers\tmwbulk.sys [2018-12-18 290816]
S3 trufos;trufos; C:\Windows\system32\drivers\trufos.sys [2017-09-06 485512]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2019-07-24 88136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2016-03-09 416408]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 MBAMIService;Malwarebytes IService; C:\ProgramData\MB3Install\MBAMIService.exe [2019-06-26 231120]
S2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS64.exe [2010-12-13 194416]
S2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2016-10-06 2387952]
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-01-22 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-13 1255736]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2012-10-16 72704]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-08-24 335416]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2012-02-19 945440]
S4 CISVC;@%systemroot%\system32\CISVC.EXE,-1; C:\Windows\system32\CISVC.EXE [2009-07-14 19456]
S4 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\elevation_service.exe [2019-02-06 1271280]
S4 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2011-04-25 69632]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2019-07-11 176160]
S4 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NPEService;NPEService; D:\Download\NPE.exe /service []
S4 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-08-30 920864]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-09-05 1364256]
S4 PCLEPCI;PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [2005-02-09 14165]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 PS3 Media Server;PS3 Media Server; C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2012-11-27 384280]
S4 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
S4 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-09-21 4088608]
S4 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-11-24 235984]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-09-20 1466144]
S4 SystemUsageReportSvc_WILLAMETTE;Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [2016-03-09 118424]
S4 tmInstall;Thrustmaster® Device Driver Installer; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [2018-12-18 130048]
S4 USER_ESRV_SVC_WILLAMETTE;User Energy Server Service WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2016-03-09 416408]

-----------------EOF-----------------

[Diallix]

Dobry den.

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

[ketez67]

Dobrý den.
Provedl jsem spuštění AdwCleaner v nouzovém systému. Nic nenašel. Restart naběhly windows tak jsem znova spustil AdwCleaner
a zase nic nenašel. Jak jsem ho vypnul tak najel Malware bytes premium. Sken jsem provedl s jeho pomoci a nalezl viz foto níže.
Sytém sice již nabíhá do windows , ale je pořád nějak zabrzděný.

[ketez67]

Obrázek

[Diallix]

Mozte sem vlozit log?

Hodte sem este, prosim, nove logy z FRST + ADDITION.

[ketez67]

Dobré ráno
zasílám log z FRST


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-09-2019
Ran by Pater (administrator) on DEMON (SAMSUNG ELECTRONICS CO., LTD. R580/R590) (06-09-2019 06:00:38)
Running from C:\Users\Pater\Desktop\byt\Nová složka
Loaded Profiles: Pater (Available Profiles: Pater)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(CANON INC. -> CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC. -> CANON INC.)
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [746496 2009-07-14] (Microsoft Windows -> Intel Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2012-02-19] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll [2012-02-19] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BootExecute: autocheck autochk * OODBS

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07242BB7-BB62-4D24-8F23-1C371AF12C3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [4747720 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {1C2DD8FA-CE12-4038-BC35-EDBB0D576DBD} - System32\Tasks\{6AFA27CD-4BCD-4770-8891-080B7E3776F3} => "c:\program files (x86)\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:notoffered;userlevelpresent
Task: {232BF459-F606-409A-9DF0-4B9E6C75E71C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {24750491-2491-4651-8A3A-0A3650B8BF5B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe
Task: {27A4B80C-3D8D-4865-99AD-101534954926} - System32\Tasks\{0407E803-76F7-4B6B-B1F7-A065DCF84669} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {2DFF33BC-D5D2-4345-86F8-33E23C2D8249} - System32\Tasks\{04AEA7DD-F340-4453-B73D-FF5875A57665} => C:\Windows\system32\pcalua.exe -a D:\Download\ASIO4ALL_2_14_English.exe -d C:\Windows\system32
Task: {36A3DED6-3980-41EA-A5A3-EFB2EFBE6C2F} - System32\Tasks\{63201410-00D8-4996-8B4E-677263081932} => C:\Windows\system32\pcalua.exe -a "C:\Users\Pater\Downloads\windows-media-player-12-cz\windows media player 12 cz\Windows.Media.Player.12.v.2.CZ..exe" -d "C:\Users\Pater\Downloads\windows-media-player-12-cz\windows media player 12 cz"
Task: {36F62CC7-68F3-4B02-B22A-C1FF67138389} - System32\Tasks\{5A9B5F7B-7D39-4F1F-8D8F-BF6C94F83F7A} => C:\PDFToExcelConverter\PDF2Excel.exe
Task: {41D30708-9314-4A31-B4D0-2F6D03766EC9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {41D30708-9314-4A31-B4D0-2F6D03766EC9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [ [ ]]
Task: {434556AE-7FA7-44A0-A119-4F73BF47F975} - System32\Tasks\{1595D3AC-A2D1-41A1-A43D-D65249D457A1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Pater\Downloads\ulead-gif-animator-5\Ulead GIF animator 5\GIFAnimator5_CZ.exe" -d "C:\Users\Pater\Downloads\ulead-gif-animator-5\Ulead GIF animator 5"
Task: {440992FD-4042-463C-9D22-8AA829CF52C3} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4213455190-1121324071-2762663974-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {449BEE8F-A8EC-4566-A250-3FC851590C9A} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [90936 2011-02-12] (Glarysoft Ltd -> Glarysoft Ltd)
Task: {460806BD-0EAF-43AF-8385-463DD80D1A18} - System32\Tasks\{E86346F3-69BD-410A-B020-51DCABB6A1FF} => C:\Windows\system32\pcalua.exe -a "C:\Users\Pater\Downloads\flash player\Flash_Player_ Pro_ 3.3_cz.exe" -d "C:\Users\Pater\Downloads\flash player"
Task: {483C7875-1930-4FAA-9998-4571DFD0210F} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1328392 2016-03-17] (Intel(R) Software -> Intel Corporation)
Task: {49063BA9-12BE-43E7-9004-4904860573E3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
Task: {4B670703-9E86-47A0-8D79-31097B88615D} - System32\Tasks\{D6F31515-FFFD-4240-A391-13258B8DEB92} => C:\Windows\system32\pcalua.exe -a "C:\Users\Pater\Downloads\Teleport-Pro-1.61-serial+ÄŤeština\Teleport Pro 1.61\Teleport Pro 1.61 čeština.exe" -d "C:\Users\Pater\Downloads\Teleport-Pro-1.61-serial+ÄŤeština\Teleport Pro 1.61"
Task: {506E900C-2471-47B5-A7F3-9A1C55A12DFD} - System32\Tasks\{3C4C4EA9-CEC7-4845-BFFF-9FBA6A800F60} => C:\Windows\system32\pcalua.exe -a D:\Download\Classic-Effects-Installer.exe -d C:\Windows\system32
Task: {562B64F4-B474-4FDD-AB22-943BD633863C} - System32\Tasks\{E36F84F8-65CB-432E-A8E9-A04629EB82DE} => C:\Program Files (x86)\Opera\launcher.exe [1348632 2019-08-27] (Opera Software AS -> Opera Software)
Task: {56B088B6-7E58-4592-8022-2C5B502A3935} - System32\Tasks\{CA2C8FC7-3F70-4BEE-AD99-B16CAC8D131B} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Desktop\wireles\SETUP.EXE -d C:\Windows\system32
Task: {66667948-F5C1-4198-8432-73937FD08307} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2045832 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {676B79C0-9328-4263-867E-BD76DAD1B550} - System32\Tasks\{1D429845-D07F-43B5-B191-18F711AFDBA5} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {699E707F-1BDD-4F3A-9887-DA9071040214} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {6C4A1CCE-E56D-4180-9D89-2ABDF7456A28} - System32\Tasks\{CE71F676-6F2F-4677-BCD7-3CC0DBCB4CC2} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\VobSub_2.23.exe -d C:\Windows\system32
Task: {6EDBD970-76A6-4B6B-AAC1-DF7F35C08D4A} - System32\Tasks\{5A8D31DF-27C6-4EF2-9A0E-4DA73CF3F873} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\VirtualDub-1.9.11\auxsetup.exe -d C:\Windows\system32
Task: {72ACDC35-4C45-4110-849F-E7CD7DEED32E} - System32\Tasks\{2CFB9D39-ACBC-4FC6-AB6E-E7DD18DEF792} => C:\Program Files (x86)\Opera\launcher.exe [1348632 2019-08-27] (Opera Software AS -> Opera Software)
Task: {7B54F402-18EB-49FB-9E96-6D9EC54DD301} - System32\Tasks\Opera scheduled Autoupdate 1425294510 => C:\Program Files (x86)\Opera\launcher.exe [1348632 2019-08-27] (Opera Software AS -> Opera Software)
Task: {7D5653F6-64FD-4994-B3D5-3FFACD8AA34B} - System32\Tasks\{0293E401-1ED0-4132-B5EB-89555CEBA68C} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\ASAPI.exe -d C:\Windows\system32
Task: {80C9FBF5-0234-458C-A899-95EF0442FDB0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
Task: {80F2BDC5-BEC5-4C39-BF28-B1D3F4EE6095} - System32\Tasks\{5B09F6AC-6097-4DC5-ACAE-50B20D6E3044} => C:\Windows\system32\pcalua.exe -a "D:\Download\4_SK_CadDecor-2.1_slovenská-instalace\4_SK_CadDecor 2.1_slovenská instalace\InstallMain.exe" -d C:\Windows\system32
Task: {841777D1-060A-4F14-B5E0-B411D478EC7F} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {885BFF30-F079-49E1-9307-71C4DFF29E96} - System32\Tasks\{92C29358-9281-4715-8A45-EDF885602A30} => C:\Windows\system32\pcalua.exe -a C:\Windows\SysWOW64\PCWizard.cpl -c PC Wizard System Analyzer
Task: {8A367E69-E754-40BA-8025-362D83A2E209} - System32\Tasks\{1C756D99-4B03-493A-B863-D8A26840E997} => C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [18373848 2016-01-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {8C0E1BB4-A781-42B1-8915-8041D6CD7AE9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe
Task: {8F2A46E9-B8CF-4C90-8119-C92A1F51FD20} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
Task: {9C664763-8CE6-4371-9FAE-4B6C8420EA36} - System32\Tasks\{C84D69BA-F655-4425-88E5-E3AB26D94EF7} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\GIGABYTE\Uninstall\unTVPanel.exe"
Task: {9C6C9D00-653D-4754-A370-A2058BC5173B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {9F9AFD17-75EF-44DC-B108-FE9290D21119} - System32\Tasks\{7ECB75AC-10E0-4655-8E35-52B7D90E26DF} => C:\Users\Pater\Downloads\wmp11-windowsxp-x64-enu.exe
Task: {A6B37785-1007-4EDF-9C51-2D9265183015} - System32\Tasks\{A709C022-EE06-43C0-821B-79E9123C13DD} => C:\Users\Pater\Downloads\unetbootin-windows-613.exe
Task: {A82F29FA-7537-452F-95EE-163DF0469823} - System32\Tasks\{70FAF583-C36B-4B8B-AB67-6E4E2B340CEA} => C:\Windows\system32\pcalua.exe -a D:\Prace\Programy\flashmx2004-en\cestina\sqpFlashMX2004v72cz.exe -d D:\Prace\Programy\flashmx2004-en\cestina
Task: {AD839522-AB24-461F-8E2F-4568EC4495FF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
Task: {B43C30D2-B774-470D-A806-A679B4F081B1} - System32\Tasks\{1A8551A1-19DC-4FAA-BD09-9F4CEAFD9CFD} => C:\Users\Pater\Downloads\booruWebCam_v1299\booruWebCam.exe
Task: {BDD2FD8F-9DE5-4AB7-9B53-EAF54BE261BF} - System32\Tasks\{57A60DD5-B19C-4C72-8435-0428E8597E17} => C:\Windows\system32\pcalua.exe -a E:\start.exe -d E:\
Task: {BE66A561-A1A3-40B1-9853-7206D29FD822} - System32\Tasks\{3FA0D145-3B67-41E4-949B-C89D13999371} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe" -d C:\Windows\system32 -c /SetAsDefaultAppUser Mail
Task: {C4A3248A-0EE5-424B-A016-8CF63B23765A} - System32\Tasks\{F07DCF49-D024-43FE-A75D-F8CC10F40C5F} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\wmp11-windowsxp-x86-CS-CZ.exe -d C:\Users\Pater\Downloads
Task: {C548D138-F67B-4822-95B4-D9C02C0B7E10} - System32\Tasks\{AD33B034-7975-4FD5-AEE8-1BF8BB348839} => C:\Windows\system32\pcalua.exe -a D:\Download\SecurityTaskManager_Setup.exe -d D:\Download
Task: {C581EA69-A742-4225-B969-95AEB67BA727} - System32\Tasks\{7F69C643-9C9C-4E5E-AA07-D8792C10A08A} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Desktop\winsdk_web.exe -d C:\Users\Pater\Desktop
Task: {C5E4D218-B7E1-4CD9-B57E-18F9B306D109} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-24] (Adobe Inc. -> Adobe)
Task: {CAF6C37E-B779-487F-A7FF-BCF5F15D9C1D} - System32\Tasks\{1EDDE3C8-1666-4822-AE79-6DED5C1901CF} => F:\Prace\drina\Programy\Foto plochy\ScreenShots.exe
Task: {CC6C36A9-7215-42E3-9F10-7064FFCA1AD6} - System32\Tasks\{4BCFA9AC-0A69-4D52-A829-A51287636213} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Desktop\wireles\VisualSniffer20\VisualSniffer20\SETUP.EXE -d C:\Windows\system32
Task: {CEEC07EF-DBDB-4730-A9FA-AA217C6336F1} - System32\Tasks\{2C4BDA47-6C15-4682-A3C1-AD0DB3D0FD5F} => C:\Program Files (x86)\Opera\launcher.exe [1348632 2019-08-27] (Opera Software AS -> Opera Software)
Task: {D65D3917-6775-4C42-B4E0-3ADDF89FB0A4} - System32\Tasks\{1506B6FF-F34F-4EC4-9201-B74E779DB6BD} => C:\Users\Pater\Downloads\unetbootin-windows-613.exe
Task: {D9671CCC-2E61-436B-A265-EF08705DB0DB} - System32\Tasks\Microsoft\Windows\SyncCenter\S-1-5-21-4213455190-1121324071-2762663974-1000\{750FDF10-2A26-11D1-A3EA-080036587F03}\Plán synchronizace Offline soubory 1 => C:\Windows\system32\mobsync.exe [102400 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Task: {DDE37391-1DD8-4516-9695-760BED081006} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [1452600 2019-08-24] (Adobe Inc. -> Adobe)
Task: {E90A2AF6-9C09-4B50-A3F7-55C6D41C481A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4213455190-1121324071-2762663974-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F4145A1B-6D5A-4C21-B48C-9E71F0EDDD73} - System32\Tasks\{C59B1CC6-F566-4093-AA64-69A86DA22884} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\burrrn_package.exe -d C:\Windows\system32
Task: {F58F0BBD-727B-4A50-8062-49D691288363} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
Task: {F6CC9440-5205-421B-8592-49F36DEE00AB} - System32\Tasks\{2DF8FA91-5E09-4B1A-A20D-6B7A92F5B2F1} => C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [18373848 2016-01-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {FB1BBD44-0B07-4FD2-A442-07903C2CF0B2} - System32\Tasks\{7713AD1D-AB1C-44B4-BA53-481CB6A17EF2} => C:\Windows\system32\pcalua.exe -a "C:\Users\Pater\Downloads\Teleport-Pro-1.61-serial+ÄŤeština\Teleport Pro 1.61\Teleport Pro 1.61 čeština.exe" -d "C:\Users\Pater\Downloads\Teleport-Pro-1.61-serial+ÄŤeština\Teleport Pro 1.61"
Task: {FEEC84B1-03D5-45CF-9832-CBCCDBF0C0AE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A37091F0-A99F-4A09-BA3A-BB2F5E105983}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B47A7B3E-41CA-4ACE-B0B0-11915288CD8F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products Ltd -> Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corporation -> Microsoft Corp)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-08-11] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products Ltd -> Tracker Software Products Ltd.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corporation -> Microsoft Corp)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2017-08-11] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-08-11] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4213455190-1121324071-2762663974-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products Ltd -> Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-4213455190-1121324071-2762663974-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-08-11] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR Profile: C:\Users\Pater\AppData\Local\Google\Chrome\User Data\Default [2019-09-05]
CHR Extension: (Prezentace) - C:\Users\Pater\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-30]
CHR Extension: (Dokumenty) - C:\Users\Pater\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-30]
CHR Extension: (Disk Google) - C:\Users\Pater\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-30]
CHR Extension: (YouTube) - C:\Users\Pater\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-30]
CHR Extension: (Tabulky) - C:\Users\Pater\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pater\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pater\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-30]
CHR Extension: (Gmail) - C:\Users\Pater\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Pater\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-10]
CHR HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-10-16] (Adobe Systems) [File not signed]
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] (Intel(R) Software Development Products -> )
S4 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2011-04-25] (Macromedia) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S4 Net Driver HPZ12; C:\WINDOWS\SYSTEM32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [135848 2015-11-05] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [135848 2015-11-05] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [135848 2015-11-05] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [135848 2015-11-05] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
S4 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
S4 Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S4 PS3 Media Server; C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [384280 2012-11-27] (Tanuki Software Ltd. -> Tanuki Software, Ltd.)
R2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-10-06] (IBM -> IBM Corp.)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
S4 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] (Intel(R) Software Development Products -> )
S4 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [130048 2018-12-18] (Guillemot Recherche et Développement, Inc -> Thrustmaster®)
S4 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] (Intel(R) Software Development Products -> )
R2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 NPEService; "D:\Download\NPE.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3752448 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2011-02-04] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-25] (Broadcom Corporation -> Broadcom Corporation.)
S3 cpuz134; C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (CPUID -> Windows (R) Win 7 DDK provider)
S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2014-02-17] (CPUID -> CPUID)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-09-05] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-09-05] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-09-05] (Malwarebytes Corporation -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-09-05] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [106344 2019-09-05] (Malwarebytes Corporation -> Malwarebytes)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-05-19] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA))
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-10-12] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-10-06] (IBM -> IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235184 2016-10-06] (IBM -> IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489712 2016-10-06] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [547888 2016-10-06] (IBM -> IBM Corp.)
S3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2010-11-13] (Sony Ericsson Mobile Communications AB -> Sony Ericsson Mobile Communications) [File not signed]
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] (Intel(R) Code Signing External -> )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-03-22] (Duplex Secure Ltd -> Duplex Secure Ltd.)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [129264 2014-06-20] (Guillemot Corporation -> © Guillemot R&D, 2014. All rights reserved.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [340480 2018-12-18] (Guillemot Recherche et Développement, Inc -> Thrustmaster)
S3 tmwbulk; C:\Windows\System32\Drivers\tmwbulk.sys [290816 2018-12-18] (Guillemot Recherche et Développement, Inc -> © Guillemot R&D, 2018. All rights reserved.)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [485512 2017-09-06] (Bitdefender SRL -> BitDefender S.R.L.)
R3 TS_AR5416; C:\Windows\System32\DRIVERS\ts_athwx.sys [2157768 2014-03-31] (TamoSoft Ltd -> TamoSoft)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [402720 2010-04-28] (Marvell Semiconductor -> Marvell)
U3 afr1xu8h; no ImagePath
U3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-06 06:00 - 2019-09-06 06:00 - 000000000 ____D C:\FRST
2019-09-05 19:19 - 2019-09-05 19:19 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-09-05 19:19 - 2019-09-05 19:19 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-09-05 19:19 - 2019-09-05 19:19 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-09-05 18:30 - 2019-09-05 18:30 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-09-05 18:29 - 2019-09-05 18:29 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-09-05 18:27 - 2019-09-05 18:27 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-09-05 18:27 - 2019-09-05 18:27 - 000001867 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-09-05 18:27 - 2019-09-05 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-09-05 18:27 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-09-05 18:20 - 2019-09-05 18:21 - 007622344 _____ (Malwarebytes) C:\Users\Pater\Desktop\adwcleaner_7.4.1.exe
2019-09-05 16:52 - 2019-09-05 16:52 - 000000000 ____D C:\Users\Pater\DoctorWeb
2019-09-05 16:48 - 2019-09-05 16:48 - 000000000 ____D C:\rsit
2019-09-05 15:51 - 2019-09-05 18:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-09-05 15:48 - 2019-09-05 15:48 - 000000000 ____D C:\ProgramData\MB3Install
2019-09-05 07:41 - 2019-09-05 07:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
2019-09-05 07:36 - 2019-09-05 07:54 - 000000000 ____D C:\Program Files\MAXON
2019-09-05 07:33 - 2019-09-05 08:17 - 000000000 ____D C:\Users\Pater\AppData\Roaming\MAXON
2019-09-04 17:05 - 2019-09-06 05:59 - 000000000 ____D C:\Users\Pater\Desktop\byt
2019-08-26 20:05 - 2019-09-05 19:38 - 000000000 ____D C:\Users\Pater\Desktop\Byt Kuchyň
2019-08-26 12:34 - 2019-08-26 12:34 - 001164623 _____ C:\Users\Pater\Desktop\Generální plná moc – kopie – kopie Copy.pdf
2019-08-23 08:18 - 2019-08-23 08:18 - 000000000 ____D C:\Users\Pater\Desktop\Vlastík-Garáž
2019-08-23 08:17 - 2019-08-23 08:17 - 004727392 _____ C:\Users\Pater\Desktop\Vlastík-Garáž.rar
2019-08-20 09:05 - 2019-08-20 09:05 - 000054518 _____ C:\Users\Pater\Desktop\Detail_platby_28112018.pdf
2019-08-17 22:22 - 2019-08-17 22:22 - 000007605 _____ C:\Users\Pater\AppData\Local\Resmon.ResmonCfg
2019-08-14 07:59 - 2019-09-06 06:00 - 000000000 ____D C:\Users\Pater\AppData\Local\Room Arranger
2019-08-14 07:59 - 2019-09-04 17:55 - 000000000 ____D C:\Users\Pater\Documents\Room Arranger
2019-08-14 07:59 - 2019-08-15 04:45 - 000000000 ____D C:\Program Files (x86)\Room Arranger
2019-08-14 07:59 - 2019-08-15 04:36 - 000000000 ____D C:\Users\Pater\AppData\Roaming\Room Arranger
2019-08-14 07:59 - 2019-08-14 07:59 - 000001046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Room Arranger.lnk
2019-08-14 07:59 - 2019-08-14 07:59 - 000001034 _____ C:\Users\Public\Desktop\Room Arranger.lnk
2019-08-14 07:59 - 2019-08-14 07:59 - 000001034 _____ C:\ProgramData\Desktop\Room Arranger.lnk
2019-08-14 07:59 - 2019-08-14 07:59 - 000000000 ____D C:\ProgramData\Room Arranger
2019-08-10 07:20 - 2019-08-14 07:35 - 000016691 _____ C:\Users\Pater\Documents\dOMEK.xlsx
2019-08-10 07:20 - 2019-08-10 07:20 - 000000165 ____H C:\Users\Pater\Documents\~$dOMEK.xlsx
2019-08-07 08:50 - 2019-08-07 08:54 - 000000000 ____D C:\Users\Pater\Desktop\Pojištění

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-06 05:48 - 2019-02-09 06:57 - 002237046 _____ C:\Windows\ntbtlog.txt
2019-09-05 19:25 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-05 19:25 - 2009-07-14 06:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-05 19:17 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-05 19:16 - 2011-02-05 08:16 - 000000031 _____ C:\Windows\system32\bbcap.err
2019-09-05 17:01 - 2011-01-14 02:28 - 000000000 ____D C:\Program Files\trend micro
2019-09-05 16:52 - 2010-11-12 21:01 - 000000000 ____D C:\Users\Pater
2019-09-05 08:40 - 2017-12-27 07:35 - 000000000 ____D C:\Users\Pater\AppData\Roaming\Samsung
2019-09-05 07:39 - 2016-01-13 04:06 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-28 17:39 - 2015-08-17 05:35 - 000003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1425294510
2019-08-28 17:39 - 2011-03-01 16:18 - 000000000 ____D C:\Program Files (x86)\Opera
2019-08-26 12:33 - 2009-07-14 17:18 - 000728524 _____ C:\Windows\system32\perfh005.dat
2019-08-26 12:33 - 2009-07-14 17:18 - 000172186 _____ C:\Windows\system32\perfc005.dat
2019-08-26 12:33 - 2009-07-14 07:13 - 001759272 _____ C:\Windows\system32\PerfStringBackup.INI
2019-08-26 12:33 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2019-08-24 14:13 - 2017-02-23 18:32 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-24 03:38 - 2017-08-24 12:56 - 000000000 ____D C:\Users\Pater\AppData\Local\Adobe
2019-08-24 03:38 - 2016-04-09 16:55 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-08-24 03:38 - 2015-09-10 15:46 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-08-24 03:38 - 2015-09-10 15:46 - 000004510 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-08-24 03:38 - 2011-11-15 03:57 - 000000000 ____D C:\Windows\system32\Macromed
2019-08-24 03:38 - 2011-05-15 16:59 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-08-24 03:38 - 2010-11-13 00:48 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-08-24 03:37 - 2017-11-12 10:40 - 000000000 ____D C:\Users\Pater\AppData\Local\CrashDumps
2019-08-24 03:30 - 2009-07-14 07:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-08-19 06:46 - 2013-08-12 20:37 - 000000000 ____D C:\ProgramData\PMS
2019-08-15 05:45 - 2019-07-25 18:07 - 000001057 _____ C:\Users\Public\Desktop\Ulož.to FileManager.lnk
2019-08-15 05:45 - 2019-07-25 18:07 - 000001057 _____ C:\ProgramData\Desktop\Ulož.to FileManager.lnk
2019-08-15 05:45 - 2016-07-27 08:08 - 000001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulož.to FileManager.lnk
2019-08-15 05:45 - 2016-07-27 08:08 - 000000000 ____D C:\Program Files (x86)\Ulozto File Manager
2019-08-14 10:04 - 2016-10-20 04:44 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories ================

2018-05-09 09:53 - 2018-05-09 09:53 - 000000036 _____ () C:\Users\Pater\AppData\Local\housecall.guid.cache
2018-10-18 08:17 - 2018-10-18 08:17 - 000004096 ____H () C:\Users\Pater\AppData\Local\keyfile3.drm
2019-08-17 22:22 - 2019-08-17 22:22 - 000007605 _____ () C:\Users\Pater\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-31 00:41
==================== End of FRST.txt ============================

[ketez67]

A log z Addition je zde:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-09-2019
Ran by Pater (06-09-2019 06:02:48)
Running from C:\Users\Pater\Desktop\byt\Nová složka
Windows 7 Professional Service Pack 1 (X64) (2010-11-12 19:01:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4213455190-1121324071-2762663974-500 - Administrator - Disabled)
ASPNET (S-1-5-21-4213455190-1121324071-2762663974-1002 - Limited - Enabled)
Guest (S-1-5-21-4213455190-1121324071-2762663974-501 - Limited - Disabled)
Pater (S-1-5-21-4213455190-1121324071-2762663974-1000 - Administrator - Enabled) => C:\Users\Pater
UpdatusUser (S-1-5-21-4213455190-1121324071-2762663974-1008 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.238 - Adobe)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
AIDA64 Engineer v5.70 (HKLM-x32\...\AIDA64 Engineer_is1) (Version: 5.70 - FinalWire Ltd.)
Aktualizace NVIDIA 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.3 - Extensoft)
ASAPI Update (HKLM-x32\...\ASAPI Update) (Version: - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
ASUS RT-N16 Wireless Router Utilities (HKLM-x32\...\{2BF4582C-9BBF-4B55-AB3A-C2375278B13E}) (Version: 4.1.1.6 - ASUS)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
B110 (HKLM-x32\...\{05D08C4D-58A2-438B-A419-EE994E64E15D}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
BB FlashBack Pro (HKLM-x32\...\{652CD1F7-23C6-462D-963C-60F92C3BF332}) (Version: 2.7.2.1508 - Blueberry Software Ltd.) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
BwgBurn Version 0.7.0 (HKLM-x32\...\{52512614-1026-4E91-8208-FA9B80B62C1A}) (Version: 0.7.0 - BwgSoftware)
CamStudio (HKLM-x32\...\CamStudio) (Version: - )
Canon MF Toolbox 4.9.1.1.mf14 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.)
Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.1 - CANON INC.)
Centrum zařízení Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Cinema 4D 20.059 (HKLM\...\MAXONE3565005) (Version: 20.059 - MAXON Computer GmbH)
Combined Community Codec Pack 2011-11-11 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.11.11.0 - CCCP Project)
CoreAVC Professional Edition (remove only) (HKLM-x32\...\CoreAVC Professional Edition) (Version: - )
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.1 - Corel Corporation)
CZ (HKLM-x32\...\{CCF7074B-BE72-44E1-9CAC-3FFAC582C692}) (Version: 13.0 - Corel Corporation) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Daum PotPlayer 1.6.49952 x64 Edition (HKLM\...\PotPlayer64) (Version: - )
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Doc Scrubber v1.2 (HKLM-x32\...\Doc Scrubber_is1) (Version: 1.2 - BrightFort LLC)
E-Ceník (HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\7db2515fea5838c7) (Version: 1.4.2011.1208 - Datamix Solutions s.r.o.)
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Exact Audio Copy 1.0beta1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta1 - Andre Wiethoff)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 1.TTRS.2019 - Thrustmaster)
FontNav (HKLM-x32\...\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}) (Version: 5.0 - Corel Corporation) Hidden
foobar2000 v1.3.17 (HKLM-x32\...\foobar2000) (Version: 1.3.17 - Peter Pawlowski)
FormatFactory 2.60 (HKLM-x32\...\FormatFactory) (Version: 2.60 - Free Time)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.)
gDoc PDF Server Excel AddIn (HKLM-x32\...\{F8FC9F92-6E7F-4C7C-B762-FA820700A2EB}) (Version: 2.5.1 - Global Graphics)
gDoc PDF Server PowerPoint AddIn (HKLM-x32\...\{006981CD-A544-4C43-B0AA-26C0F30A18B5}) (Version: 2.5.1 - Global Graphics)
gDoc PDF Server Word AddIn (HKLM-x32\...\{7A5DBBA5-98E0-4956-AA8C-D55780E58B91}) (Version: 2.5.1 - Global Graphics)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Glary Utilities 2.32.0.1126 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.32.0.1126 - Glarysoft Ltd)
GoldWave v5.58 (HKLM-x32\...\GoldWave v5.58) (Version: - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (HKLM-x32\...\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}) (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HTML kódy (HKLM-x32\...\{3AFA2047-E2B6-44B5-B030-AB42C226646A}) (Version: 2.1 - MF Software)
IcoFX 1.6.2 (HKLM-x32\...\IcoFX_is1) (Version: - )
inSSIDer (HKLM-x32\...\{65A5E87D-7A3F-4819-807D-B86990D5F369}) (Version: 2.1.6 - MetaGeek)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
Intel(R) Driver Update Utility 2.4 (HKLM-x32\...\{B731F5C4-E304-4DFA-9C84-F67FF849B408}) (Version: 2.4.0.15 - Intel) Hidden
Intel(R) Product Improvement Program (HKLM-x32\...\{E954D7C1-36FA-4FE8-8927-97DBDEB5A15F}) (Version: 2.1.27.3 - Intel) Hidden
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{1b09c4de-9cae-4122-b17c-65d395062b50}) (Version: 2.4.0.15 - Intel)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Kubik SMS DreamCom 5.96 (HKLM-x32\...\Kubik SMS DreamCom_is1) (Version: - )
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
LAV Filters 0.45 (HKLM-x32\...\lavfilters_is1) (Version: 0.45 - )
Leawo PowerPoint to Video Pro version 2.2.0.55 (HKLM-x32\...\{5D5CB188-F9B1-4103-B2AD-07FB33068377}_is1) (Version: - Leawo Software)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Macromedia Flash MX 2004 (HKLM-x32\...\{2F353D44-73BB-4971-B31D-F7642E9E9531}) (Version: 7.2 - Macromedia)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.9 - Magical Jelly Bean)
Malwarebytes verze 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.25.4.3 - Marvell)
MAY-CAD (HKLM-x32\...\{92B4EFEA-0BA8-45E6-8774-741626F6F30F}) (Version: 7.000.6 - MayTec)
MediaInfo 0.7.52 (HKLM\...\MediaInfo) (Version: 0.7.52 - MediaArea.net)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ Run Time Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Platform Installer 3.0 (HKLM\...\{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}) (Version: 3.0.5 - Microsoft Corporation)
MKVToolNix 7.3.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.3.0 - Moritz Bunkus)
Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version: - )
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.8.0.7123 - Mozilla)
Mozilla Thunderbird 60.8.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.8.0 (x86 cs)) (Version: 60.8.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyShowroom Studio 1.7 (HKLM-x32\...\MyShowroom Studio) (Version: 1.7 - Sky Interactive LLC)
Network64 (HKLM\...\{CE47BA54-78AC-409F-9151-BDF5BE15A804}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
NCH Tone Generator (HKLM-x32\...\ToneGen) (Version: 3.26 - NCH Software)
n-Track Studio 7 x64 (HKLM\...\n-Track Studio 7) (Version: - n-Track)
NVIDIA 3D Vision Controller Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.61 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Ochrana koncového bodu Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.103 - Trusteer)
Opera 11.01 (HKLM-x32\...\Opera 11.01.1190) (Version: 11.01.1190 - Opera Software ASA)
Opera Stable 63.0.3368.53 (HKLM-x32\...\Opera 63.0.3368.53) (Version: 63.0.3368.53 - Opera Software)
Ovládací panel NVIDIA 327.02 (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 327.02 - NVIDIA Corporation) Hidden
Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Pazera Jacek)
PC Inspector smart recovery (HKLM-x32\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PC Wizard 2010.1.96 (HKLM-x32\...\PC Wizard 2010_is1) (Version: - CPUID)
PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version: - CPUID)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.191.0 - Tracker Software Products Ltd)
PDF-XChange PRO V6 (HKLM\...\{E9A303EA-87D9-4F28-83DA-73D79D05687B}) (Version: 6.0.322.7 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange PRO V6 (HKLM-x32\...\{19930704-143e-4dd8-99b0-98196c7006c7}) (Version: 6.0.322.7 - Tracker Software Products (Canada) Ltd.)
PosteRazor (HKLM-x32\...\PosteRazor_is1) (Version: 1.5.2 - Alessandro Portale)
Presto! PageManager 7.15.38 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.38 - NewSoft Technology Corporation)
Privacy Mantra 3.00 (HKLM-x32\...\Privacy Mantra 3.00) (Version: - )
PROFIT 2011.02 (HKLM-x32\...\{670A9A20-E29D-40C3-9937-2AFF89C3AC82}_is1) (Version: - LPsoft)
PS_AIO_07_B110_SW_Min (HKLM-x32\...\{F88E2E04-7EF5-488C-8E38-C94EB808458E}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.0 - PS3 Media Server)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: - Jan Fiala)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 3.4.3 (64-bit) (HKLM\...\{9529565F-E693-3F11-B3BF-8CD545F5F9A0}) (Version: 3.4.3150 - Python Software Foundation)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
QuickTransfer (HKLM-x32\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1609.107 - Trusteer) Hidden
RAR Repair Tool v.4.0 (HKLM-x32\...\RAR Repair Tool_is1) (Version: - ZRT Labs)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6761 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30133 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Restorator 2018 Trial (HKLM-x32\...\Restorator2018_is1) (Version: - Bome Software)
Revo Uninstaller Pro 4.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.0.5 - VS Revo Group, Ltd.)
Room Arranger (32-bit) (HKLM-x32\...\Room Arranger) (Version: 9.5.5 - Jan Adamec)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
Screenshot Captor 3.04.01 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Security Task Manager 2.1i (HKLM-x32\...\Security Task Manager) (Version: 2.1i - Neuber Software)
SequoiaView (HKLM-x32\...\SequoiaView) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
SolutionCenter (HKLM-x32\...\{8E4B1BE8-DCF3-4B90-A726-B28107442623}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Sophos Clean (HKLM\...\SophosClean) (Version: 3.7.13.262 - Sophos Limited)
Sothink SWF Decompiler (HKLM-x32\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 4.5 - SourceTec Software Co., LTD)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (HKLM-x32\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Studio 11 (HKLM-x32\...\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}) (Version: 11.0 - Pinnacle Systems)
Studio 11 (HKLM-x32\...\{2F952048-3220-4AC7-A206-D01EFC774BB2}) (Version: 11.0.0.0 - Pinnacle Systems) Hidden
Team Render Client 20.026 (HKLM\...\MAXON31E88FDD) (Version: 20.026 - MAXON Computer GmbH)
TIDAL (HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\TIDAL) (Version: 2.4.0 - TIDAL Music AS)
Toolbox (HKLM-x32\...\{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}) (Version: 140.0.424.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
TT-Dynamic-Range 1.1 (HKLM-x32\...\TT-Dynamic-Range 1.1) (Version: - )
TT-Dynamic-Range 1.4 (HKLM-x32\...\TT-Dynamic-Range 1.4) (Version: - )
Ulead GIF Animator 5 ESD (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - )
Ulož.to FileManager verze 2.76 (HKLM-x32\...\{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1) (Version: 2.76 - Uloz.to cloud a.s.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Manager (HKLM-x32\...\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}) (Version: 4.60 - Corel Corporation) Hidden
VBA (HKLM-x32\...\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}) (Version: 6.2 - Corel Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Vit Registry Fix 12.5 (remove only) (HKLM\...\Vit Registry Fix) (Version: - VITSOFT)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2350 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.44-4 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.44.4 - HTTrack)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinX Free VOB to AVI Converter 2.0.3 (HKLM-x32\...\WinX Free VOB to AVI Converter_is1) (Version: - Digiarty Software,Inc.)
Wise PC Engineer 6.3.8 (HKLM-x32\...\Wise PC Engineer_is1) (Version: - ZhiQing Soft, Inc.)
XBMC (HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\XBMC) (Version: - Team XBMC)
XNResourceEditor 3.0.0.1 (HKLM-x32\...\XN Resource Editor_is1) (Version: - Colin Wilson)
Yahoo! Desktop Login (HKLM-x32\...\{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}) (Version: 1.00.0001 - Pinnacle Systems) Hidden
Zoner Photo Studio 10 (HKLM-x32\...\ZonerPhotoStudio10_CZ_is1) (Version: - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> C:\Windows\system32\devenum.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:/Users/Pater/AppData/Local/Microsoft/Windows Sidebar/Gadgets/All_CPU_Meter_V4.7.3.gadget/CoreTempReader.dll (AddGadgets IT -> )
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{104846AB-42B1-4E38-A80D-136F78C3F258}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{14074E0B-7216-4862-96E6-53CADA442A56}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{18907F3B-9AFB-4F87-B764-F9A4E16A21B8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{1A8766A0-62CE-11CF-A5D6-28DB04C10000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32 -> C:\Windows\system32\quartz.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> C:\Windows\system32\devenum.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> C:\Windows\system32\wpdshext.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{3D154A2D-D911-437E-A30C-5F56A9B7081D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} -> [] => 0
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{4315D437-5B8C-11D0-BD3B-00A0C911CE86}\InprocServer32 -> C:\Windows\system32\devenum.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{48C6BE7C-3871-43CC-B46F-1449A1BB2FF3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> C:\Windows\system32\thumbcache.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{5BB4BE4A-09B3-4689-BB4B-6F33E1E82797}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{725F645B-EAED-4FC5-B1C5-D9AD0ACCBA5E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{7EFC002A-071F-4CE7-B265-F4B4263D2FD2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{896664F7-12E1-490F-8782-C0835AFD98FC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{934D4698-6A59-48F8-9F29-9FB30670320E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{9DBD2C50-62AD-11D0-B806-00C04FD706EC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}\InprocServer32 -> C:\Program Files (x86)\Zoner\Photo Studio 10\Program\SHELLEXT64.DLL (ZONER software) [File not signed]
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{BF87B6E1-8C27-11D0-B3F0-00AA003761C5}\InprocServer32 -> C:\Windows\system32\qcap.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\actxprxy.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{CC58E280-8AA1-11D1-B3F1-00AA003761C5}\InprocServer32 -> C:\Windows\system32\qcap.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> C:\Windows\system32\quartz.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{E30629D2-27E5-11CE-875D-00608CB78066}\InprocServer32 -> C:\Windows\system32\qcap.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> C:\Windows\system32\quartz.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{EFB23A09-A867-4BE8-83A6-86969A7D0856}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> C:\Windows\system32\propsys.dll (Microsoft Windows -> Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll (Microsoft Windows -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1-x32: [Glary Utilities] -> {72923739-5A47-40A3-9895-25AF0DFBB9E4} => C:\Program Files (x86)\Glary Utilities\ContextHandler.dll [2010-12-24] (Glarysoft Ltd -> Glarysoft Ltd)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2017-08-11] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [Glary Utilities] -> {72923739-5A47-40A3-9895-25AF0DFBB9E4} => C:\Program Files (x86)\Glary Utilities\ContextHandler.dll [2010-12-24] (Glarysoft Ltd -> Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-08-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6-x32: [Glary Utilities] -> {72923739-5A47-40A3-9895-25AF0DFBB9E4} => C:\Program Files (x86)\Glary Utilities\ContextHandler.dll [2010-12-24] (Glarysoft Ltd -> Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2018-09-06] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-4213455190-1121324071-2762663974-1000: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files (x86)\Zoner\Photo Studio 10\Program\SHELLEXT64.DLL [2007-11-30] (ZONER software) [File not signed]
ContextMenuHandlers2_S-1-5-21-4213455190-1121324071-2762663974-1000: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files (x86)\Zoner\Photo Studio 10\Program\SHELLEXT64.DLL [2007-11-30] (ZONER software) [File not signed]
ContextMenuHandlers4_S-1-5-21-4213455190-1121324071-2762663974-1000: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files (x86)\Zoner\Photo Studio 10\Program\SHELLEXT64.DLL [2007-11-30] (ZONER software) [File not signed]
ContextMenuHandlers6_S-1-5-21-4213455190-1121324071-2762663974-1000: [ZONERMenu] -> {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} => C:\Program Files (x86)\Zoner\Photo Studio 10\Program\SHELLEXT64.DLL [2007-11-30] (ZONER software) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-06-02 15:51 - 2015-06-02 15:51 - 000545792 _____ () [File not signed] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-03-13 22:36 - 2012-09-26 14:02 - 000004608 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUR6.DLL
2014-03-13 22:19 - 2012-08-09 13:59 - 001006080 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNAS0MOK.DLL
2014-03-13 22:18 - 2012-09-26 15:02 - 000152064 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2014-03-13 22:22 - 2013-02-26 01:00 - 001420800 _____ (CANON INC.) [File not signed] C:\Windows\System32\cnnx0_flm.dll
2010-11-13 05:10 - 2007-11-30 16:09 - 000031232 _____ (ZONER software) [File not signed] C:\Program Files (x86)\Zoner\Photo Studio 10\Program\SHELLEXT64.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} [26]
AlternateDataStreams: C:\ProgramData\TEMP:15B79D44 [133]
AlternateDataStreams: C:\ProgramData\TEMP:408F95E5 [126]
AlternateDataStreams: C:\ProgramData\TEMP:A4F602C6 [148]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice => Applications\PSPad.exe
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\exefile: <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.exe: => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.cmd: cmdfile => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\comfile: <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.com: ComFile => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.scr: => <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7915 more sites.

IE trusted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\mojebanka.cz -> hxxps://www.mojebanka.cz
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\...\123simsen.com -> www.123simsen.com

There are 7915 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2018-08-26 07:18 - 000452561 ____R C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15561 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;D:;D:\Scripts;C:\ProgramData\Oracle\Java\javapath;C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\PHYSX\COMMON;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\android-sdk-windows\platform-tools;C:\android-sdk-windows\tools;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files (x86)\Universal Extractor;C:\Program Files (x86)\Universal Extractor\bin
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: CISVC => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Macromedia Licensing Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NPEService => 2
MSCONFIG\Services: PCLEPCI => 3
MSCONFIG\Services: PS3 Media Server => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SystemUsageReportSvc_WILLAMETTE => 2
MSCONFIG\Services: tmInstall => 2
MSCONFIG\Services: USER_ESRV_SVC_WILLAMETTE => 3
MSCONFIG\Services: WsAppService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Pater^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skype.lnk => C:\Windows\pss\Skype.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Pater^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk => C:\Windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox =>
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe -update pepperplugin
MSCONFIG\startupreg: MFNetworkScanUtility => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spotify => "C:\Users\Pater\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Pater\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Spy Protector => C:\Program Files (x86)\Security Task Manager\SpyProtector.exe /autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D0A61789-E49C-4E89-A1A2-E688B8C1E721}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{6961C98F-DA7A-4CBF-A1C6-5734CBC9BE3F}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{26944890-D278-4557-88A1-A354E139F5C2}] => (Allow) C:\Program Files (x86)\Opera\63.0.3368.53\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{E90EBE97-1459-4E54-90BF-7AF44F1022F2}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [UDP Query User{FD256961-0FBC-42E5-BFFA-92F053C980C4}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Block) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

24-06-2019 00:00:00 Naplánovaný kontrolní bod
01-07-2019 00:00:00 Naplánovaný kontrolní bod
08-07-2019 00:00:00 Naplánovaný kontrolní bod
15-07-2019 00:00:02 Naplánovaný kontrolní bod
15-07-2019 06:52:10 Installed Rapport
21-07-2019 17:16:14 Installed Rapport
07-08-2019 08:33:57 Installed Rapport
15-08-2019 00:00:00 Naplánovaný kontrolní bod
18-08-2019 20:29:11 Installed Rapport
19-08-2019 06:48:01 Installed Rapport
19-08-2019 09:21:58 Installed Rapport
19-08-2019 09:26:49 Installed Rapport
19-08-2019 09:29:38 Installed Rapport
24-08-2019 03:31:36 Installed Rapport
02-09-2019 09:55:21 Installed Rapport
05-09-2019 07:38:14 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
05-09-2019 07:38:51 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
05-09-2019 07:39:50 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
05-09-2019 07:55:45 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
05-09-2019 07:55:57 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
05-09-2019 07:56:11 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
05-09-2019 08:40:29 AdwCleaner_BeforeCleaning_05/09/2019_08:40:29
05-09-2019 08:45:40 Installed Rapport
05-09-2019 08:55:54 Installed Rapport
05-09-2019 18:27:46 Installed Rapport
05-09-2019 19:18:13 Installed Rapport

==================== Faulty Device Manager Devices =============

Name: A48G0SVU IDE Controller
Description: A48G0SVU IDE Controller
Class Guid:
Manufacturer:
Service: afr1xu8h
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2019 09:25:01 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: Nelze získat informace o výkonu stránkovacího souboru systému. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/05/2019 09:21:01 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: Nelze získat informace o výkonu stránkovacího souboru systému. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/05/2019 09:19:02 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: Nelze získat informace o výkonu stránkovacího souboru systému. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/05/2019 09:19:01 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: Nelze získat informace o výkonu stránkovacího souboru systému. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/05/2019 09:17:00 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: Nelze získat informace o výkonu stránkovacího souboru systému. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/05/2019 09:16:55 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: Nelze získat informace o výkonu stránkovacího souboru systému. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/05/2019 07:34:48 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: Nelze získat informace o výkonu stránkovacího souboru systému. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/05/2019 07:30:48 PM) (Source: PerfOS) (EventID: 2011) (User: )
Description: Nelze získat informace o výkonu stránkovacího souboru systému. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.


System errors:
=============
Error: (09/05/2019 07:20:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Aktualizace Google (gupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (09/05/2019 07:16:14 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (09/05/2019 06:29:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Aktualizace Google (gupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (09/05/2019 06:25:45 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (09/05/2019 04:41:40 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1068 = Nepodařilo se zahájit závislou službu nebo skupinu. při pokusu o spuštění služby fdPHost s argumenty za účelem spuštění serveru:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (09/05/2019 04:41:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1068 = Nepodařilo se zahájit závislou službu nebo skupinu. při pokusu o spuštění služby fdPHost s argumenty za účelem spuštění serveru:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (09/05/2019 04:40:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Rozpoznávací modul sběrnice PnP-X IP závisí na službě Hostitel poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (09/05/2019 04:39:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Zprostředkovatel domácích skupin závisí na službě Hostitel poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.


Windows Defender:
===================================
Date: 2011-05-06 16:54:14.596
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{FF08F5B2-FF5F-4847-AEEF-D666B07C9DB9}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2011-03-02 06:47:26.811
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... tid=121389
Název:Tool:Win32/Cain!2_9
ID:121389
Závažnost:Střední
Kategorie:Nástroj
Nalezeno v cestě:containerfile:C:\PROGRAM FILES (X86)\CAIN\CAIN.EXE;file:C:\PROGRAM FILES (X86)\CAIN\CAIN.EXE->(UPX);process:pid:208
Typ zjišťování:Konkrétní
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2011-02-25 05:30:39.155
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... tid=159633
Název:Adware:Win32/OpenCandy
ID:159633
Závažnost:Nízké
Kategorie:Software placený zobrazováním reklamy
Nalezeno v cestě:file:C:\Users\Pater\Downloads\aTube_Catcher.exe
Typ zjišťování:Konkrétní
Zdroj zjišťování:Systém
Stav:Neznámý
Uživatel:NT AUTHORITY\SYSTEM
Název procesu:

Date: 2011-02-24 18:42:11.690
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... tid=159633
Název:Adware:Win32/OpenCandy
ID:159633
Závažnost:Nízké
Kategorie:Software placený zobrazováním reklamy
Nalezeno v cestě:file:C:\Users\Pater\Downloads\aTube_Catcher.exe
Typ zjišťování:Konkrétní
Zdroj zjišťování:Systém
Stav:Neznámý
Uživatel:NT AUTHORITY\SYSTEM
Název procesu:

Date: 2011-02-24 16:38:25.803
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... tid=159633
Název:Adware:Win32/OpenCandy
ID:159633
Závažnost:Nízké
Kategorie:Software placený zobrazováním reklamy
Nalezeno v cestě:file:C:\Users\Pater\Downloads\aTube_Catcher.exe
Typ zjišťování:Konkrétní
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2012-02-26 07:51:51.904
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

Date: 2011-11-10 19:26:14.124
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

Date: 2011-11-09 08:53:38.792
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070003
Popis chyby:Systém nemůže nalézt uvedenou cestu.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

Date: 2011-11-09 08:36:11.544
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070003
Popis chyby:Systém nemůže nalézt uvedenou cestu.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

Date: 2011-11-09 08:28:16.981
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070003
Popis chyby:Systém nemůže nalézt uvedenou cestu.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

CodeIntegrity:
===================================

Date: 2018-05-21 06:26:44.826
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-21 06:26:44.795
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-21 06:26:44.748
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-21 06:26:44.717
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-09 09:25:44.410
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-09 09:25:44.379
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-20 08:47:24.695
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-20 08:47:24.648
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Phoenix Technologies Ltd. 11JB.M044.20100622.hkk 06/22/2010
Motherboard: SAMSUNG ELECTRONICS CO., LTD. R580/R590
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 52%
Total physical RAM: 8052.55 MB
Available physical RAM: 3854.2 MB
Total Virtual: 8050.76 MB
Available Virtual: 3961.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.29 GB) (Free:126.42 GB) NTFS
Drive d: () (Fixed) (Total:234.37 GB) (Free:132.8 GB) NTFS

\\?\Volume{43b8cfe9-ee8e-11df-8afd-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 102B30C5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=234.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Diallix]

Aj Vam dobre.

EEste poprosim ADDIION log.

[ketez67]

Nečekal jsem tak rychlou odpověď a prosím kdy se vyspíte když poslední odpověď jsem dostal 9 minut po půlnoci.

[ketez67]

Dobrý den
Může prosím zkontrolovat někdo zde vložené logy?
Děkuji.

[Diallix]

ospravedlnujem sa za prodlevu, ale boli sme s tymom na srazu. Idem hned na to.

[Diallix]

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Windows\system32\GWX\GWXUXWorker.exe
VirusTotal: C:\Windows\ehome\ehrec.exe
VirusTotal: C:\Windows\System32\DRIVERS\yk62x64.sys

Task: {27A4B80C-3D8D-4865-99AD-101534954926} - System32\Tasks\{0407E803-76F7-4B6B-B1F7-A065DCF84669} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {2DFF33BC-D5D2-4345-86F8-33E23C2D8249} - System32\Tasks\{04AEA7DD-F340-4453-B73D-FF5875A57665} => C:\Windows\system32\pcalua.exe -a D:\Download\ASIO4ALL_2_14_English.exe -d C:\Windows\system32
Task: {36A3DED6-3980-41EA-A5A3-EFB2EFBE6C2F} - System32\Tasks\{63201410-00D8-4996-8B4E-677263081932} => C:\Windows\system32\pcalua.exe -a
Task: {460806BD-0EAF-43AF-8385-463DD80D1A18} - System32\Tasks\{E86346F3-69BD-410A-B020-51DCABB6A1FF} => C:\Windows\system32\pcalua.exe -a "C:\Users\Pater\Downloads\flash player\Flash_Player_ Pro_ 3.3_cz.exe" -d "C:\Users\Pater\Downloads\flash player"
Task: {4B670703-9E86-47A0-8D79-31097B88615D} - System32\Tasks\{D6F31515-FFFD-4240-A391-13258B8DEB92} => C:\Windows\system32\pcalua.exe -a "C:\Users\Pater\Downloads\Teleport-Pro-1.61-serial+ÄŤeština\Teleport Pro 1.61\Teleport Pro 1.61 čeština.exe" -d "C:\Users\Pater\Downloads\Teleport-Pro-1.61-serial+ÄŤeština\Teleport Pro 1.61"
ask: {56B088B6-7E58-4592-8022-2C5B502A3935} - System32\Tasks\{CA2C8FC7-3F70-4BEE-AD99-B16CAC8D131B} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Desktop\wireles\SETUP.EXE -d C:\Windows\system32
Task: {6C4A1CCE-E56D-4180-9D89-2ABDF7456A28} - System32\Tasks\{CE71F676-6F2F-4677-BCD7-3CC0DBCB4CC2} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\VobSub_2.23.exe -d C:\Windows\system32
Task: {6EDBD970-76A6-4B6B-AAC1-DF7F35C08D4A} - System32\Tasks\{5A8D31DF-27C6-4EF2-9A0E-4DA73CF3F873} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\VirtualDub-1.9.11\auxsetup.exe -d C:\Windows\system32
Task: {7D5653F6-64FD-4994-B3D5-3FFACD8AA34B} - System32\Tasks\{0293E401-1ED0-4132-B5EB-89555CEBA68C} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\ASAPI.exe -d C:\Windows\system32
Task: {80F2BDC5-BEC5-4C39-BF28-B1D3F4EE6095} - System32\Tasks\{5B09F6AC-6097-4DC5-ACAE-50B20D6E3044} => C:\Windows\system32\pcalua.exe -a "D:\Download\4_SK_CadDecor-2.1_slovenská-instalace\4_SK_CadDecor 2.1_slovenská instalace\InstallMain.exe" -d C:\Windows\system32
Task: {885BFF30-F079-49E1-9307-71C4DFF29E96} - System32\Tasks\{92C29358-9281-4715-8A45-EDF885602A30} => C:\Windows\system32\pcalua.exe -a C:\Windows\SysWOW64\PCWizard.cpl -c PC Wizard System Analyzer
Task: {A82F29FA-7537-452F-95EE-163DF0469823} - System32\Tasks\{70FAF583-C36B-4B8B-AB67-6E4E2B340CEA} => C:\Windows\system32\pcalua.exe -a D:\Prace\Programy\flashmx2004-en\cestina\sqpFlashMX2004v72cz.exe -d D:\Prace\Programy\flashmx2004-en\cestina
Task: {BDD2FD8F-9DE5-4AB7-9B53-EAF54BE261BF} - System32\Tasks\{57A60DD5-B19C-4C72-8435-0428E8597E17} => C:\Windows\system32\pcalua.exe -a E:\start.exe -d E:\
Task: {BE66A561-A1A3-40B1-9853-7206D29FD822} - System32\Tasks\{3FA0D145-3B67-41E4-949B-C89D13999371} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe" -d C:\Windows\system32 -c /SetAsDefaultAppUser Mail
Task: {C4A3248A-0EE5-424B-A016-8CF63B23765A} - System32\Tasks\{F07DCF49-D024-43FE-A75D-F8CC10F40C5F} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\wmp11-windowsxp-x86-CS-CZ.exe -d C:\Users\Pater\Downloads
Task: {C548D138-F67B-4822-95B4-D9C02C0B7E10} - System32\Tasks\{AD33B034-7975-4FD5-AEE8-1BF8BB348839} => C:\Windows\system32\pcalua.exe -a D:\Download\SecurityTaskManager_Setup.exe -d D:\Download
Task: {C581EA69-A742-4225-B969-95AEB67BA727} - System32\Tasks\{7F69C643-9C9C-4E5E-AA07-D8792C10A08A} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Desktop\winsdk_web.exe -d C:\Users\Pater\Desktop
Task: {CC6C36A9-7215-42E3-9F10-7064FFCA1AD6} - System32\Tasks\{4BCFA9AC-0A69-4D52-A829-A51287636213} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Desktop\wireles\VisualSniffer20\VisualSniffer20\SETUP.EXE -d C:\Windows\system32
Task: {F4145A1B-6D5A-4C21-B48C-9E71F0EDDD73} - System32\Tasks\{C59B1CC6-F566-4093-AA64-69A86DA22884} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\burrrn_package.exe -d C:\Windows\system32
Task: {FB1BBD44-0B07-4FD2-A442-07903C2CF0B2} - System32\Tasks\{7713AD1D-AB1C-44B4-BA53-481CB6A17EF2} => C:\Windows\system32\pcalua.exe -a "C:\Users\Pater\Downloads\Teleport-Pro-1.61-serial+ÄŤeština\Teleport Pro 1.61\Teleport Pro 1.61 čeština.exe" -d "C:\Users\Pater\Downloads\Teleport-Pro-1.61-serial+ÄŤeština\Teleport Pro 1.61"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 NPEService; "D:\Download\NPE.exe" /service [X]
U3 afr1xu8h; no ImagePath
U3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{104846AB-42B1-4E38-A80D-136F78C3F258}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{14074E0B-7216-4862-96E6-53CADA442A56}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{18907F3B-9AFB-4F87-B764-F9A4E16A21B8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{1A8766A0-62CE-11CF-A5D6-28DB04C10000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{3D154A2D-D911-437E-A30C-5F56A9B7081D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} -> [] => 0
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{48C6BE7C-3871-43CC-B46F-1449A1BB2FF3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{5BB4BE4A-09B3-4689-BB4B-6F33E1E82797}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{725F645B-EAED-4FC5-B1C5-D9AD0ACCBA5E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{7EFC002A-071F-4CE7-B265-F4B4263D2FD2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{896664F7-12E1-490F-8782-C0835AFD98FC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{934D4698-6A59-48F8-9F29-9FB30670320E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{9DBD2C50-62AD-11D0-B806-00C04FD706EC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{EFB23A09-A867-4BE8-83A6-86969A7D0856}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} [26]
AlternateDataStreams: C:\ProgramData\TEMP:15B79D44 [133]
AlternateDataStreams: C:\ProgramData\TEMP:408F95E5 [126]
AlternateDataStreams: C:\ProgramData\TEMP:A4F602C6 [148]
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\exefile: <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.exe: => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.cmd: cmdfile => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\comfile: <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.com: ComFile => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.scr: => <==== ATTENTION
Task: {66667948-F5C1-4198-8432-73937FD08307} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2045832 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

[ketez67]

Dobrý den
Textový soubor jsem uložil do složky kde je uložený rsit který jsem následně spustil. Žádné oznámení o vložení souboru fixlist.txt neproběhlo a ani nedošlo k restartu pc. Otevřel se soubor txt. Protože nedošlo k restartu a ni jsem žádný fix nezadal zkusil jsem to ještě jednou a zase se objevil jen txt soubor který tady přikládám, ale nevím jestli je to ten co jste očekával.


Logfile of random's system information tool 1.10 (written by random/random)
Run by Pater at 2019-09-09 06:00:06
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 130 GB (55%) free of 237 GB
Total RAM: 8053 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:00:19, on 9.9.2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\PSPad editor\PSPad.exe
C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.71\opera_crashreporter.exe
C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe
C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe
C:\Program Files\trend micro\Pater.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files (x86)\Offline Explorer\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files (x86)\Offline Explorer\Add_AllO.htm
O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\ASDownloadAll.htm
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N16 Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6150 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Microsoft LifeCam\MSCamS64.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
"C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE"
C:\Windows\System32\mobsync.exe -Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
taskeng.exe {45577D21-B59C-4DFD-B455-D1A3B2627160}
"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
"C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe" "--AUTO_START" "--start" "--address" "127.0.0.1" "--port" "49330" "--depend_on_key" "SYSTEM\CurrentControlSet\Services\ESRV_SVC_WILLAMETTE" "--depend_on_value" "run" "--time_in_ms" "--pause" "5000" "--library" "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll" "--no_pl" "--watchdog" "10" "--watchdog_cpu_usage_limit" "50" "--end_on_error" "--kernel_priority_boost" "--shutdown_priority_boost" "--device_options" " time=no output=w output_folder='C:\ProgramData\Intel\SUR\WILLAMETTE\IntelData' limit_output_by=time output_limit=3600000 output_buffer=1024 il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll','process_input_options.txt' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll','service=yes' il='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll','pause=60000 working_dir=C:\ProgramData\Intel\SUR\WILLAMETTE\IntelData override_existing_tracing=no limit_output_by_filesize_mb=10' os='C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\os_counters.txt' "
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe" -servicelaunch=true
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\PSPad editor\PSPad.exe" "C:\rsit\log.txt"
"C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe" --ran-launcher --started-from-shortcut
"C:\Program Files (x86)\Opera\63.0.3368.71\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Pater\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Pater\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=63.0.3368.71 --initial-client-data=0x27c,0x280,0x284,0x278,0x288,0x6572e498,0x6572e4a8,0x6572e4b4
"C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe" --type=gpu-process --field-trial-handle=1688,1596729012686474006,15054905731365134358,131072 --disable-features=SharedArrayBuffer --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=5591082206732954946 --mojo-platform-channel-handle=1704 --ignored=" --type=renderer " /prefetch:2
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe" --type=renderer --field-trial-handle=1688,1596729012686474006,15054905731365134358,131072 --disable-features=SharedArrayBuffer --lang=cs --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14255952144807546688 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
"C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe" --type=renderer --field-trial-handle=1688,1596729012686474006,15054905731365134358,131072 --disable-features=SharedArrayBuffer --lang=cs --extension-process --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6454830145278484474 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2788 /prefetch:1
"C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe" --type=renderer --field-trial-handle=1688,1596729012686474006,15054905731365134358,131072 --disable-features=SharedArrayBuffer --lang=cs --extension-process --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7220034729389131064 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:1
"C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe" --type=renderer --field-trial-handle=1688,1596729012686474006,15054905731365134358,131072 --disable-features=SharedArrayBuffer --lang=cs --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5486877558344259337 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
"C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe" --type=renderer --field-trial-handle=1688,1596729012686474006,15054905731365134358,131072 --disable-features=SharedArrayBuffer --lang=cs --extension-process --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3057250141932107222 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe" --type=renderer --field-trial-handle=1688,1596729012686474006,15054905731365134358,131072 --disable-features=SharedArrayBuffer --lang=cs --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7815925173275419157 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe" --type=renderer --field-trial-handle=1688,1596729012686474006,15054905731365134358,131072 --disable-features=SharedArrayBuffer --lang=cs --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17917042645452642696 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
"C:\Program Files (x86)\Opera\63.0.3368.71\opera.exe" --type=renderer --field-trial-handle=1688,1596729012686474006,15054905731365134358,131072 --disable-features=SharedArrayBuffer --lang=cs --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-test:DNA-70598 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16421016129944427148 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
"C:\Users\Pater\Desktop\Rsit\RSITx64.exe"
C:\Windows\system32\wbem\WmiApSrv.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MFNetworkScanUtility"=C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [2012-09-27 486552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe /MONITOR []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe -update pepperplugin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFNetworkScanUtility]
C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [2012-09-27 486552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Pater\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Pater\AppData\Roaming\Spotify\SpotifyWebHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spy Protector]
C:\Program Files (x86)\Security Task Manager\SpyProtector.exe [2015-01-20 143696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2016-09-20 2858272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04 597552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
C:\PROGRA~2\D-Link\DWA-171\WIRELE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pater^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skype.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pater^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~2\MICROS~1\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2010-11-20 115200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=1
"NoDrives"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"aux1"=wdmaud.drv
"aux2"=wdmaud.drv
"aux3"=wdmaud.drv
"aux4"=wdmaud.drv
"aux6"=wdmaud.drv
"aux5"=wdmaud.drv
"aux7"=wdmaud.drv
"aux8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - C:\PROGRA~2\PSPADE~1\PSPad.exe "%1"

======List of files/folders created in the last 1 month======

2019-09-06 06:00:06 ----D---- C:\FRST
2019-09-05 19:19:30 ----A---- C:\Windows\system32\drivers\mbam.sys
2019-09-05 19:19:21 ----A---- C:\Windows\system32\drivers\farflt.sys
2019-09-05 19:19:20 ----A---- C:\Windows\system32\drivers\mwac.sys
2019-09-05 18:30:45 ----A---- C:\Windows\system32\drivers\MbamChameleon.sys
2019-09-05 18:29:30 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2019-09-05 18:27:38 ----A---- C:\Windows\system32\drivers\mbae64.sys
2019-09-05 16:48:24 ----D---- C:\rsit
2019-09-05 15:51:29 ----D---- C:\ProgramData\Malwarebytes
2019-09-05 15:48:40 ----D---- C:\ProgramData\MB3Install
2019-09-05 07:36:46 ----D---- C:\Program Files\MAXON
2019-09-05 07:33:54 ----D---- C:\Users\Pater\AppData\Roaming\MAXON
2019-08-14 07:59:19 ----D---- C:\Users\Pater\AppData\Roaming\Room Arranger
2019-08-14 07:59:08 ----D---- C:\ProgramData\Room Arranger
2019-08-14 07:59:00 ----D---- C:\Program Files (x86)\Room Arranger

======List of files/folders modified in the last 1 month======

2019-09-09 06:00:10 ----D---- C:\Program Files\trend micro
2019-09-09 05:59:30 ----D---- C:\Windows\temp
2019-09-09 05:56:53 ----D---- C:\Windows\Prefetch
2019-09-09 05:36:18 ----A---- C:\Windows\ntbtlog.txt
2019-09-08 11:05:43 ----D---- C:\Users\Pater\AppData\Roaming\foobar2000
2019-09-08 09:24:26 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2019-09-08 09:24:24 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-08 09:01:18 ----D---- C:\Program Files (x86)\Opera
2019-09-08 09:01:16 ----D---- C:\Windows\system32\Tasks
2019-09-08 08:57:03 ----D---- C:\Windows\system32\drivers
2019-09-08 08:56:27 ----SHD---- C:\Windows\Installer
2019-09-08 08:56:26 ----D---- C:\Config.Msi
2019-09-08 08:56:18 ----SHD---- C:\System Volume Information
2019-09-06 14:04:25 ----D---- C:\Users\Pater\AppData\Roaming\TIDAL
2019-09-05 21:06:58 ----D---- C:\Windows\system32\config
2019-09-05 19:15:44 ----D---- C:\Windows\system32\catroot
2019-09-05 18:29:26 ----D---- C:\ProgramData
2019-09-05 18:27:53 ----AD---- C:\Windows
2019-09-05 18:27:18 ----RD---- C:\Program Files (x86)
2019-09-05 18:27:17 ----D---- C:\Windows\SYSWOW64\drivers
2019-09-05 08:40:40 ----D---- C:\Windows\Tasks
2019-09-05 08:40:36 ----D---- C:\Users\Pater\AppData\Roaming\Samsung
2019-09-05 07:40:12 ----D---- C:\Program Files (x86)\Common Files
2019-09-05 07:39:48 ----AD---- C:\Windows\System32
2019-09-05 07:39:41 ----D---- C:\ProgramData\Package Cache
2019-09-05 07:36:46 ----RD---- C:\Program Files
2019-08-26 12:33:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2019-08-26 12:33:06 ----D---- C:\Windows\inf
2019-08-24 14:13:25 ----D---- C:\Windows\SysWOW64
2019-08-24 03:38:20 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2019-08-24 03:38:17 ----D---- C:\Windows\system32\Macromed
2019-08-24 03:38:16 ----D---- C:\Windows\SYSWOW64\Macromed
2019-08-19 06:46:59 ----D---- C:\ProgramData\PMS
2019-08-15 05:45:41 ----D---- C:\Program Files (x86)\Ulozto File Manager

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [2019-09-05 275232]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 RapportHades64;RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [2016-10-06 235184]
R0 RapportKE64;RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [2016-10-06 489712]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-03-22 564824]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\Windows\system32\drivers\mbae64.sys [2019-01-08 153328]
R1 RapportCerberus_1609053;RapportCerberus_1609053; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [2016-10-12 1181672]
R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2016-10-06 566248]
R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2016-10-06 547888]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [2019-09-05 199768]
R3 bbcap;bb_capture_driver; C:\Windows\system32\DRIVERS\bbcap.sys [2011-02-04 4608]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-02-20 184360]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2012-02-20 211496]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-02-20 39976]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-02-20 21544]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-10-23 4187664]
R3 MBAMFarflt;MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [2019-09-05 224408]
R3 MBAMProtection;MBAMProtection; \??\C:\Windows\system32\DRIVERS\mbam.sys [2019-09-08 73584]
R3 MBAMWebProtection;MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [2019-09-05 106344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-03-03 174184]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 semav6msr64;semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [2016-03-09 21984]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athwx.sys [2014-03-31 2157768]
S3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2012-09-18 3752448]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2012-02-20 615976]
S3 BTWDPAN;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\btwdpan.sys [2011-08-25 89640]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz134;cpuz134; \??\C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
S3 cpuz137;cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [2014-02-17 26856]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-09-02 66840]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-09-02 60696]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2010-08-24 41040]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver; C:\Windows\System32\Drivers\nx6000.sys [2010-12-13 36720]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver; C:\Windows\system32\DRIVERS\PcaSp60.sys [2010-05-19 38912]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2016-12-21 40240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2012-03-02 244224]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2010-11-13 34032]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 tmbulk;Thrustmaster Series Bulk Driver (tmbulk); C:\Windows\System32\Drivers\tmbulk.sys [2014-06-20 129264]
S3 tmhidusb;Thrustmaster HID USB Driver; C:\Windows\system32\DRIVERS\tmhidusb.sys [2018-12-18 340480]
S3 tmwbulk;Thrustmaster Series Bulk Driver (tmwbulk); C:\Windows\System32\Drivers\tmwbulk.sys [2018-12-18 290816]
S3 trufos;trufos; C:\Windows\system32\drivers\trufos.sys [2017-09-06 485512]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2019-07-24 88136]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2016-03-09 416408]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2019-06-26 6744288]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS64.exe [2010-12-13 194416]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2016-10-06 2387952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-01-22 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-13 1255736]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2012-10-16 72704]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2019-08-24 335416]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2012-02-19 945440]
S4 CISVC;@%systemroot%\system32\CISVC.EXE,-1; C:\Windows\system32\CISVC.EXE [2009-07-14 19456]
S4 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\elevation_service.exe [2019-02-06 1271280]
S4 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2011-04-25 69632]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2019-09-08 176160]
S4 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NPEService;NPEService; D:\Download\NPE.exe /service []
S4 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-08-30 920864]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-09-05 1364256]
S4 PCLEPCI;PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [2005-02-09 14165]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 PS3 Media Server;PS3 Media Server; C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2012-11-27 384280]
S4 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
S4 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-09-21 4088608]
S4 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-11-24 235984]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-09-20 1466144]
S4 SystemUsageReportSvc_WILLAMETTE;Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [2016-03-09 118424]
S4 tmInstall;Thrustmaster® Device Driver Installer; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [2018-12-18 130048]
S4 USER_ESRV_SVC_WILLAMETTE;User Energy Server Service WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [2016-03-09 416408]

-----------------EOF-----------------

[Diallix]

Treba ho ulozit tam, kde mate FRST, nie RSIT :]]. Skuste to v klude este raz.

[ketez67]

Dobrý den
tak se povedlo a zde je log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-09-2019
Ran by Pater (09-09-2019 21:05:47) Run:1
Running from C:\Users\Pater\Desktop\byt\Koty spotrebicu
Loaded Profiles: Pater (Available Profiles: Pater)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Windows\system32\GWX\GWXUXWorker.exe
VirusTotal: C:\Windows\ehome\ehrec.exe
VirusTotal: C:\Windows\System32\DRIVERS\yk62x64.sys

Task: {27A4B80C-3D8D-4865-99AD-101534954926} - System32\Tasks\{0407E803-76F7-4B6B-B1F7-A065DCF84669} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {2DFF33BC-D5D2-4345-86F8-33E23C2D8249} - System32\Tasks\{04AEA7DD-F340-4453-B73D-FF5875A57665} => C:\Windows\system32\pcalua.exe -a D:\Download\ASIO4ALL_2_14_English.exe -d C:\Windows\system32
Task: {36A3DED6-3980-41EA-A5A3-EFB2EFBE6C2F} - System32\Tasks\{63201410-00D8-4996-8B4E-677263081932} => C:\Windows\system32\pcalua.exe -a
Task: {460806BD-0EAF-43AF-8385-463DD80D1A18} - System32\Tasks\{E86346F3-69BD-410A-B020-51DCABB6A1FF} => C:\Windows\system32\pcalua.exe -a "C:\Users\Pater\Downloads\flash player\Flash_Player_ Pro_ 3.3_cz.exe" -d "C:\Users\Pater\Downloads\flash player"
Task: {4B670703-9E86-47A0-8D79-31097B88615D} - System32\Tasks\{D6F31515-FFFD-4240-A391-13258B8DEB92} => C:\Windows\system32\pcalua.exe -a "C:\Users\Pater\Downloads\Teleport-Pro-1.61-serial+čeština\Teleport Pro 1.61\Teleport Pro 1.61 �e�tina.exe" -d "C:\Users\Pater\Downloads\Teleport-Pro-1.61-serial+čeština\Teleport Pro 1.61"
ask: {56B088B6-7E58-4592-8022-2C5B502A3935} - System32\Tasks\{CA2C8FC7-3F70-4BEE-AD99-B16CAC8D131B} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Desktop\wireles\SETUP.EXE -d C:\Windows\system32
Task: {6C4A1CCE-E56D-4180-9D89-2ABDF7456A28} - System32\Tasks\{CE71F676-6F2F-4677-BCD7-3CC0DBCB4CC2} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\VobSub_2.23.exe -d C:\Windows\system32
Task: {6EDBD970-76A6-4B6B-AAC1-DF7F35C08D4A} - System32\Tasks\{5A8D31DF-27C6-4EF2-9A0E-4DA73CF3F873} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\VirtualDub-1.9.11\auxsetup.exe -d C:\Windows\system32
Task: {7D5653F6-64FD-4994-B3D5-3FFACD8AA34B} - System32\Tasks\{0293E401-1ED0-4132-B5EB-89555CEBA68C} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\ASAPI.exe -d C:\Windows\system32
Task: {80F2BDC5-BEC5-4C39-BF28-B1D3F4EE6095} - System32\Tasks\{5B09F6AC-6097-4DC5-ACAE-50B20D6E3044} => C:\Windows\system32\pcalua.exe -a "D:\Download\4_SK_CadDecor-2.1_slovensk�-instalace\4_SK_CadDecor 2.1_slovensk� instalace\InstallMain.exe" -d C:\Windows\system32
Task: {885BFF30-F079-49E1-9307-71C4DFF29E96} - System32\Tasks\{92C29358-9281-4715-8A45-EDF885602A30} => C:\Windows\system32\pcalua.exe -a C:\Windows\SysWOW64\PCWizard.cpl -c PC Wizard System Analyzer
Task: {A82F29FA-7537-452F-95EE-163DF0469823} - System32\Tasks\{70FAF583-C36B-4B8B-AB67-6E4E2B340CEA} => C:\Windows\system32\pcalua.exe -a D:\Prace\Programy\flashmx2004-en\cestina\sqpFlashMX2004v72cz.exe -d D:\Prace\Programy\flashmx2004-en\cestina
Task: {BDD2FD8F-9DE5-4AB7-9B53-EAF54BE261BF} - System32\Tasks\{57A60DD5-B19C-4C72-8435-0428E8597E17} => C:\Windows\system32\pcalua.exe -a E:\start.exe -d E:\
Task: {BE66A561-A1A3-40B1-9853-7206D29FD822} - System32\Tasks\{3FA0D145-3B67-41E4-949B-C89D13999371} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe" -d C:\Windows\system32 -c /SetAsDefaultAppUser Mail
Task: {C4A3248A-0EE5-424B-A016-8CF63B23765A} - System32\Tasks\{F07DCF49-D024-43FE-A75D-F8CC10F40C5F} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\wmp11-windowsxp-x86-CS-CZ.exe -d C:\Users\Pater\Downloads
Task: {C548D138-F67B-4822-95B4-D9C02C0B7E10} - System32\Tasks\{AD33B034-7975-4FD5-AEE8-1BF8BB348839} => C:\Windows\system32\pcalua.exe -a D:\Download\SecurityTaskManager_Setup.exe -d D:\Download
Task: {C581EA69-A742-4225-B969-95AEB67BA727} - System32\Tasks\{7F69C643-9C9C-4E5E-AA07-D8792C10A08A} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Desktop\winsdk_web.exe -d C:\Users\Pater\Desktop
Task: {CC6C36A9-7215-42E3-9F10-7064FFCA1AD6} - System32\Tasks\{4BCFA9AC-0A69-4D52-A829-A51287636213} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Desktop\wireles\VisualSniffer20\VisualSniffer20\SETUP.EXE -d C:\Windows\system32
Task: {F4145A1B-6D5A-4C21-B48C-9E71F0EDDD73} - System32\Tasks\{C59B1CC6-F566-4093-AA64-69A86DA22884} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Downloads\burrrn_package.exe -d C:\Windows\system32
Task: {FB1BBD44-0B07-4FD2-A442-07903C2CF0B2} - System32\Tasks\{7713AD1D-AB1C-44B4-BA53-481CB6A17EF2} => C:\Windows\system32\pcalua.exe -a "C:\Users\Pater\Downloads\Teleport-Pro-1.61-serial+čeština\Teleport Pro 1.61\Teleport Pro 1.61 �e�tina.exe" -d "C:\Users\Pater\Downloads\Teleport-Pro-1.61-serial+čeština\Teleport Pro 1.61"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 NPEService; "D:\Download\NPE.exe" /service [X]
U3 afr1xu8h; no ImagePath
U3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{104846AB-42B1-4E38-A80D-136F78C3F258}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{14074E0B-7216-4862-96E6-53CADA442A56}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{18907F3B-9AFB-4F87-B764-F9A4E16A21B8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{1A8766A0-62CE-11CF-A5D6-28DB04C10000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{3D154A2D-D911-437E-A30C-5F56A9B7081D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} -> [] => 0
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{48C6BE7C-3871-43CC-B46F-1449A1BB2FF3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{5BB4BE4A-09B3-4689-BB4B-6F33E1E82797}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{725F645B-EAED-4FC5-B1C5-D9AD0ACCBA5E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{7EFC002A-071F-4CE7-B265-F4B4263D2FD2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{896664F7-12E1-490F-8782-C0835AFD98FC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{934D4698-6A59-48F8-9F29-9FB30670320E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{9DBD2C50-62AD-11D0-B806-00C04FD706EC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{EFB23A09-A867-4BE8-83A6-86969A7D0856}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no filepath
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} [26]
AlternateDataStreams: C:\ProgramData\TEMP:15B79D44 [133]
AlternateDataStreams: C:\ProgramData\TEMP:408F95E5 [126]
AlternateDataStreams: C:\ProgramData\TEMP:A4F602C6 [148]
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\exefile: <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.exe: => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.cmd: cmdfile => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\comfile: <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.com: ComFile => <==== ATTENTION
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.scr: => <==== ATTENTION
Task: {66667948-F5C1-4198-8432-73937FD08307} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2045832 2019-08-20] (AVAST Software s.r.o. -> AVAST Software)

EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"VirusTotal: C:\Windows\system32\GWX\GWXUXWorker.exe" => not found
"VirusTotal: C:\Windows\ehome\ehrec.exe" => not found
VirusTotal: C:\Windows\System32\DRIVERS\yk62x64.sys => https://www.virustotal.com/file/ff33b51 ... 519746983/
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27A4B80C-3D8D-4865-99AD-101534954926}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27A4B80C-3D8D-4865-99AD-101534954926}" => removed successfully
C:\Windows\System32\Tasks\{0407E803-76F7-4B6B-B1F7-A065DCF84669} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0407E803-76F7-4B6B-B1F7-A065DCF84669}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DFF33BC-D5D2-4345-86F8-33E23C2D8249}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DFF33BC-D5D2-4345-86F8-33E23C2D8249}" => removed successfully
C:\Windows\System32\Tasks\{04AEA7DD-F340-4453-B73D-FF5875A57665} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{04AEA7DD-F340-4453-B73D-FF5875A57665}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36A3DED6-3980-41EA-A5A3-EFB2EFBE6C2F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36A3DED6-3980-41EA-A5A3-EFB2EFBE6C2F}" => removed successfully
C:\Windows\System32\Tasks\{63201410-00D8-4996-8B4E-677263081932} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{63201410-00D8-4996-8B4E-677263081932}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{460806BD-0EAF-43AF-8385-463DD80D1A18}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{460806BD-0EAF-43AF-8385-463DD80D1A18}" => removed successfully
C:\Windows\System32\Tasks\{E86346F3-69BD-410A-B020-51DCABB6A1FF} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E86346F3-69BD-410A-B020-51DCABB6A1FF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B670703-9E86-47A0-8D79-31097B88615D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B670703-9E86-47A0-8D79-31097B88615D}" => removed successfully
C:\Windows\System32\Tasks\{D6F31515-FFFD-4240-A391-13258B8DEB92} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D6F31515-FFFD-4240-A391-13258B8DEB92}" => removed successfully
ask: {56B088B6-7E58-4592-8022-2C5B502A3935} - System32\Tasks\{CA2C8FC7-3F70-4BEE-AD99-B16CAC8D131B} => C:\Windows\system32\pcalua.exe -a C:\Users\Pater\Desktop\wireles\SETUP.EXE -d C:\Windows\system32 => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C4A1CCE-E56D-4180-9D89-2ABDF7456A28}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C4A1CCE-E56D-4180-9D89-2ABDF7456A28}" => removed successfully
C:\Windows\System32\Tasks\{CE71F676-6F2F-4677-BCD7-3CC0DBCB4CC2} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CE71F676-6F2F-4677-BCD7-3CC0DBCB4CC2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EDBD970-76A6-4B6B-AAC1-DF7F35C08D4A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EDBD970-76A6-4B6B-AAC1-DF7F35C08D4A}" => removed successfully
C:\Windows\System32\Tasks\{5A8D31DF-27C6-4EF2-9A0E-4DA73CF3F873} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5A8D31DF-27C6-4EF2-9A0E-4DA73CF3F873}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D5653F6-64FD-4994-B3D5-3FFACD8AA34B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D5653F6-64FD-4994-B3D5-3FFACD8AA34B}" => removed successfully
C:\Windows\System32\Tasks\{0293E401-1ED0-4132-B5EB-89555CEBA68C} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0293E401-1ED0-4132-B5EB-89555CEBA68C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80F2BDC5-BEC5-4C39-BF28-B1D3F4EE6095}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80F2BDC5-BEC5-4C39-BF28-B1D3F4EE6095}" => removed successfully
C:\Windows\System32\Tasks\{5B09F6AC-6097-4DC5-ACAE-50B20D6E3044} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5B09F6AC-6097-4DC5-ACAE-50B20D6E3044}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{885BFF30-F079-49E1-9307-71C4DFF29E96}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{885BFF30-F079-49E1-9307-71C4DFF29E96}" => removed successfully
C:\Windows\System32\Tasks\{92C29358-9281-4715-8A45-EDF885602A30} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{92C29358-9281-4715-8A45-EDF885602A30}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A82F29FA-7537-452F-95EE-163DF0469823}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A82F29FA-7537-452F-95EE-163DF0469823}" => removed successfully
C:\Windows\System32\Tasks\{70FAF583-C36B-4B8B-AB67-6E4E2B340CEA} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{70FAF583-C36B-4B8B-AB67-6E4E2B340CEA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDD2FD8F-9DE5-4AB7-9B53-EAF54BE261BF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDD2FD8F-9DE5-4AB7-9B53-EAF54BE261BF}" => removed successfully
C:\Windows\System32\Tasks\{57A60DD5-B19C-4C72-8435-0428E8597E17} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{57A60DD5-B19C-4C72-8435-0428E8597E17}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE66A561-A1A3-40B1-9853-7206D29FD822}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE66A561-A1A3-40B1-9853-7206D29FD822}" => removed successfully
C:\Windows\System32\Tasks\{3FA0D145-3B67-41E4-949B-C89D13999371} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3FA0D145-3B67-41E4-949B-C89D13999371}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4A3248A-0EE5-424B-A016-8CF63B23765A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4A3248A-0EE5-424B-A016-8CF63B23765A}" => removed successfully
C:\Windows\System32\Tasks\{F07DCF49-D024-43FE-A75D-F8CC10F40C5F} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F07DCF49-D024-43FE-A75D-F8CC10F40C5F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C548D138-F67B-4822-95B4-D9C02C0B7E10}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C548D138-F67B-4822-95B4-D9C02C0B7E10}" => removed successfully
C:\Windows\System32\Tasks\{AD33B034-7975-4FD5-AEE8-1BF8BB348839} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD33B034-7975-4FD5-AEE8-1BF8BB348839}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C581EA69-A742-4225-B969-95AEB67BA727}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C581EA69-A742-4225-B969-95AEB67BA727}" => removed successfully
C:\Windows\System32\Tasks\{7F69C643-9C9C-4E5E-AA07-D8792C10A08A} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F69C643-9C9C-4E5E-AA07-D8792C10A08A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC6C36A9-7215-42E3-9F10-7064FFCA1AD6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC6C36A9-7215-42E3-9F10-7064FFCA1AD6}" => removed successfully
C:\Windows\System32\Tasks\{4BCFA9AC-0A69-4D52-A829-A51287636213} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4BCFA9AC-0A69-4D52-A829-A51287636213}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4145A1B-6D5A-4C21-B48C-9E71F0EDDD73}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4145A1B-6D5A-4C21-B48C-9E71F0EDDD73}" => removed successfully
C:\Windows\System32\Tasks\{C59B1CC6-F566-4093-AA64-69A86DA22884} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C59B1CC6-F566-4093-AA64-69A86DA22884}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB1BBD44-0B07-4FD2-A442-07903C2CF0B2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB1BBD44-0B07-4FD2-A442-07903C2CF0B2}" => removed successfully
C:\Windows\System32\Tasks\{7713AD1D-AB1C-44B4-BA53-481CB6A17EF2} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7713AD1D-AB1C-44B4-BA53-481CB6A17EF2}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => removed successfully
HKLM\System\CurrentControlSet\Services\gupdate => removed successfully
gupdate => service removed successfully
HKLM\System\CurrentControlSet\Services\gupdatem => removed successfully
gupdatem => service removed successfully
HKLM\System\CurrentControlSet\Services\NPEService => removed successfully
NPEService => service removed successfully
afr1xu8h => service not found.
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => removed successfully
catchme => service removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{104846AB-42B1-4E38-A80D-136F78C3F258} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{14074E0B-7216-4862-96E6-53CADA442A56} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{18907F3B-9AFB-4F87-B764-F9A4E16A21B8} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{1A8766A0-62CE-11CF-A5D6-28DB04C10000} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{3D154A2D-D911-437E-A30C-5F56A9B7081D} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{48C6BE7C-3871-43CC-B46F-1449A1BB2FF3} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{5BB4BE4A-09B3-4689-BB4B-6F33E1E82797} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{725F645B-EAED-4FC5-B1C5-D9AD0ACCBA5E} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{7EFC002A-071F-4CE7-B265-F4B4263D2FD2} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{896664F7-12E1-490F-8782-C0835AFD98FC} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{934D4698-6A59-48F8-9F29-9FB30670320E} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{9DBD2C50-62AD-11D0-B806-00C04FD706EC} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{EFB23A09-A867-4BE8-83A6-86969A7D0856} => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
C:\Windows\System32 => ":{4B9A1497-0817-47C4-9612-D6A1C53ACF57}" ADS removed successfully
C:\ProgramData\TEMP => ":15B79D44" ADS removed successfully
C:\ProgramData\TEMP => ":408F95E5" ADS removed successfully
C:\ProgramData\TEMP => ":A4F602C6" ADS removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\exefile => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.exe => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.reg => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.bat => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.cmd => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\comfile => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.com => removed successfully
HKU\S-1-5-21-4213455190-1121324071-2762663974-1000\Software\Classes\.scr => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{66667948-F5C1-4198-8432-73937FD08307}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66667948-F5C1-4198-8432-73937FD08307}" => removed successfully
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49515222 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 4432179 B
Edge => 0 B
Chrome => 93085576 B
Firefox => 0 B
Opera => 174549138 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 269887 B
LocalService => 33125 B
NetworkService => 33125 B
Pater => 96446110 B

RecycleBin => 146628017 B
EmptyTemp: => 546.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:06:32 ====